Tech Support Forum - View Single Post

Niazcro · 06-26-2007, 02:01 PM

Deckard's System Scanner v20070611.50
Run by Teka on 2007-06-26 at 21:58:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Teka.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:58:43, on 26.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Teka\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Teka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tportal.hr/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: T-Com - {640D51F7-EA3D-4F9A-A3A2-F803112C2C74} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tportal.hr/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6F78B7-0E69-40CF-80E6-86A10019C6AC}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsrpp - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

-- Files created between 2007-05-26 and 2007-06-26 -----------------------------

2007-06-26 20:23:50 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-26 20:23:47 0 d-------- C:\WINDOWS\LastGood
2007-06-26 19:48:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-06-24 13:18:38 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-06-23 13:32:06 0 dr-h----- C:\Documents and Settings\Teka\Application Data\SecuROM
2007-06-23 13:20:12 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-06-10 15:56:21 0 d-------- C:\Program Files\Windows Live
2007-06-08 22

33 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-06-06 20:14:24 0 d-------- C:\Documents and Settings\Teka\Application Data\RegSweep
2007-06-06 11:56:16 0 d-------- C:\WINDOWS\pss
2007-06-05 10:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-05 10:20:11 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-05 10:20:10 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-05 10:20:10 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-05 10:20:10 610304 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-05 10:20:10 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-05 10:20:02 0 d-------- C:\WINDOWS\CSC
2007-06-04 12:31:14 0 d-------- C:\Program Files\IObit
2007-06-03 10:30:01 0 d-------- C:\VundoFix Backups
2007-05-30 21:08:28 0 d-------- C:\Program Files\DivX
2007-05-27 15:05:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-27 13:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Saved Games
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Application Data\FloodLightGames
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2007-05-26 18:23:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-05-26 15:58:17 0 d-------- C:\extensions

-- Find3M Report ---------------------------------------------------------------

2007-06-26 21:05:30 0 d-------- C:\Program Files\Windows Live Toolbar
2007-06-26 21:05:24 0 d-------- C:\Program Files\Winamp
2007-06-26 21:01:22 0 d-------- C:\Program Files\MSN Messenger
2007-06-26 20:56:32 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-06-26 20:56:21 0 d-------- C:\Program Files\Messenger Plus! Live
2007-06-26 20:49:36 0 d-------- C:\Program Files\Advanced Uninstaller
2007-06-24 13:12:38 0 d-------- C:\Program Files\sollab
2007-06-22 16:07:55 0 d-------- C:\Documents and Settings\Teka\Application Data\DMCache
2007-06-12 13:58:03 77312 --a------ C:\WINDOWS\ua2.dll
2007-06-04 11:39:06 0 d-------- C:\Documents and Settings\Teka\Application Data\Uniblue
2007-06-04 11:38:58 0 d-------- C:\Program Files\Uniblue
2007-05-30 21:08:48 5141 --a------ C:\WINDOWS\mozver.dat
2007-05-26 15:57:21 0 d-------- C:\Program Files\Yahoo!
2007-05-26 15:55:08 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-05-25 13:23:13 0 d-------- C:\Documents and Settings\Teka\Application Data\Comodo
2007-05-24 15:20:40 0 d-------- C:\Program Files\Comodo
2007-05-24 14:02:26 4 --a------ C:\WINDOWS\system32\C99967
2007-05-24 14:01:09 0 d-------- C:\Program Files\Common Files\Real
2007-05-24 14:00:38 0 d-------- C:\Documents and Settings\Teka\Application Data\Real
2007-05-24 14:00:35 0 d-------- C:\Program Files\Rhapsody
2007-05-23 20:46:24 81550 --a------ C:\WINDOWS\system32\mi2.exe
2007-05-20 17:11:33 0 d-------- C:\Documents and Settings\Teka\Application Data\uTorrent
2007-05-20 13:10:55 4096 --a------ C:\WINDOWS\d3dx.dat
2007-05-20 13:09:47 0 d-------- C:\Program Files\ReflexiveArcade
2007-05-20 12

08 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-14 23:07:10 0 d-------- C:\Documents and Settings\Teka\Application Data\Screenshot Sender
2007-05-13 20:51:11 0 d-------- C:\Program Files\RSSOwl
2007-05-10 20:12:06 0 d-------- C:\Program Files\LimeWire
2007-05-10 19:37:48 0 d-------- C:\Program Files\Google
2007-05-02 20:53:28 0 d-------- C:\Program Files\Ashampoo
2007-05-02 20:52:05 0 d-------- C:\Program Files\Alwil Software
2007-04-29 15:42:08 0 d-------- C:\Program Files\Macrogaming
2007-04-29 12:45:53 0 d-------- C:\Program Files\SecondLife
2007-04-29 12:34:02 0 d-------- C:\Documents and Settings\Teka\Application Data\SecondLife
2007-04-28 20:52:09 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-04-28 11:13:42 0 d-------- C:\Program Files\T-Com MAXadsl CD-ROM
2007-04-28 09:27:40 0 d-------- C:\Program Files\T-Com ADSL driver

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AtiPTA"="atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"Device Detector"="DevDetect.exe -autorun"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue SpeedUpMyPC"="C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe -s"
"msnmsgr"="~\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewContextMenu"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSMMyDocs"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoSMMyPictures"=dword:00000000
"StartMenuLogoff"=dword:00000001
"NoChangeStartMenu"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"MaxRecentDocs"=dword:0000000b
"NoStartMenuMFUprogramsList"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrpp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_VKQUWEXG
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WMIAPSRV

-- End of Deckard's System Scanner: finished at 2007-06-26 at 21:59:22 ---------

"Teka" - 2007-06-26 19:58:33 - ComboFix 07-06-27 - Service Pack 2 NTFS

Rootkit driver xpdt is present. ... attempting disinfection
xpdt ...... driver unloaded successfully.
ADS removed - system32: deleted 61092 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Teka\APPLIC~1.\macromedia\Flash Player\#SharedObjects\NMJJJKLC\www.broadcaster.com
C:\DOCUME~1\Teka\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Teka\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))

2007-06-26 19:56 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 10:21 <DIR> d-------- C:\Deckard
2007-06-24 13:18 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-24 13:18 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-24 13:18 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-23 13:32 <DIR> dr-h----- C:\DOCUME~1\Teka\APPLIC~1\SecuROM
2007-06-23 13:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
2007-06-10 15:56 <DIR> d-------- C:\Program Files\Windows Live
2007-06-08 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-06-06 20:14 <DIR> d-------- C:\DOCUME~1\Teka\APPLIC~1\RegSweep
2007-06-06 11:56 <DIR> d-------- C:\WINDOWS\pss
2007-06-05 10:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
2007-06-05 10:20 610,304 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-05 10:20 <DIR> d-------- C:\WINDOWS\CSC
2007-06-04 12:31 <DIR> d-------- C:\Program Files\IObit
2007-06-03 10:30 <DIR> d-------- C:\VundoFix Backups
2007-05-30 21:08 <DIR> d-------- C:\Program Files\DivX
2007-05-27 15:05 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-27 13:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-05-27 13:16 <DIR> d-------- C:\DOCUME~1\Teka\Saved Games
2007-05-27 13:16 <DIR> d-------- C:\DOCUME~1\Teka\APPLIC~1\FloodLightGames
2007-05-27 13:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames
2007-05-26 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-05-26 15:58 <DIR> d-------- C:\extensions

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-26 17:57:51 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-06-24 11:12:38 -------- d-----w C:\Program Files\sollab
2007-06-23 11:32:05 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-22 14:07:55 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\DMCache
2007-06-12 11:58:03 77,312 ----a-w C:\WINDOWS\ua2.dll
2007-06-10 13:56:22 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-05 10:36:37 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd7661.sys
2007-06-04 09:39:06 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Uniblue
2007-06-04 09:38:58 -------- d-----w C:\Program Files\Uniblue
2007-06-01 18:35:08 -------- d-----w C:\Program Files\Advanced Uninstaller
2007-05-30 19:47:28 -------- d-----w C:\Program Files\Winamp
2007-05-30 19:08:48 5,141 ----a-w C:\WINDOWS\mozver.dat
2007-05-26 13:57:21 -------- d-----w C:\Program Files\Yahoo!
2007-05-26 13:55:08 -------- d-----w C:\Program Files\Common Files\ACD Systems
2007-05-25 11:23:13 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Comodo
2007-05-24 13:20:40 -------- d-----w C:\Program Files\Comodo
2007-05-24 12:01:09 -------- d-----w C:\Program Files\Common Files\Real
2007-05-24 12:00:38 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Real
2007-05-24 12:00:36 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-05-24 12:00:35 -------- d-----w C:\Program Files\Rhapsody
2007-05-23 18:46:24 81,550 ----a-w C:\WINDOWS\system32\mi2.exe
2007-05-20 15:14:50 1,040,384 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-05-20 15:13:44 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll
2007-05-20 15:11:33 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\uTorrent
2007-05-20 11:10:55 4,096 ----a-w C:\WINDOWS\d3dx.dat
2007-05-20 11:09:47 -------- d-----w C:\Program Files\ReflexiveArcade
2007-05-20 10

08 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 21:07:10 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Screenshot Sender
2007-05-14 21

37 -------- d-----w C:\Program Files\MSN Messenger
2007-05-13 18:51:11 -------- d-----w C:\Program Files\RSSOwl
2007-05-10 18:12:06 -------- d-----w C:\Program Files\LimeWire
2007-05-10 17:37:48 -------- d-----w C:\Program Files\Google
2007-05-02 18:53:28 -------- d-----w C:\Program Files\Ashampoo
2007-05-02 18:52:05 -------- d-----w C:\Program Files\Alwil Software
2007-04-29 13:42:08 -------- d-----w C:\Program Files\Macrogaming
2007-04-29 10:45:53 -------- d-----w C:\Program Files\SecondLife
2007-04-29 10:34:02 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\SecondLife
2007-04-28 18:52:09 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-04-28 09:13:42 -------- d-----w C:\Program Files\T-Com MAXadsl CD-ROM
2007-04-28 07:27:40 -------- d-----w C:\Program Files\T-Com ADSL driver
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 18:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2005-11-23 03:05 C:\WINDOWS\system32\atiptaxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 19:06 C:\WINDOWS\soundman.exe]
"Device Detector"="DevDetect.exe" []
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-24 15:20]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-24 13:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" [2007-01-11 10:18]
"msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewContextMenu"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"StartMenuLogoff"=1 (0x1)
"NoChangeStartMenu"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"MaxRecentDocs"=11 (0xb)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-11-15 12:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrpp]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]

*Newly Created Service* - WMIAPSRV

Contents of the 'Scheduled Tasks' folder
2007-06-26 14:30:05 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-06-06 18:14:55 C:\WINDOWS\tasks\RegSweep Scheduled Scan.job
2007-06-19 09:22:00 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
2007-05-20 09

39 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 20:00:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-26 20:01:03
C:\ComboFix-quarantined-files.txt ... 2007-06-26 20:00

--- E O F ---

Incident Status Location

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.ehg-ubisoft.hitbox.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.cs.sexcounter.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.maxserving.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.bravenet.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.kinghost.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[c.goclick.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.c2.gostats.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.clickbank.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.go.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.toplist.cz/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.xiti.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.tribalfusion.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.ehg-ubisoft.hitbox.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.cs.sexcounter.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.maxserving.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.bravenet.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.2o7.net/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.kinghost.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[c.goclick.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.c2.gostats.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.clickbank.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.go.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.toplist.cz/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.xiti.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.com.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.go.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.xiti.com/]
Virus:Malware Generic Disinfected C:\Program Files\Advanced Uninstaller\LoderRunOnce.exe
Virus:Malware Generic Disinfected C:\Program Files\Advanced Uninstaller\Monitor_Patch.exe
Virus:Malware Generic Disinfected C:\Program Files\Advanced Uninstaller\uninstaller_Patch.exe
Adware:Adware/SweetBar Not disinfected C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
Adware:Adware/SaveNow Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2A457B43-8EBF-4EBD-A654-F33BC0\014F59F0-69AD-48CC-BD44-E91F0E
Adware:Adware/WhenUSearch Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3387DA5E-7339-4C94-B2C1-B380DF\4E020DB5-FD4D-46DF-8978-D44E09
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Potentially unwanted tool:Application/CloseApp Not disinfected C:\WINDOWS\system32\closeapp.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected D:\Downloads\ComboFix.exe[nircmd.exe]
Adware:Adware/WUpd Not disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0128921.exe
Virus:Malware Generic Disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0129844.exe
Virus:Malware Generic Disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130363.exe
Potentially unwanted tool:Application/Psshutdown.A Not disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130746.exe
Virus:Malware Generic Disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130864.exe

06-26-2007, 02:01 PM	#7 (permalink)
Niazcro Registered User Join Date: Jun 2007 Posts: 8 OS: WinXP	Re: CPU Usage 100% when online Deckard's System Scanner v20070611.50 Run by Teka on 2007-06-26 at 21:58:37 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Teka.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 21:58:43, on 26.6.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Documents and Settings\Teka\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\Teka.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tportal.hr/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: T-Com - {640D51F7-EA3D-4F9A-A3A2-F803112C2C74} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.tportal.hr/ O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6F78B7-0E69-40CF-80E6-86A10019C6AC}: NameServer = 195.29.150.3 195.29.150.4 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: awtsrpp - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\ O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- Files created between 2007-05-26 and 2007-06-26 ----------------------------- 2007-06-26 20:23:50 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-06-26 20:23:47 0 d-------- C:\WINDOWS\LastGood 2007-06-26 19:48:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-06-24 13:18:38 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System> 2007-06-23 13:32:06 0 dr-h----- C:\Documents and Settings\Teka\Application Data\SecuROM 2007-06-23 13:20:12 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear 2007-06-10 15:56:21 0 d-------- C:\Program Files\Windows Live 2007-06-08 2233 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-06-06 20:14:24 0 d-------- C:\Documents and Settings\Teka\Application Data\RegSweep 2007-06-06 11:56:16 0 d-------- C:\WINDOWS\pss 2007-06-05 10:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel 2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Favorites 2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2007-06-05 10:20:11 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-06-05 10:20:10 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-06-05 10:20:10 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Recent 2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-06-05 10:20:10 610304 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT 2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-06-05 10:20:10 0 d-------- C:\Documents and Settings\Administrator\My Documents 2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-06-05 10:20:02 0 d-------- C:\WINDOWS\CSC 2007-06-04 12:31:14 0 d-------- C:\Program Files\IObit 2007-06-03 10:30:01 0 d-------- C:\VundoFix Backups 2007-05-30 21:08:28 0 d-------- C:\Program Files\DivX 2007-05-27 15:05:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-05-27 13:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Saved Games 2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Application Data\FloodLightGames 2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames 2007-05-26 18:23:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-05-26 15:58:17 0 d-------- C:\extensions -- Find3M Report --------------------------------------------------------------- 2007-06-26 21:05:30 0 d-------- C:\Program Files\Windows Live Toolbar 2007-06-26 21:05:24 0 d-------- C:\Program Files\Winamp 2007-06-26 21:01:22 0 d-------- C:\Program Files\MSN Messenger 2007-06-26 20:56:32 0 d-------- C:\Program Files\Microsoft AntiSpyware 2007-06-26 20:56:21 0 d-------- C:\Program Files\Messenger Plus! Live 2007-06-26 20:49:36 0 d-------- C:\Program Files\Advanced Uninstaller 2007-06-24 13:12:38 0 d-------- C:\Program Files\sollab 2007-06-22 16:07:55 0 d-------- C:\Documents and Settings\Teka\Application Data\DMCache 2007-06-12 13:58:03 77312 --a------ C:\WINDOWS\ua2.dll 2007-06-04 11:39:06 0 d-------- C:\Documents and Settings\Teka\Application Data\Uniblue 2007-06-04 11:38:58 0 d-------- C:\Program Files\Uniblue 2007-05-30 21:08:48 5141 --a------ C:\WINDOWS\mozver.dat 2007-05-26 15:57:21 0 d-------- C:\Program Files\Yahoo! 2007-05-26 15:55:08 0 d-------- C:\Program Files\Common Files\ACD Systems 2007-05-25 13:23:13 0 d-------- C:\Documents and Settings\Teka\Application Data\Comodo 2007-05-24 15:20:40 0 d-------- C:\Program Files\Comodo 2007-05-24 14:02:26 4 --a------ C:\WINDOWS\system32\C99967 2007-05-24 14:01:09 0 d-------- C:\Program Files\Common Files\Real 2007-05-24 14:00:38 0 d-------- C:\Documents and Settings\Teka\Application Data\Real 2007-05-24 14:00:35 0 d-------- C:\Program Files\Rhapsody 2007-05-23 20:46:24 81550 --a------ C:\WINDOWS\system32\mi2.exe 2007-05-20 17:11:33 0 d-------- C:\Documents and Settings\Teka\Application Data\uTorrent 2007-05-20 13:10:55 4096 --a------ C:\WINDOWS\d3dx.dat 2007-05-20 13:09:47 0 d-------- C:\Program Files\ReflexiveArcade 2007-05-20 1208 0 d-------- C:\Program Files\Mozilla Thunderbird 2007-05-14 23:07:10 0 d-------- C:\Documents and Settings\Teka\Application Data\Screenshot Sender 2007-05-13 20:51:11 0 d-------- C:\Program Files\RSSOwl 2007-05-10 20:12:06 0 d-------- C:\Program Files\LimeWire 2007-05-10 19:37:48 0 d-------- C:\Program Files\Google 2007-05-02 20:53:28 0 d-------- C:\Program Files\Ashampoo 2007-05-02 20:52:05 0 d-------- C:\Program Files\Alwil Software 2007-04-29 15:42:08 0 d-------- C:\Program Files\Macrogaming 2007-04-29 12:45:53 0 d-------- C:\Program Files\SecondLife 2007-04-29 12:34:02 0 d-------- C:\Documents and Settings\Teka\Application Data\SecondLife 2007-04-28 20:52:09 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ> 2007-04-28 11:13:42 0 d-------- C:\Program Files\T-Com MAXadsl CD-ROM 2007-04-28 09:27:40 0 d-------- C:\Program Files\T-Com ADSL driver -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AtiPTA"="atiptaxx.exe" "SoundMan"="SOUNDMAN.EXE" "Device Detector"="DevDetect.exe -autorun" "gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\"" "googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart" "COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Uniblue SpeedUpMyPC"="C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe -s" "msnmsgr"="~\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=dword:00000000 "NoResolveSearch"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewContextMenu"=dword:00000000 "NoSaveSettings"=dword:00000000 "NoSMMyDocs"=dword:00000000 "NoRecentDocsMenu"=dword:00000000 "NoSMMyPictures"=dword:00000000 "StartMenuLogoff"=dword:00000001 "NoChangeStartMenu"=dword:00000000 "ClearRecentDocsOnExit"=dword:00000000 "NoRecentDocsHistory"=dword:00000000 "MaxRecentDocs"=dword:0000000b "NoStartMenuMFUprogramsList"=dword:00000000 "NoLowDiskSpaceChecks"=dword:00000000 "LinkResolveIgnoreLinkInfo"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrpp HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 newlycreated - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_VKQUWEXG newlycreated - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WMIAPSRV -- End of Deckard's System Scanner: finished at 2007-06-26 at 21:59:22 --------- "Teka" - 2007-06-26 19:58:33 - ComboFix 07-06-27 - Service Pack 2 NTFS Rootkit driver xpdt is present. ... attempting disinfection xpdt ...... driver unloaded successfully. ADS removed - system32: deleted 61092 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Teka\APPLIC~1.\macromedia\Flash Player\#SharedObjects\NMJJJKLC\www.broadcaster.com C:\DOCUME~1\Teka\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\DOCUME~1\Teka\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol ((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 ))))))))))))))))))))))))))))))) 2007-06-26 19:56 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-26 10:21 <DIR> d-------- C:\Deckard 2007-06-24 13:18 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-06-24 13:18 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-06-24 13:18 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-06-23 13:32 <DIR> dr-h----- C:\DOCUME~1\Teka\APPLIC~1\SecuROM 2007-06-23 13:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear 2007-06-10 15:56 <DIR> d-------- C:\Program Files\Windows Live 2007-06-08 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games 2007-06-06 20:14 <DIR> d-------- C:\DOCUME~1\Teka\APPLIC~1\RegSweep 2007-06-06 11:56 <DIR> d-------- C:\WINDOWS\pss 2007-06-05 10:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel 2007-06-05 10:20 610,304 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-06-05 10:20 <DIR> d-------- C:\WINDOWS\CSC 2007-06-04 12:31 <DIR> d-------- C:\Program Files\IObit 2007-06-03 10:30 <DIR> d-------- C:\VundoFix Backups 2007-05-30 21:08 <DIR> d-------- C:\Program Files\DivX 2007-05-27 15:05 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-05-27 13:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia 2007-05-27 13:16 <DIR> d-------- C:\DOCUME~1\Teka\Saved Games 2007-05-27 13:16 <DIR> d-------- C:\DOCUME~1\Teka\APPLIC~1\FloodLightGames 2007-05-27 13:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames 2007-05-26 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2007-05-26 15:58 <DIR> d-------- C:\extensions (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-26 17:57:51 -------- d-----w C:\Program Files\Microsoft AntiSpyware 2007-06-24 11:12:38 -------- d-----w C:\Program Files\sollab 2007-06-23 11:32:05 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-06-22 14:07:55 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\DMCache 2007-06-12 11:58:03 77,312 ----a-w C:\WINDOWS\ua2.dll 2007-06-10 13:56:22 -------- d-----w C:\Program Files\Messenger Plus! Live 2007-06-05 10:36:37 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd7661.sys 2007-06-04 09:39:06 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Uniblue 2007-06-04 09:38:58 -------- d-----w C:\Program Files\Uniblue 2007-06-01 18:35:08 -------- d-----w C:\Program Files\Advanced Uninstaller 2007-05-30 19:47:28 -------- d-----w C:\Program Files\Winamp 2007-05-30 19:08:48 5,141 ----a-w C:\WINDOWS\mozver.dat 2007-05-26 13:57:21 -------- d-----w C:\Program Files\Yahoo! 2007-05-26 13:55:08 -------- d-----w C:\Program Files\Common Files\ACD Systems 2007-05-25 11:23:13 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Comodo 2007-05-24 13:20:40 -------- d-----w C:\Program Files\Comodo 2007-05-24 12:01:09 -------- d-----w C:\Program Files\Common Files\Real 2007-05-24 12:00:38 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Real 2007-05-24 12:00:36 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys 2007-05-24 12:00:35 -------- d-----w C:\Program Files\Rhapsody 2007-05-23 18:46:24 81,550 ----a-w C:\WINDOWS\system32\mi2.exe 2007-05-20 15:14:50 1,040,384 ----a-w C:\WINDOWS\system32\libeay32.dll 2007-05-20 15:13:44 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll 2007-05-20 15:11:33 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\uTorrent 2007-05-20 11:10:55 4,096 ----a-w C:\WINDOWS\d3dx.dat 2007-05-20 11:09:47 -------- d-----w C:\Program Files\ReflexiveArcade 2007-05-20 1008 -------- d-----w C:\Program Files\Mozilla Thunderbird 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-14 21:07:10 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Screenshot Sender 2007-05-14 2137 -------- d-----w C:\Program Files\MSN Messenger 2007-05-13 18:51:11 -------- d-----w C:\Program Files\RSSOwl 2007-05-10 18:12:06 -------- d-----w C:\Program Files\LimeWire 2007-05-10 17:37:48 -------- d-----w C:\Program Files\Google 2007-05-02 18:53:28 -------- d-----w C:\Program Files\Ashampoo 2007-05-02 18:52:05 -------- d-----w C:\Program Files\Alwil Software 2007-04-29 13:42:08 -------- d-----w C:\Program Files\Macrogaming 2007-04-29 10:45:53 -------- d-----w C:\Program Files\SecondLife 2007-04-29 10:34:02 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\SecondLife 2007-04-28 18:52:09 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-04-28 09:13:42 -------- d-----w C:\Program Files\T-Com MAXadsl CD-ROM 2007-04-28 07:27:40 -------- d-----w C:\Program Files\T-Com ADSL driver 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 18:45] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AtiPTA"="atiptaxx.exe" [2005-11-23 03:05 C:\WINDOWS\system32\atiptaxx.exe] "SoundMan"="SOUNDMAN.EXE" [2005-12-14 19:06 C:\WINDOWS\soundman.exe] "Device Detector"="DevDetect.exe" [] "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-24 15:20] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-24 13:18] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" [2007-01-11 10:18] "msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoResolveSearch"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewContextMenu"=0 (0x0) "NoSaveSettings"=0 (0x0) "NoSMMyDocs"=0 (0x0) "NoRecentDocsMenu"=0 (0x0) "NoSMMyPictures"=0 (0x0) "StartMenuLogoff"=1 (0x1) "NoChangeStartMenu"=0 (0x0) "ClearRecentDocsOnExit"=0 (0x0) "NoRecentDocsHistory"=0 (0x0) "MaxRecentDocs"=11 (0xb) "NoStartMenuMFUprogramsList"=0 (0x0) "NoLowDiskSpaceChecks"=0 (0x0) "LinkResolveIgnoreLinkInfo"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-11-15 12:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrpp] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32] Newly Created Service - WMIAPSRV Contents of the 'Scheduled Tasks' folder 2007-06-26 14:30:05 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job 2007-06-06 18:14:55 C:\WINDOWS\tasks\RegSweep Scheduled Scan.job 2007-06-19 09:22:00 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job 2007-05-20 0939 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-26 20:00:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-06-26 20:01:03 C:\ComboFix-quarantined-files.txt ... 2007-06-26 20:00 --- E O F --- Incident Status Location Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.casalemedia.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.tribalfusion.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.ehg-ubisoft.hitbox.com/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.cs.sexcounter.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.maxserving.com/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.bravenet.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.2o7.net/] Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.kinghost.com/] Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[c.goclick.com/] Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.c2.gostats.com/] Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.clickbank.net/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.go.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.toplist.cz/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.xiti.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.casalemedia.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.tribalfusion.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.ehg-ubisoft.hitbox.com/] Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.cs.sexcounter.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.maxserving.com/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.bravenet.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.2o7.net/] Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.kinghost.com/] Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[c.goclick.com/] Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.c2.gostats.com/] Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.clickbank.net/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.go.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.toplist.cz/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.xiti.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.2o7.net/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.com.com/] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.azjmp.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.go.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.toplist.cz/] Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.www.myaffiliateprogram.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.xiti.com/] Virus:Malware Generic Disinfected C:\Program Files\Advanced Uninstaller\LoderRunOnce.exe Virus:Malware Generic Disinfected C:\Program Files\Advanced Uninstaller\Monitor_Patch.exe Virus:Malware Generic Disinfected C:\Program Files\Advanced Uninstaller\uninstaller_Patch.exe Adware:Adware/SweetBar Not disinfected C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll Adware:Adware/SaveNow Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2A457B43-8EBF-4EBD-A654-F33BC0\014F59F0-69AD-48CC-BD44-E91F0E Adware:Adware/WhenUSearch Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3387DA5E-7339-4C94-B2C1-B380DF\4E020DB5-FD4D-46DF-8978-D44E09 Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe Potentially unwanted tool:Application/CloseApp Not disinfected C:\WINDOWS\system32\closeapp.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected D:\Downloads\ComboFix.exe[nircmd.exe] Adware:Adware/WUpd Not disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0128921.exe Virus:Malware Generic Disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0129844.exe Virus:Malware Generic Disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130363.exe Potentially unwanted tool:Application/Psshutdown.A Not disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130746.exe Virus:Malware Generic Disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130864.exe