Tech Support Forum - View Single Post

xdragonx · 06-26-2007, 05:03 PM

no problem i think its the same thing but here it is

"admin" - 2007-06-26 15:32:52 - ComboFix 07-06-25.2 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\admin\Desktop\ComboFix-Do.txt

((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))

2007-06-26 04:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-26 04:11 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-24 16:00 122,944 --a------ C:\WINDOWS\system32\snqubpqs.exe
2007-06-24 15:23 122,944 --a------ C:\WINDOWS\system32\klsgyios.exe
2007-06-24 10:58 122,944 --a------ C:\WINDOWS\system32\midwtspf.exe
2007-06-23 20:01 28,160 --a------ C:\WINDOWS\system32\sysmon32.exe
2007-06-23 17:48 <DIR> d-------- C:\Program Files\GNU
2007-06-23 16:39 236,747 --a------ C:\Program Files\FLVSPLITTER.exe
2007-06-22 19:16 <DIR> d-------- C:\Program Files\PictureProject In Touch Downloader
2007-06-22 19:15 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2007-06-22 19:15 76,800 -ra------ C:\WINDOWS\system32\RedEye.dll
2007-06-22 19:15 5,709,824 -ra------ C:\WINDOWS\system32\NkNEFPlugin.dll
2007-06-22 19:15 495,616 -ra------ C:\WINDOWS\system32\DRAGNKL1.dll
2007-06-22 19:15 48,128 -ra------ C:\WINDOWS\system32\picn20.dll
2007-06-22 19:15 180,224 -ra------ C:\WINDOWS\system32\Strato4.dll
2007-06-22 19:15 180,224 -ra------ C:\WINDOWS\system32\picn1120.dll
2007-06-22 19:15 155,648 -ra------ C:\WINDOWS\system32\picn1020.dll
2007-06-22 19:15 110,592 -ra------ C:\WINDOWS\system32\RCSigProc.dll
2007-06-22 19:15 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2007-06-22 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nikon
2007-06-22 19:15 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\Nikon
2007-06-22 19:14 20 ---h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLds.DAT
2007-06-22 19:14 <DIR> d-------- C:\Program Files\Nikon
2007-06-22 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
2007-06-22 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
2007-06-22 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Applause and Laugher
2007-06-22 19:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-06-22 19:11 <DIR> d-------- C:\Program Files\ArcSoft
2007-06-22 19:10 <DIR> d-------- C:\Program Files\Common Files\Nikon
2007-06-22 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-06-22 10:13 <DIR> d-------- C:\Program Files\DivXLand
2007-06-22 10:11 1,783,574 --a------ C:\Program Files\DivXLand_MediaSub_205.exe
2007-06-17 18:33 <DIR> d-------- C:\Program Files\KONAMI
2007-06-17 16:29 23,220,928 --a------ C:\Program Files\JAD7_BASIC.exe
2007-06-09 11:05 <DIR> d-------- C:\Program Files\DkZ Studio
2007-06-09 11:03 <DIR> d-------- C:\Program Files\dkz
2007-06-01 23:23 <DIR> d-------- C:\Program Files\afreeca
2007-06-01 23:10 53,248 --a------ C:\WINDOWS\system32\PrxerNsp.dll
2007-06-01 23:10 53,248 --a------ C:\WINDOWS\system32\PrxerDrv.dll
2007-06-01 23:10 <DIR> d-------- C:\Program Files\Proxifier
2007-06-01 23:09 701,713 --a------ C:\Program Files\ProxifierSetup.exe
2007-06-01 18:10 <DIR> d-------- C:\Program Files\COWON
2007-06-01 15:20 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-06-01 15:20 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2007-06-01 15:20 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2007-06-01 15:20 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2007-06-01 15:11 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\COWON
2007-06-01 15:06 <DIR> d-------- C:\Program Files\JetAudio
2007-06-01 15:06 <DIR> d-------- C:\Program Files\Common Files\COWON
2007-05-30 20:51 26,057 --a------ C:\subafsfile0.bin

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-25 02:14:00 -------- d-----w C:\Program Files\Minilyrics
2007-06-24 23:34:30 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-06-24 23:09:56 -------- d-----w C:\Program Files\FlashGet
2007-06-24 18:02:45 -------- d-----w C:\Program Files\CCleaner
2007-06-23 02:15:03 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-20 05:03:36 -------- d-----w C:\Program Files\NetFolder
2007-06-13 01:54:56 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\LimeWire
2007-06-13 00:16:43 -------- d-----w C:\Program Files\GRETECH
2007-06-13 00:16:43 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\GRETECH
2007-06-10 02:02:24 -------- d-----w C:\Program Files\TVAnts
2007-06-10 02:01:17 2,838,136 ----a-w C:\Program Files\TvantsSetup.EXE
2007-06-09 18:37:58 -------- d-----w C:\Program Files\Game Graphic Studio
2007-06-09 18:04:06 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-09 05:19:41 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\Fileguri
2007-05-31 04:21:56 54,304 ----a-w C:\bin0.bin
2007-05-29 21

42 565,248 ----a-w C:\WINDOWS\system32\IdiskLauncherEx.exe
2007-05-28 02:46:08 -------- d-----w C:\Program Files\Nowcom
2007-05-26 05:56:47 -------- d-----w C:\Program Files\StepMania
2007-05-24 21:26:19 8,224 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-05-24 11:10:23 -------- d-----w C:\Program Files\Microsoft Works
2007-05-24 11:07:20 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-24 10:22:13 -------- d-----w C:\Program Files\backups
2007-05-24 07:53:50 -------- d-----w C:\Program Files\Winamp
2007-05-24 03:08:45 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\SmartDraw
2007-05-22 02:26:26 12,302,384 ----a-w C:\Program Files\widgetsus.exe
2007-05-21 01:13:46 -------- d-----w C:\Program Files\DivX
2007-05-21 01:02:03 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\dvdcss
2007-05-20 22:44:40 6,221,304 ----a-w C:\Program Files\winamp535_full_emusic-7plus.exe
2007-05-20 20:50:38 2,719,216 ----a-w C:\Program Files\ccsetup140.exe
2007-05-19 00:25:57 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\ESTsoft
2007-05-19 00:24:44 -------- d-----w C:\Program Files\ESTsoft
2007-05-19 00:22:13 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\U3
2007-05-18 04:33:11 -------- d-----w C:\Program Files\FT8D91
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 01:43:24 1 ----a-w C:\mcheck_dio.dat
2007-05-08 09:56:27 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\MusicIP
2007-05-05 22:30:35 -------- d-----w C:\Program Files\MiniLyrics.v4.5.2266.Incl.Crack-iNViSiBLE
2007-05-05 22:29:35 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\uTorrent
2007-04-27 03:11:29 1,053,184 ----a-w C:\WINDOWS\system32\mfc71u.dll
2007-04-27 03:11:08 2,801,756 ----a-w C:\WINDOWS\system32\libmmd.dll
2007-04-27 02:48:48 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll
2007-04-26 01:42:33 -------- d-----w C:\Program Files\AC3Filter
2007-04-26 01:40:47 2,139,213 ----a-w C:\Program Files\ac3filter_1_30b.exe
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-21 01:49:44 2,714,784 ----a-w C:\Program Files\ccsetup139.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-15 05:26:44 19,994,184 ----a-w C:\Program Files\QuickTimeInstaller.exe
2007-04-11 04:37:19 3,374,720 ----a-w C:\Program Files\EasyLink_Connect.exe
2007-04-09 00:24:43 794,624 ----a-w C:\WINDOWS\system32\pdrtvctl.dll
2007-04-09 00:24:43 204,800 ----a-w C:\WINDOWS\system32\pdrtvsvr.exe
2007-04-09 00:24:43 204,800 ----a-w C:\WINDOWS\system32\pdrtvf2.dll
2007-04-09 00:24:43 147,456 ----a-w C:\WINDOWS\system32\pdrtvf1.dll
2007-04-09 00:24:43 1,091,584 ----a-w C:\WINDOWS\system32\pavc.dll
2007-03-31 23:20:11 6,006,832 ----a-w C:\Program Files\Firefox Setup 2.0.0.3.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 15:19]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 05:00]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"DHAutoRun"="C:\Program Files\LITTLEGIANT\Foxplayer\DHAutoRun.exe" [2007-01-25 15:37]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 11:31]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\admin\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DHAutoRun]
C:\Program Files\LITTLEGIANT\Foxplayer\DHAutoRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fileguri]
"C:\Program Files\Freechal\Fileguri\Fileguri.exe" PathFileguri /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{047efda1-059e-11dc-bab6-0016171b4a49}]
AutoRun\command- F:\LaunchU3.exe -a

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 15:41:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-26 15:42:39
C:\ComboFix-quarantined-files.txt ... 2007-06-26 15:42
C:\ComboFix2.txt ... 2007-06-25 22:18
C:\ComboFix3.txt ... 2007-06-24 16:35

--- E O F ---

06-26-2007, 05:03 PM	#10 (permalink)
xdragonx Registered User Join Date: Nov 2006 Posts: 58 OS: WinXP	Re: help cleaning up no problem i think its the same thing but here it is "admin" - 2007-06-26 15:32:52 - ComboFix 07-06-25.2 - Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\admin\Desktop\ComboFix-Do.txt ((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 ))))))))))))))))))))))))))))))) 2007-06-26 04:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-06-26 04:11 <DIR> d-------- C:\WINDOWS\LastGood 2007-06-24 16:00 122,944 --a------ C:\WINDOWS\system32\snqubpqs.exe 2007-06-24 15:23 122,944 --a------ C:\WINDOWS\system32\klsgyios.exe 2007-06-24 10:58 122,944 --a------ C:\WINDOWS\system32\midwtspf.exe 2007-06-23 20:01 28,160 --a------ C:\WINDOWS\system32\sysmon32.exe 2007-06-23 17:48 <DIR> d-------- C:\Program Files\GNU 2007-06-23 16:39 236,747 --a------ C:\Program Files\FLVSPLITTER.exe 2007-06-22 19:16 <DIR> d-------- C:\Program Files\PictureProject In Touch Downloader 2007-06-22 19:15 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll 2007-06-22 19:15 76,800 -ra------ C:\WINDOWS\system32\RedEye.dll 2007-06-22 19:15 5,709,824 -ra------ C:\WINDOWS\system32\NkNEFPlugin.dll 2007-06-22 19:15 495,616 -ra------ C:\WINDOWS\system32\DRAGNKL1.dll 2007-06-22 19:15 48,128 -ra------ C:\WINDOWS\system32\picn20.dll 2007-06-22 19:15 180,224 -ra------ C:\WINDOWS\system32\Strato4.dll 2007-06-22 19:15 180,224 -ra------ C:\WINDOWS\system32\picn1120.dll 2007-06-22 19:15 155,648 -ra------ C:\WINDOWS\system32\picn1020.dll 2007-06-22 19:15 110,592 -ra------ C:\WINDOWS\system32\RCSigProc.dll 2007-06-22 19:15 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies 2007-06-22 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nikon 2007-06-22 19:15 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\Nikon 2007-06-22 19:14 20 ---h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLds.DAT 2007-06-22 19:14 <DIR> d-------- C:\Program Files\Nikon 2007-06-22 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15 2007-06-22 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp 2007-06-22 19:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Applause and Laugher 2007-06-22 19:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-06-22 19:11 <DIR> d-------- C:\Program Files\ArcSoft 2007-06-22 19:10 <DIR> d-------- C:\Program Files\Common Files\Nikon 2007-06-22 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-06-22 10:13 <DIR> d-------- C:\Program Files\DivXLand 2007-06-22 10:11 1,783,574 --a------ C:\Program Files\DivXLand_MediaSub_205.exe 2007-06-17 18:33 <DIR> d-------- C:\Program Files\KONAMI 2007-06-17 16:29 23,220,928 --a------ C:\Program Files\JAD7_BASIC.exe 2007-06-09 11:05 <DIR> d-------- C:\Program Files\DkZ Studio 2007-06-09 11:03 <DIR> d-------- C:\Program Files\dkz 2007-06-01 23:23 <DIR> d-------- C:\Program Files\afreeca 2007-06-01 23:10 53,248 --a------ C:\WINDOWS\system32\PrxerNsp.dll 2007-06-01 23:10 53,248 --a------ C:\WINDOWS\system32\PrxerDrv.dll 2007-06-01 23:10 <DIR> d-------- C:\Program Files\Proxifier 2007-06-01 23:09 701,713 --a------ C:\Program Files\ProxifierSetup.exe 2007-06-01 18:10 <DIR> d-------- C:\Program Files\COWON 2007-06-01 15:20 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-06-01 15:20 45,056 --a------ C:\WINDOWS\system32\ogg.dll 2007-06-01 15:20 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-06-01 15:20 188,416 --a------ C:\WINDOWS\system32\vorbis.dll 2007-06-01 15:11 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\COWON 2007-06-01 15:06 <DIR> d-------- C:\Program Files\JetAudio 2007-06-01 15:06 <DIR> d-------- C:\Program Files\Common Files\COWON 2007-05-30 20:51 26,057 --a------ C:\subafsfile0.bin (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-25 02:14:00 -------- d-----w C:\Program Files\Minilyrics 2007-06-24 23:34:30 -------- d-----w C:\Program Files\Symantec AntiVirus 2007-06-24 23:09:56 -------- d-----w C:\Program Files\FlashGet 2007-06-24 18:02:45 -------- d-----w C:\Program Files\CCleaner 2007-06-23 02:15:03 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-20 05:03:36 -------- d-----w C:\Program Files\NetFolder 2007-06-13 01:54:56 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\LimeWire 2007-06-13 00:16:43 -------- d-----w C:\Program Files\GRETECH 2007-06-13 00:16:43 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\GRETECH 2007-06-10 02:02:24 -------- d-----w C:\Program Files\TVAnts 2007-06-10 02:01:17 2,838,136 ----a-w C:\Program Files\TvantsSetup.EXE 2007-06-09 18:37:58 -------- d-----w C:\Program Files\Game Graphic Studio 2007-06-09 18:04:06 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-06-09 05:19:41 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\Fileguri 2007-05-31 04:21:56 54,304 ----a-w C:\bin0.bin 2007-05-29 2142 565,248 ----a-w C:\WINDOWS\system32\IdiskLauncherEx.exe 2007-05-28 02:46:08 -------- d-----w C:\Program Files\Nowcom 2007-05-26 05:56:47 -------- d-----w C:\Program Files\StepMania 2007-05-24 21:26:19 8,224 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2007-05-24 11:10:23 -------- d-----w C:\Program Files\Microsoft Works 2007-05-24 11:07:20 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-05-24 10:22:13 -------- d-----w C:\Program Files\backups 2007-05-24 07:53:50 -------- d-----w C:\Program Files\Winamp 2007-05-24 03:08:45 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\SmartDraw 2007-05-22 02:26:26 12,302,384 ----a-w C:\Program Files\widgetsus.exe 2007-05-21 01:13:46 -------- d-----w C:\Program Files\DivX 2007-05-21 01:02:03 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\dvdcss 2007-05-20 22:44:40 6,221,304 ----a-w C:\Program Files\winamp535_full_emusic-7plus.exe 2007-05-20 20:50:38 2,719,216 ----a-w C:\Program Files\ccsetup140.exe 2007-05-19 00:25:57 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\ESTsoft 2007-05-19 00:24:44 -------- d-----w C:\Program Files\ESTsoft 2007-05-19 00:22:13 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\U3 2007-05-18 04:33:11 -------- d-----w C:\Program Files\FT8D91 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-10 01:43:24 1 ----a-w C:\mcheck_dio.dat 2007-05-08 09:56:27 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\MusicIP 2007-05-05 22:30:35 -------- d-----w C:\Program Files\MiniLyrics.v4.5.2266.Incl.Crack-iNViSiBLE 2007-05-05 22:29:35 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\uTorrent 2007-04-27 03:11:29 1,053,184 ----a-w C:\WINDOWS\system32\mfc71u.dll 2007-04-27 03:11:08 2,801,756 ----a-w C:\WINDOWS\system32\libmmd.dll 2007-04-27 02:48:48 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll 2007-04-26 01:42:33 -------- d-----w C:\Program Files\AC3Filter 2007-04-26 01:40:47 2,139,213 ----a-w C:\Program Files\ac3filter_1_30b.exe 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-21 01:49:44 2,714,784 ----a-w C:\Program Files\ccsetup139.exe 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-15 05:26:44 19,994,184 ----a-w C:\Program Files\QuickTimeInstaller.exe 2007-04-11 04:37:19 3,374,720 ----a-w C:\Program Files\EasyLink_Connect.exe 2007-04-09 00:24:43 794,624 ----a-w C:\WINDOWS\system32\pdrtvctl.dll 2007-04-09 00:24:43 204,800 ----a-w C:\WINDOWS\system32\pdrtvsvr.exe 2007-04-09 00:24:43 204,800 ----a-w C:\WINDOWS\system32\pdrtvf2.dll 2007-04-09 00:24:43 147,456 ----a-w C:\WINDOWS\system32\pdrtvf1.dll 2007-04-09 00:24:43 1,091,584 ----a-w C:\WINDOWS\system32\pavc.dll 2007-03-31 23:20:11 6,006,832 ----a-w C:\Program Files\Firefox Setup 2.0.0.3.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 15:19] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 05:00] "AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35] "DHAutoRun"="C:\Program Files\LITTLEGIANT\Foxplayer\DHAutoRun.exe" [2007-01-25 15:37] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 11:31] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\admin\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DHAutoRun] C:\Program Files\LITTLEGIANT\Foxplayer\DHAutoRun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fileguri] "C:\Program Files\Freechal\Fileguri\Fileguri.exe" PathFileguri /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{047efda1-059e-11dc-bab6-0016171b4a49}] AutoRun\command- F:\LaunchU3.exe -a ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-26 15:41:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-06-26 15:42:39 C:\ComboFix-quarantined-files.txt ... 2007-06-26 15:42 C:\ComboFix2.txt ... 2007-06-25 22:18 C:\ComboFix3.txt ... 2007-06-24 16:35 --- E O F ---