Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Weird things in my User File...more info, HJT and Combofix attached, please help.

869 views 0 replies 1 participant last post by  ShaneNP 
#1 ·
AS BEFORE:-

Hi, If someone could help I would be very grateful. Weeks ago I found picture and jpeg files in my folder that would not delete with any attempts until I used a program I found recommended somewhere...I forget what it was, but it was a program that deletes files that wont budge. Anyway, whenever I go into my User folder a Windows Live ID logon thing comes up... It only started when those files turned up. Is this a bad thing? I have been reading other threads for people with a similar problem but no luck so far. I have used HJT and used the hijackthis.de site but nothing was found so nothing has changed.

Once again, it would be great to get some help.

Thanks,

Shane


HJT LOG

Logfile of HijackThis v1.99.1
Scan saved at 12:34:58 PM, on 9/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE
C:\Program Files\X3watch\x3watch.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LeechGet 2006\LeechGet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INTERN~2\mum.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LeechGet] "C:\Program Files\LeechGet 2006\LeechGet.exe" -intray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - file://D:\Installers\QuickTime\qtplugin.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/208d140a507d50147605/netzip/RdxIE601.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178446089760
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4907/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

COMBOFIX LOG


"Shane N" - 2007-06-09 12:31:59 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Shane N\Desktop\"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\install.log
C:\U.exe

((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))

2007-06-05 08:44 d-------- C:\Program Files\MSXML 4.0
2007-06-04 09:45 89,360 --a------ C:\WINDOWS\SYSTEM32\VB5DB.DLL
2007-06-04 09:45 82,432 --a------ C:\WINDOWS\SYSTEM32\msxml4r.dll
2007-06-04 09:45 516,784 -ra------ C:\WINDOWS\SYSTEM32\XceedCry.dll
2007-06-04 09:45 44,544 --a------ C:\WINDOWS\SYSTEM32\Gif89.dll
2007-06-04 09:45 d-------- C:\Program Files\Convar
2007-06-04 09:35 d-------- C:\Program Files\Data Doctor Recovery Memory Card (Demo)
2007-06-04 08:56 d-------- C:\Program Files\Media Innovations Group
2007-06-02 16:20 d-------- C:\Program Files\Mass Downloader
2007-06-02 16:20 d-------- C:\DOCUME~1\NEWFOL~1\APPLIC~1\MetaProducts
2007-06-01 18:01 182,032 --a------ C:\WINDOWS\SYSTEM32\dxtmsft3.dll
2007-06-01 09:39 d-------- C:\DOCUME~1\SHANEN~1\WINDOWS
2007-05-30 09:59 d-------- C:\Program Files\QuickTime
2007-05-27 19:58 d-------- C:\Program Files\Ken Ward's Zipper
2007-05-26 14:02 d-------- C:\Program Files\ZAR
2007-05-26 14:02 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-24 16:28 d-------- C:\Program Files\McGraw-Hill
2007-05-24 12:29 d-------- C:\Program Files\coolpro2
2007-05-24 11:34 d-------- C:\DOCUME~1\NEWFOL~1\APPLIC~1\uTorrent
2007-05-24 10:56 665,424 --a------ C:\WINDOWS\SYSTEM32\wmv8dmoe.dll
2007-05-24 10:56 572,752 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe.dll
2007-05-24 10:56 438,608 --a------ C:\WINDOWS\SYSTEM32\wmv8dmod.dll
2007-05-24 10:56 1,683,792 --a------ C:\WINDOWS\SYSTEM32\wmvcore2.dll
2007-05-24 10:56 d-------- C:\DOCUME~1\SHANEN~1\APPLIC~1\Syntrillium
2007-05-22 09:33 57,856 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\NVENETFD.sys
2007-05-22 09:33 201,728 -ra------ C:\WINDOWS\SYSTEM32\fdco1ins.dll
2007-05-22 09:33 201,728 -ra------ C:\WINDOWS\SYSTEM32\fdco1.dll
2007-05-22 09:32 d-------- C:\WINDOWS\NV2400220.TMP
2007-05-22 09:27 208,896 --------- C:\WINDOWS\SYSTEM32\nvuide.exe
2007-05-22 09:25 d-------- C:\WINDOWS\SYSTEM32\Lang
2007-05-22 09:22 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe
2007-05-22 09:22 86,016 -r------- C:\WINDOWS\SoundMan.exe
2007-05-22 09:22 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-05-22 09:22 49,152 -r------- C:\WINDOWS\SYSTEM32\ChCfg.exe
2007-05-22 09:22 4,394,496 -r------- C:\WINDOWS\SYSTEM32\DRIVERS\RtkHDAud.Sys
2007-05-22 09:22 2,879,488 -r------- C:\WINDOWS\SkyTel.exe
2007-05-22 09:22 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
2007-05-22 09:22 2,157,568 -r------- C:\WINDOWS\MicCal.exe
2007-05-22 09:22 16,269,312 -r------- C:\WINDOWS\RTHDCPL.exe
2007-05-22 09:22 1,183,744 -r------- C:\WINDOWS\RtlUpd.exe
2007-05-22 09:22 d-------- C:\WINDOWS\SYSTEM32\RTCOM
2007-05-22 09:22 d-------- C:\Program Files\Realtek
2007-05-22 09:21 499,712 -r------- C:\WINDOWS\RtlExUpd.dll
2007-05-22 09:20 36,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AmdK8.sys
2007-05-22 09:14 208,896 --a------ C:\WINDOWS\SYSTEM32\nvudisp.exe
2007-05-22 09:13 35,840 -ra------ C:\WINDOWS\SYSTEM32\nvconrm.dll
2007-05-22 09:13 261,632 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\nvsnpu.sys
2007-05-22 09:13 208,896 --a------ C:\WINDOWS\SYSTEM32\nvunrm.exe
2007-05-22 09:13 20,480 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\nvnetbus.sys
2007-05-22 09:13 110,592 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\nvtcp.sys
2007-05-22 09:13 11,264 -ra------ C:\WINDOWS\SYSTEM32\bdco1ins.dll
2007-05-22 09:13 11,264 -ra------ C:\WINDOWS\SYSTEM32\bdco1.dll
2007-05-22 09:13 1,160,448 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\nvnrm.sys
2007-05-22 09:13 d-------- C:\WINDOWS\NV35723664.TMP
2007-05-22 09:12 208,896 --a------ C:\WINDOWS\SYSTEM32\NVUNINST.EXE
2007-05-22 09:01 20,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ADM8511.SYS
2007-05-22 08:59 17,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbohci.sys
2007-05-22 08:58 61,056 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ohci1394.sys
2007-05-22 08:58 6,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\enum1394.sys
2007-05-22 08:58 53,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\1394bus.sys
2007-05-18 22:51 d-------- C:\DOCUME~1\SHANEN~1\APPLIC~1\Real
2007-05-18 22:37 d-------- C:\Program Files\LimeWire
2007-05-18 17:55 d-------- C:\DOCUME~1\NEWFOL~1\APPLIC~1\Lavasoft
2007-05-18 01:31 d-------- C:\Program Files\PurgeIE
2007-05-18 01:31 d-------- C:\DOCUME~1\NEWFOL~1\APPLIC~1\DelinvFile
2007-05-18 01:01 d-------- C:\DOCUME~1\SHANEN~1\.housecall6.6
2007-05-17 07:29 1,100 --a------ C:\WINDOWS\SYSTEM32\d3d8caps.dat
2007-05-14 20:00 12,112,328 --a------ C:\nentenst.exe
2007-05-11 21:00 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-05-11 16:47 d-------- C:\Program Files\Senselang
2007-05-11 16:46 28,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
2007-05-11 16:46 d-------- C:\DOCUME~1\NEWFOL~1\APPLIC~1\WholeSecurity

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-01-31 01:40:24 -------- d-----w C:\DOCUME~1\NEWFOL~1\APPLIC~1\AdobeUM
2007-06-03 23:45:28 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-26 10:22:09 -------- d-----w C:\Program Files\Common Files\GTK
2007-05-24 01:33:02 -------- d-----w C:\DOCUME~1\NEWFOL~1\APPLIC~1\LimeWire
2007-05-22 22:57:21 -------- d-----w C:\DOCUME~1\NEWFOL~1\APPLIC~1\Internode
2007-05-14 08:22:19 870,784 ----a-w C:\WINDOWS\system32\ati3d1ag.dll
2007-05-14 08:22:19 86,016 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-05-14 08:22:19 81,920 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-05-14 08:22:19 745,984 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-05-14 08:22:19 65,536 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-05-14 08:22:19 6,250,496 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-05-14 08:22:19 509,760 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-05-14 08:22:19 376,832 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-05-14 08:22:19 30,720 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-05-14 08:22:19 294,912 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-05-14 08:22:19 24,064 ----a-w C:\WINDOWS\system32\ativcoxx.dll
2007-05-14 08:22:19 229,376 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-05-14 08:22:19 206,336 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-05-14 08:22:19 2,098,432 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-05-14 08:22:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-05-14 08:22:19 126,976 ----a-w C:\WINDOWS\system32\ATIDEMGR.dll
2007-05-14 08:22:19 114,688 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-05-14 08:22:19 102,400 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-05-14 08:22:19 1,057,760 ----a-w C:\WINDOWS\system32\ati3d2ag.dll
2007-05-14 07:43:18 -------- d-----w C:\Program Files\ATI Technologies
2007-05-07 11:49:08 -------- d-----w C:\Program Files\Microsoft Works
2007-05-03 23:18:17 14,871,552 ----a-w C:\setupeng.exe
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-30 08:11:50 -------- d-----w C:\DOCUME~1\NEWFOL~1\APPLIC~1\PC Tools
2007-04-28 02:07:08 -------- d-----w C:\Program Files\Google
2007-04-20 01:32:03 -------- d-----w C:\Program Files\Typequick
2007-04-20 01:31:39 -------- d--h--w C:\Program Files\Zero G Registry
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-01 08:57:30 283,482 ----a-w C:\Sense.exe
2007-03-26 09:59:42 3,211 ----a-w C:\WINDOWS\mozver.dat
2007-03-21 23:03:29 37,860,928 ----a-w C:\iTunesSetup.exe
2007-03-21 13:04:52 15,505,200 ----a-w C:\IE7-WindowsXP-x86-enu.exe
2007-03-21 12:50:50 14,994,152 ----a-w C:\GoogleEarthWin_EARD.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-12 06:04:00 102,400 ----a-w C:\WINDOWS\system32\fileparameterscpp.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}=C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 13:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"x3watch"="C:\Program Files\X3watch\x3watch.exe" [2005-08-13 08:27]
"VTTimer"="VTTimer.exe" [2005-03-09 13:33 C:\WINDOWS\SYSTEM32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-13 03:33 C:\WINDOWS\SYSTEM32\VTTrayp.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 09:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-20 21:48]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-05-01 01:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]
"nwiz"="nwiz.exe" [2006-10-31 16:35 C:\WINDOWS\SYSTEM32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LeechGet"="C:\Program Files\LeechGet 2006\LeechGet.exe" [2006-04-25 14:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00]
"InternodeUsage"="C:\PROGRA~1\INTERN~2\mum.exe" [2007-01-30 18:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SoundMAX Agent Service (default)"=2 (0x2)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

Contents of the 'Scheduled Tasks' folder
2007-05-08 22:02:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 12:32:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-09 12:33:38
C:\ComboFix-quarantined-files.txt ... 2007-06-09 12:33

--- E O F ---
 
See less See more
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top