[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk backup=C:\WINDOWS\pss\dlbcserv.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Zman^Start Menu^Programs^Startup^YouTube Uploader.lnk] path=C:\Documents and Settings\Zman\Start Menu\Programs\Startup\YouTube Uploader.lnk backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup
zman642001
3 Posts
0
July 5th, 2008 12:00
ComboFix 08-06-20.4 - Zman 2008-06-30 13:31:30.14 - NTFSx86
Running from: C:\Documents and Settings\Zman\Desktop\ComboFixes.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Zman\Application Data\SSEMBL~1
C:\Documents and Settings\Zman\Application Data\SSEMBL~1\?ssembly\
C:\Documents and Settings\Zman\Application Data\SSEMBL~1\spool32.exe
C:\Program Files\inetget2
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\Spcron
C:\Program Files\Temporary
C:\WINDOWS\BM2f5afb98.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXoNFUm.dll
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\hlbnicmr.ini
C:\WINDOWS\system32\hwx.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mUFNoXbc.ini
C:\WINDOWS\system32\mUFNoXbc.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\racle~1\wowexec.exe
C:\WINDOWS\system32\tuvstSJC.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.
2008-06-30 13:11 . 2008-06-30 13:11
2008-06-30 13:08 . 2008-06-30 13:08 81,920 --a------ C:\WINDOWS\system32\rmcinblh.dll
2008-06-30 13:06 . 2008-06-30 13:06 103,424 --a------ C:\WINDOWS\system32\wjprpm.dll
2008-06-30 13:05 . 2008-06-30 13:06 103,424 --a------ C:\WINDOWS\system32\hehqtvsk.dll
2008-06-30 13:03 . 2008-06-30 13:03 91,136 --a------ C:\WINDOWS\system32\leeytkeg.dll
2008-06-30 13:01 . 2008-06-30 13:01
2008-06-30 12:57 . 2008-06-30 12:57 41,984 --a------ C:\WINDOWS\mrofinu572.exe
2008-06-30 12:57 . 2008-06-30 12:57 41,723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-06-27 22:24 . 2008-06-27 22:24 268 --ah----- C:\sqmdata05.sqm
2008-06-27 22:24 . 2008-06-27 22:24 244 --ah----- C:\sqmnoopt05.sqm
2008-06-26 21:57 . 2008-06-26 21:57
2008-06-25 17:35 . 2008-06-25 17:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-25 17:35 . 2008-06-25 17:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 11:47 . 2008-06-25 08:47 41,984 --a------ C:\WINDOWS\b156.exe
2008-06-25 11:33 . 2008-06-25 12:30
2008-06-25 11:31 . 2008-06-25 11:31
2008-06-25 11:16 . 2008-06-25 11:16 81,408 --a------ C:\WINDOWS\system32\fmhuacug.dll
2008-06-25 11:15 . 2008-06-25 11:15 105,984 --a------ C:\WINDOWS\system32\qvsbxiou.dll
2008-06-25 11:08 . 2008-06-25 11:08
2008-06-25 11:08 . 2008-06-25 11:08
2008-06-25 11:08 . 2008-06-25 11:08
2008-06-25 11:08 . 2008-06-25 11:08
2008-06-13 20:34 . 2008-06-13 20:34
2008-06-13 20:28 . 2006-08-21 05:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-13 20:28 . 2006-08-21 05:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-13 20:28 . 2006-08-21 08:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-13 20:26 . 2008-06-13 20:26
2008-06-13 10:05 . 2008-06-13 07:05 95,232 --a------ C:\WINDOWS\b152.exe
2008-06-12 15:51 . 2008-06-12 15:51 99,024 --a------ C:\WINDOWS\MozillaUninstall.exe
2008-06-12 15:51 . 2008-06-12 15:51 98,512 --a------ C:\WINDOWS\GREUninstall.exe
2008-06-12 15:50 . 2008-06-12 15:50
2008-06-12 12:51 . 2008-06-12 13:15
2008-06-12 11:47 . 2008-06-12 11:59
2008-06-12 11:25 . 2008-06-12 11:38
2008-06-12 02:09 . 2008-06-12 02:39
2008-06-12 02:06 . 2008-06-12 02:06 2,238 --a------ C:\WINDOWS\system32\GClogo_32x32.ico
2008-06-12 01:51 . 2008-06-12 01:51 87,513 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-12 01:50 . 2008-06-12 01:50
2008-06-12 01:50 . 2008-06-12 01:50
2008-06-12 01:50 . 2008-06-12 01:50
2008-06-12 01:50 . 2008-06-12 01:50
2008-06-10 21:53 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 21:53 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 21:45 . 2007-07-09 09:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-10 21:26 . 2008-05-08 08:28 202,752 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 20:37 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-10 20:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-10 20:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-06-10 20:37 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-07 22:13 . 2008-06-07 22:13 32,768 --a------ C:\WINDOWS\system32\netrax01\netrax011065.exe
2008-06-05 14:14 . 2008-06-05 14:14
2008-05-20 10:39 . 2008-05-20 10:39
2008-05-20 10:38 . 2008-05-20 10:38 1,024 --a------ C:\.rnd
2008-05-19 01:25 . 2008-06-12 11:15
2008-05-18 13:58 . 2008-05-18 13:57 691,545 --a------ C:\WINDOWS\unins001.exe
2008-05-18 13:58 . 2008-05-18 13:58 2,542 --a------ C:\WINDOWS\unins001.dat
2008-05-18 13:56 . 2008-05-19 02:01
2008-05-18 13:56 . 2008-05-19 02:01
2008-05-18 04:55 . 2008-05-18 04:55
2008-05-18 04:55 . 2008-05-18 21:51
2008-05-18 04:26 . 2008-05-18 12:34 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-18 04:25 . 2004-08-04 06:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-12 09:43 . 2008-05-12 06:43 68,096 --a------ C:\WINDOWS\b155.exe
2008-05-07 01:18 . 2008-05-07 01:18 1,287,680 --------- C:\WINDOWS\system32\dllcache\quartz.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 21:41 --------- d-----w C:\Program Files\PeerGuardian2
2008-06-18 20:09 --------- d-----w C:\Documents and Settings\Zman\Application Data\Vso
2008-06-17 17:34 --------- d-----w C:\Program Files\FlashFXP
2008-06-12 19:50 --------- d-----w C:\Program Files\mozilla.org
2008-06-09 00:14 --------- d-----w C:\Documents and Settings\Zman\Application Data\dvdcss
2008-06-01 07:51 --------- d-----w C:\Program Files\Twain
2008-05-29 20:57 --------- d-----w C:\Documents and Settings\Zman\Application Data\Azureus
2008-05-18 08:25 6,656 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-05-17 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 15:08 46,592 ----a-w C:\WINDOWS\b157.exe
2008-01-15 21:52 140,800 --sh--w C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
2007-04-17 00:10 87,608 ----a-w C:\Documents and Settings\Zman\Application Data\ezpinst.exe
2007-04-17 00:10 47,360 ----a-w C:\Documents and Settings\Zman\Application Data\pcouffin.sys
2006-09-06 18:13 96 ----a-w C:\Program Files\showdesktop.scf
2006-06-05 21:17 24,192 ----a-w C:\Documents and Settings\Zman\usbsermptxp.sys
2006-06-05 21:17 22,768 ----a-w C:\Documents and Settings\Zman\usbsermpt.sys
2006-05-10 16:54 45,304 ----a-w C:\Documents and Settings\Zman\Application Data\GDIPFONTCACHEV1.DAT
2005-10-15 21:18 6,423 ----a-w C:\Program Files\Warez P2P ClientIPGUARD.LOG
2005-01-24 23:58 81,920 ----a-w C:\Program Files\SSAAD.exe
2000-09-02 09:20 65,536 ----a-w C:\Program Files\NED.exe
2000-09-02 09:20 1,803 ----a-w C:\Program Files\readme.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-01-17 21:05 1159168]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"Zdnnt"="C:\Program Files\?ssembly\iexplore.exe" [ ]
"Ngml"="C:\Program Files\Common Files\A?pPatch\rundll32.exe" [ ]
"Acww"="C:\Program Files\Common Files\??mbols\rundll.exe" [ ]
"QdrModule16"="C:\Program Files\QdrModule\QdrModule16.exe" [ ]
"Xfroyf"="C:\Program Files\?ystem32\wowexec.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"Vcoxq"="C:\WINDOWS\??stem32\tracert.exe" [2004-08-04 06:00 12288]
"Ewljezu"="C:\WINDOWS\system32\?racle\wowexec.exe" [ ]
"mjc"="C:\Program Files\mjc\mjc.exe" [2008-06-30 13:01 145408]
"Sakora"="C:\Program Files\Sakora\Sakora.exe" [2008-06-30 13:11 26624]
"Sen"="C:\DOCUME~1\Zman\APPLIC~1\SSEMBL~1\spool32.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-02-16 17:51 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcAQKEx]
efcAQKEx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdaxy]
efcdaxy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdcde]
iifdcde.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-06-20 14:29 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayabcb]
yayabcb.dll
zman642001
3 Posts
0
July 5th, 2008 12:00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
backup=C:\WINDOWS\pss\dlbcserv.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Zman^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=C:\Documents and Settings\Zman\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-06-02 01:34 67160 C:\Program Files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2007-02-24 12:43 342636 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
C:\Program Files\Softwin\BitDefender8\\bdnagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]
C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2005-05-30 17:34 61440 c:\dell\bldbubg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-06-02 09:21 48752 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 08:51 306688 C:\Program Files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDonkey2000]
C:\Program Files\eDonkey2000\eDonkey2000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Effqcw]
C:\WINDOWS\system32\?dobe\logonui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2007-11-06 12:16 19952 C:\Documents and Settings\Zman\Local Settings\Application Data\Google\Update\1.0.87.0\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-04-24 16:09 163840 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2007-04-24 16:09 163840 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2007-04-24 16:09 135168 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-04-24 16:09 131072 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 17:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Koyxdp]
C:\WINDOWS\a?sembly\nopdb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-02-07 16:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2004-06-08 12:31 29696 C:\WINDOWS\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSCD_Creator]
--a------ 2005-03-18 16:02 107520 c:\Dell\MediaExe\PreODM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-04-24 16:09 135168 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]
--a------ 2004-12-09 14:58 86016 C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSD]
C:\Program Files\Magic Network\Perfect Shutdown\PSD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-01-20 03:09 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
--a------ 2004-11-11 11:26 26112 C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-05-30 18:07 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-02-07 16:24 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyQuake2.com]
C:\Program Files\SpyQuake2.com\Spy-Quake2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2005-01-24 19:58 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stratas]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 18:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2006-07-20 10:24 1257472 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-05-14 01:35 536576 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-05-13 11:23 98304 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2005-06-23 19:27 85696 C:\PROGRA~1\SYMANT~1\VPTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]
C:\WINDOWS\winshow.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
c:\program files\zango\zango.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\America Online 9.0\\waol.exe"=
R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 09:01]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 09:01]
R2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2004-11-01 12:56]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [2008-02-13 14:21]
S2 USBHSB;GeneLink File Transfer Driver;C:\WINDOWS\system32\Drivers\usbhsb.sys [2001-12-17 05:42]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 17:04]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 23:53]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-21 22:05:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 06:06:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-25 18:51:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-07 19:51:33 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 13:52:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\clb.dll 10752 bytes executable
C:\WINDOWS\system32\clbcatex.dll 110080 bytes executable
C:\WINDOWS\system32\clbcatq.dll 498688 bytes executable
scan completed successfully
hidden files: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-06-30 14:10:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 18:09:36
ComboFix2.txt 2008-06-25 16:30:03
ComboFix3.txt 2008-03-20 05:06:11
ComboFix4.txt 2008-03-07 05:38:10
ComboFix5.txt 2008-02-13 20:55:54
Pre-Run: 5,060,673,536 bytes free
Post-Run: 5,060,747,264 bytes free
387 --- E O F --- 2008-06-27 12:58:05