Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another "Blue Desktop with Warnings" Issue Please Help [RESO

Started by Rooster87 , Apr 23 2008 02:11 AM

  • This topic is locked This topic is locked

#1
Rooster87
Posted 23 April 2008 - 02:11 AM

Rooster87

    New Member

  • Member
  • Pip
  • 6 posts
I have disconnected the network cable. After doing all the scans suggested on this forum the little yellow triangle warnings at the bottom do not seem to be appearing anymore. Also the blue desktop background with the warnings did not come back after manualy changing my desktop background. I still get the message "Task Manager has been disabled by your administrator" when trying to open the task manager (ctr-alt-del). What can I do to ensure that my computer is clean? When will it be safe to plug it back in to the internet? should I still hold back on emails and web browsing?

Here are my Logs. I have Norton 360 install but obviously that didn't really help. BTW I am posting this from a different computer. I just grabbed the .txt files with a flash drive. Thanks a lot in advance. Seems like this is a very good site/forum!

Thanks again,
David


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:26 AM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\rundll32.exe
C:\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1207282779437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207289702703
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6646 bytes



Uninstall list

Adobe Flash Player ActiveX
Adobe Reader 8.1.2
AppCore
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Decoder
ATI Display Driver
ATI Multimedia Center 9.16
ATI Parental Control & Encoder
ATI Remote Wonder 3.04
AutoCAD Map R2
AV
AVIVO Codecs
Bonus
CC_ccProxyExt
ccCommon
ccPxyCore
CIB
C-Media 3D Audio
Creative Audio Console
DAO
DVD Shrink 3.2
DVDFab Decrypter 2.9.6.2
GearDrvs
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Combat Flight Simulator 2
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Nero OEM
Norton 360
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Add-on Pack (Symantec Corporation)
Norton AntiSpam
Norton AntiSpam
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
Norton Internet Security Bonus Pack
Panda ActiveScan 2.0
PowerDVD
QuickTime
SPBBC 32bit
SUPERAntiSpyware Free Edition
SuppSoft
Symantec Technical Support Controls
SymNet
TitanTV Client components for ATI
Update for Windows XP (KB898461)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 2
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)



ActiveScan

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-04-23 00:13:08
PROTECTIONS: 1
MALWARE: 9
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Norton 360 2007 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00041487 adware/webhancer Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0}
00048239 adware/adlogix Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FA6752A-C4A0-4222-88C2-928AE5AB4966}
00096188 spyware/searchcentrix Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E1075F4-EEC4-4a86-ADD7-CD5F52858C31}
00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5B2F29-1F46-4639-A6B4-828942301D3E}
00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{622CC208-B014-4FE0-801B-874A5E5E403A}
00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15651C7C-E812-44A2-A9AC-B467A2233E7D}
00135099 adware/powerstrip Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{965A592F-8EFA-4250-8630-7960230792F1}
00217430 adware/surfassistant Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dafd089-24b1-4c5e-bd42-8ca72550717b}
02913339 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{F46B8A32-2EF4-4DB6-8B8A-9FCF92FD4B2B}\RP59\A0013747.exe
02913340 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{F46B8A32-2EF4-4DB6-8B8A-9FCF92FD4B2B}\RP59\A0013743.exe
02928543 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{F46B8A32-2EF4-4DB6-8B8A-9FCF92FD4B2B}\RP59\A0013768.exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location U
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description U
;===============================================================================
================================================================================
=
===================
184380 MEDIUM MS08-002 U
184379 MEDIUM MS08-001 U
182048 HIGH MS07-069 U
182046 HIGH MS07-067 U
182043 HIGH MS07-064 U
179553 HIGH MS07-061 U
176382 HIGH MS07-057 U
176383 HIGH MS07-058 U
170911 HIGH MS07-050 U
170907 HIGH MS07-046 U
170906 HIGH MS07-045 U
170904 HIGH MS07-043 U
164915 HIGH MS07-035 U
164913 HIGH MS07-033 U
164911 HIGH MS07-031 U
160623 HIGH MS07-027 U
157262 HIGH MS07-022 U
157261 HIGH MS07-021 U
157260 HIGH MS07-020 U
157259 HIGH MS07-019 U
156477 HIGH MS07-017 U
150253 HIGH MS07-016 U
150249 HIGH MS07-013 U
150248 HIGH MS07-012 U
150247 HIGH MS07-011 U
150243 HIGH MS07-008 U
150242 HIGH MS07-007 U
150241 MEDIUM MS07-006 U
141034 HIGH MS06-076 U
141033 MEDIUM MS06-075 U
141030 HIGH MS06-072 U
137571 HIGH MS06-070 U
137568 HIGH MS06-067 U
133387 MEDIUM MS06-065 U
133386 MEDIUM MS06-064 U
133385 MEDIUM MS06-063 U
133379 HIGH MS06-057 U
131654 HIGH MS06-055 U
129977 MEDIUM MS06-053 U
129976 MEDIUM MS06-052 U
126093 HIGH MS06-051 U
126092 MEDIUM MS06-050 U
126087 HIGH MS06-046 U
126086 MEDIUM MS06-045 U
126083 HIGH MS06-042 U
126082 HIGH MS06-041 U
126081 HIGH MS06-040 U
123421 HIGH MS06-036 U
123420 HIGH MS06-035 U
120825 MEDIUM MS06-032 U
120823 MEDIUM MS06-030 U
120818 HIGH MS06-025 U
120815 HIGH MS06-022 U
120814 HIGH MS06-021 U
117384 MEDIUM MS06-018 U
114666 HIGH MS06-015 U
114664 HIGH MS06-013 U
108744 MEDIUM MS06-008 U
108743 MEDIUM MS06-007 U
108742 MEDIUM MS06-006 U
104567 HIGH MS06-002 U
104237 HIGH MS06-001 U
96574 HIGH MS05-053 U
93395 HIGH MS05-051 U
93394 HIGH MS05-050 U
93454 MEDIUM MS05-049 U
;===============================================================================
================================================================================
=
===================

SUPERAntiSpyware Scan Log
Generated 04/22/2008 at 10:41 PM

Application Version : 3.6.1000

Core Rules Database Version : 3445
Trace Rules Database Version: 1437

Scan type : Complete Scan
Total Scan Time : 01:30:51

Memory items scanned : 548
Memory threats detected : 0
Registry items scanned : 5400
Registry threats detected : 8
File items scanned : 73996
File threats detected : 1

Browser Hijacker.Internet Explorer Zone Hijack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com#*
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com#*
HKU\S-1-5-21-1078081533-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com
HKU\S-1-5-21-1078081533-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com#*
HKU\S-1-5-21-1078081533-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com
HKU\S-1-5-21-1078081533-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com#*

Adware.AdSponsor/ISM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F46B8A32-2EF4-4DB6-8B8A-9FCF92FD4B2B}\RP59\A0013745.EXE


Malwarebytes' Anti-Malware 1.11
Database version: 672

Scan type: Quick Scan
Objects scanned: 32246
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 2
Registry Keys Infected: 24
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 43

Memory Processes Infected:
c:\WINDOWS\winself.exe (Rootkit.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\wmsdkns.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\fccbXrOh.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\opnoopoL.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1db141bb-85c3-4f38-a2cd-7d76a6df6e80} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1db141bb-85c3-4f38-a2cd-7d76a6df6e80} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a8eeb996-62aa-4e48-995d-eaddcac47476} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8eeb996-62aa-4e48-995d-eaddcac47476} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnoopol (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a8eeb996-62aa-4e48-995d-eaddcac47476} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccbxroh -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccbxroh -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\wmsdkns.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\xcsDd01 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\winself.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbXrOh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hOrXbccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hOrXbccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnoopoL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wmsdkns.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000090.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\stcloader.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.

Edited by Rooster87, 23 April 2008 - 02:26 AM.

  • 0

Advertisements

#2
greyknight17
Posted 23 April 2008 - 08:51 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi David and welcome to GTG.

Right click on this link http://www.mvps.org/.../DelDomains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
Rooster87
Posted 23 April 2008 - 11:36 AM

Rooster87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
good morning greyknight17. i followed your instructions and it seems like my task manager is working now. here are my logs




ComboFix 08-04-22.5 - Gallo 2008-04-23 10:20:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1066 [GMT -7:00]
Running from: C:\Documents and Settings\Gallo\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\default.htm
C:\WINDOWS\system32\fccbXrOh.dll
C:\WINDOWS\system32\hOrXbccf.ini
C:\WINDOWS\system32\opnoopoL.dll

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-22 23:02 . 2008-04-22 23:02 <DIR> d-------- C:\Program Files\Panda Security
2008-04-22 21:04 . 2008-04-22 22:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-22 21:04 . 2008-04-22 21:04 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\SUPERAntiSpyware.com
2008-04-22 21:04 . 2008-04-22 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-22 21:03 . 2008-04-22 21:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 20:53 . 2008-04-22 20:53 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\Malwarebytes
2008-04-22 20:52 . 2008-04-22 20:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 20:52 . 2008-04-22 20:52 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-22 20:52 . 2008-04-22 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 15:49 . 2008-04-19 16:50 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-19 15:48 . 2008-04-19 15:48 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-19 15:43 . 2008-04-19 15:48 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-19 15:43 . 2008-04-23 10:20 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.dat.LOG
2008-04-19 12:25 . 2008-04-19 12:25 398 --a------ C:\WINDOWS\system32\L99EB.tmp
2008-04-19 12:25 . 2008-04-19 12:25 398 --a------ C:\WINDOWS\system32\L96CF.tmp
2008-04-19 12:25 . 2008-04-19 12:25 398 --a------ C:\WINDOWS\system32\L9577.tmp
2008-04-19 12:25 . 2008-04-19 12:25 398 --a------ C:\WINDOWS\system32\L92E7.tmp
2008-04-19 12:25 . 2008-04-22 20:57 138 -r-hs---- C:\WINDOWS\mainms.vpi
2008-04-19 12:25 . 2008-04-22 20:57 33 -r-hs---- C:\WINDOWS\muotr.so
2008-04-19 12:25 . 2008-04-22 20:45 4 --------- C:\WINDOWS\megavid.cdt
2008-04-19 12:22 . 2008-04-19 12:22 <DIR> d-------- C:\Temp\berDrv11
2008-04-19 12:22 . 2008-04-19 12:22 <DIR> d-------- C:\Temp
2008-04-16 15:03 . 2008-04-16 15:03 <DIR> d-------- C:\Program Files\CyberLink
2008-04-16 15:03 . 2008-04-16 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-15 18:12 . 2008-04-23 10:22 3,162,278 --------- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.BAK
2008-04-15 18:12 . 2008-04-23 10:23 31,064 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-15 18:12 . 2008-04-23 10:23 31,064 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-15 18:12 . 2008-04-23 10:23 28,248 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-15 18:12 . 2008-04-23 10:23 28,248 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-15 18:12 . 2008-04-23 10:23 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-15 18:12 . 2008-04-23 10:23 1,076 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-04-15 18:12 . 2008-04-23 10:23 1,076 --a------ C:\WINDOWS\system32\settings.sfm
2008-04-15 18:11 . 2008-04-15 18:13 <DIR> d-------- C:\WINDOWS\system32\Defaults
2008-04-15 18:11 . 2000-12-05 09:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2
2008-04-15 18:11 . 2008-04-23 10:22 3,162,278 --a------ C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.CDF
2008-04-15 18:10 . 2008-04-15 18:11 <DIR> d-------- C:\Program Files\Creative
2008-04-15 18:10 . 2006-08-11 15:14 86,446 --a------ C:\WINDOWS\system32\instwdm.ini
2008-04-15 18:10 . 2006-08-11 14:56 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2008-04-15 18:10 . 2006-08-11 14:32 191 --a------ C:\WINDOWS\system32\ctzapxx.ini
2008-04-14 16:07 . 2008-04-23 10:18 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\U3
2008-04-14 14:36 . 2008-04-14 14:36 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-14 14:36 . 2008-04-14 14:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2008-04-14 14:35 . 2008-04-14 14:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-14 14:35 . 2008-04-14 14:37 <DIR> d-------- C:\Program Files\Zune
2008-04-14 14:35 . 2008-01-11 17:39 145,408 --a------ C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-14 14:35 . 2008-01-11 17:39 70,656 --a------ C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-14 14:35 . 2008-01-11 17:39 62,464 --a------ C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-14 14:35 . 2008-01-11 17:39 35,840 --a------ C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-12 13:25 . 2008-04-15 17:22 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\W Photo Studio Viewer
2008-04-11 16:56 . 2008-04-11 17:12 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\ATI MMC
2008-04-11 16:49 . 2003-12-15 14:28 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2008-04-11 16:49 . 2003-07-24 13:18 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2008-04-11 16:26 . 2008-04-11 16:26 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-04-11 16:24 . 2008-04-11 16:24 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-04-11 16:24 . 2008-04-11 16:49 <DIR> d-------- C:\Program Files\Common Files\ATI
2008-04-11 16:19 . 2008-04-11 16:19 <DIR> d-------- C:\Program Files\TitanTV
2008-04-11 16:19 . 2008-04-11 16:19 <DIR> d-------- C:\Program Files\msaccrt
2008-04-11 16:08 . 2008-04-11 16:08 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\Ahead
2008-04-09 19:38 . 2008-04-09 19:38 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\ATI
2008-04-09 19:38 . 2008-04-09 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-09 02:24 . 2006-10-04 07:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-09 02:24 . 2006-10-04 07:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-09 02:24 . 2006-10-04 07:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-09 02:23 . 2008-04-09 02:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-09 02:21 . 2008-04-09 02:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-09 02:21 . 2008-04-15 00:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-09 02:03 . 2008-04-09 02:04 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-09 02:03 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-08 22:19 . 2008-04-08 22:19 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-07 11:27 . 2008-04-07 11:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\DVDFabDecrypter_Temp
2008-04-05 15:03 . 2008-04-15 22:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 15:03 . 2008-04-05 15:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-05 14:59 . 2008-04-05 15:01 <DIR> d-------- C:\Program Files\QuickTime
2008-04-05 13:23 . 2008-04-06 15:07 <DIR> d-------- C:\Program Files\DVDFab Decrypter
2008-04-05 13:20 . 2008-04-05 13:20 <DIR> d-------- C:\Program Files\DVD Shrink
2008-04-05 13:20 . 2008-04-15 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-05 13:17 . 2008-04-05 13:17 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-05 13:17 . 2008-04-05 13:17 <DIR> d-------- C:\Program Files\Ahead
2008-04-05 13:17 . 2001-07-06 06:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2008-04-05 13:17 . 2001-07-06 04:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2008-04-05 13:17 . 2001-07-06 10:24 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-05 13:17 . 2001-07-09 03:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-05 13:17 . 2001-06-26 00:15 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2008-04-05 13:08 . 2008-04-05 13:08 29,976 --a------ C:\20040318095344796_SM710T.zip
2008-04-05 12:55 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-05 12:55 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-05 12:55 . 2004-08-04 01:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-05 12:55 . 2004-08-04 01:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-05 00:17 . 2008-04-16 21:22 <DIR> d-------- C:\Work_Projects
2008-04-05 00:07 . 1997-05-05 20:26 721,168 --a------ C:\WINDOWS\system32\VB40032.DLL
2008-04-05 00:07 . 1997-05-05 20:15 267,264 --a------ C:\WINDOWS\system32\ACADFICN.DLL
2008-04-05 00:07 . 1997-05-30 08:12 260,368 --a------ C:\WINDOWS\system32\MSXB3032.DLL
2008-04-05 00:07 . 1997-05-30 08:12 244,496 --a------ C:\WINDOWS\system32\VBAR2232.DLL
2008-04-05 00:07 . 1997-05-30 08:12 226,576 --a------ C:\WINDOWS\system32\MSPX3032.DLL
2008-04-05 00:07 . 1997-05-05 20:26 92,672 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-04-05 00:07 . 1997-05-05 20:24 81,920 --a------ C:\WINDOWS\system32\GDIFONT3.HDI
2008-04-05 00:07 . 1997-05-05 20:24 42,496 --a------ C:\WINDOWS\system32\MTSTACK.EXE
2008-04-05 00:07 . 1997-05-05 20:24 14,848 --a------ C:\WINDOWS\system32\ADI3.HDI
2008-04-05 00:07 . 1997-05-05 20:15 7,680 --a------ C:\WINDOWS\system32\ADRESC.DLL
2008-04-04 23:14 . 1997-05-05 20:24 447,488 --a------ C:\WINDOWS\system32\HEIDI3.DLL
2008-04-04 22:58 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-04 17:18 . 2008-04-04 17:18 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-04-04 17:05 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-04 17:05 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-04 14:13 . 1997-05-30 08:12 965,904 --a------ C:\WINDOWS\system32\MSJT3032.DLL
2008-04-04 14:13 . 1997-05-30 08:12 245,520 --a------ C:\WINDOWS\system32\MSRD2X32.DLL
2008-04-04 14:13 . 1997-05-30 08:12 200,976 --a------ C:\WINDOWS\system32\MSXL3032.DLL
2008-04-04 14:13 . 1997-05-30 08:12 113,936 --a------ C:\WINDOWS\system32\MSTX3032.DLL
2008-04-04 14:13 . 1997-05-30 08:12 98,356 --a------ C:\WINDOWS\system32\MSJTER32.DLL
2008-04-04 14:13 . 1997-05-05 20:15 76,800 --a------ C:\WINDOWS\system32\REGACAD.DLL
2008-04-04 14:13 . 1997-05-05 20:24 41,984 --a------ C:\WINDOWS\system32\ADIMON.DLL
2008-04-04 14:13 . 1997-05-30 08:12 33,552 --a------ C:\WINDOWS\system32\MSJINT32.DLL
2008-04-04 14:13 . 2008-04-04 14:13 0 --a------ C:\WINDOWS\MTSTACK.INI
2008-04-04 14:12 . 2008-04-04 14:12 <DIR> d-------- C:\Program Files\Autodesk
2008-04-04 14:10 . 2008-04-04 14:10 <DIR> d-------- C:\Documents and Settings\Gallo\WINDOWS
2008-04-04 14:10 . 1997-05-06 18:53 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-04 13:48 . 2008-04-04 13:48 <DIR> d-------- C:\Program_Updates
2008-04-04 12:37 . 2008-04-04 12:37 <DIR> d-------- C:\Acad
2008-04-04 01:42 . 2008-04-04 23:16 <DIR> d-------- C:\David_Back_Up
2008-04-04 00:30 . 2001-08-17 23:36 171,008 --a------ C:\WINDOWS\system32\LXADSUI.DLL
2008-04-04 00:30 . 2001-07-21 19:52 25,645 --a------ C:\WINDOWS\system32\CNBJHLP.HLP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 04:35 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-04 04:35 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-04 01:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-04 01:24 558,142 ----a-w C:\WINDOWS\java\Packages\SINBFFHF.ZIP
2008-04-04 01:24 155,995 ----a-w C:\WINDOWS\java\Packages\0EE2VVXF.ZIP
2008-03-06 00:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-06 00:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-06 00:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 23:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 23:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-05 23:50 80,896 ----a-w C:\WINDOWS\system32\dxdllreg.exe
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ------w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ------w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ------w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ------w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:54 105,088 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-02-06 07:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [2006-10-31 21:27 102400]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2006-10-31 21:24 57344]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-04-05 22:03 1622016]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 18:54 116072]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 03:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-05 14:59 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 17:54 166304]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 17:54]
S3 SaiH0006;SaiH0006;C:\WINDOWS\system32\DRIVERS\SaiH0006.sys [2004-07-26 12:54]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 10:25:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
.
**************************************************************************
.
Completion time: 2008-04-23 10:28:21 - machine was rebooted [Gallo]
ComboFix-quarantined-files.txt 2008-04-23 17:28:19

Pre-Run: 75,328,372,736 bytes free
Post-Run: 75,304,660,992 bytes free

253 --- E O F --- 2008-04-04 04:23:37







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:31 AM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1207282779437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207289702703
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6205 bytes
  • 0

#4
greyknight17
Posted 23 April 2008 - 12:23 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

DirLook::
C:\WINDOWS\system32\Defaults
File::
C:\WINDOWS\system32\L99EB.tmp
C:\WINDOWS\system32\L96CF.tmp
C:\WINDOWS\system32\L9577.tmp
C:\WINDOWS\system32\L92E7.tmp
C:\WINDOWS\mainms.vpi
C:\WINDOWS\muotr.so
C:\WINDOWS\megavid.cdt
C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.BAK
C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\BMXState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\settingsbkup.sfm
C:\WINDOWS\system32\settings.sfm
C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.CDF
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\MTSTACK.INI
Folder::
C:\Temp\berDrv11

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

#5
Rooster87
Posted 23 April 2008 - 01:03 PM

Rooster87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
The comptuter seems to be running fine though I still have not connected it back to the internet. however, i am no longer getting any attemps from the computer to connect to the internet like i used to. should i be able to connected again and run all my windows and norton updates? Also is there an option for protection better than my norton 360? i was unsatisfied with the product after this occured. A friend of mine told me of a program called "Avast". Do you have any suggestions regarding that? here are my new logs. what is a recovery console that i apparently do not have? Thank you very much for your time and effort. I will definately recomend this forum to others.

David



ComboFix 08-04-22.5 - Gallo 2008-04-23 11:43:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.997 [GMT -7:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.BAK
C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.CDF
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\MTSTACK.INI
C:\WINDOWS\muotr.so
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\BMXState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\L92E7.tmp
C:\WINDOWS\system32\L9577.tmp
C:\WINDOWS\system32\L96CF.tmp
C:\WINDOWS\system32\L99EB.tmp
C:\WINDOWS\system32\settings.sfm
C:\WINDOWS\system32\settingsbkup.sfm
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\berDrv11
C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.BAK
C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.CDF
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\MTSTACK.INI
C:\WINDOWS\muotr.so
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\BMXState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
C:\WINDOWS\system32\L92E7.tmp
C:\WINDOWS\system32\L9577.tmp
C:\WINDOWS\system32\L96CF.tmp
C:\WINDOWS\system32\L99EB.tmp
C:\WINDOWS\system32\settings.sfm
C:\WINDOWS\system32\settingsbkup.sfm

.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-23 11:49 . 2008-04-23 11:45 3,162,278 --a------ C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.CDF
2008-04-23 11:41 . 2008-04-23 10:16 1,774,233 --a------ C:\ComboFix.exe
2008-04-22 23:02 . 2008-04-22 23:02 <DIR> d-------- C:\Program Files\Panda Security
2008-04-22 21:04 . 2008-04-22 22:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-22 21:04 . 2008-04-22 21:04 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\SUPERAntiSpyware.com
2008-04-22 21:04 . 2008-04-22 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-22 21:03 . 2008-04-22 21:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 20:53 . 2008-04-22 20:53 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\Malwarebytes
2008-04-22 20:52 . 2008-04-22 20:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 20:52 . 2008-04-22 20:52 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-22 20:52 . 2008-04-22 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 15:49 . 2008-04-19 16:50 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-19 15:48 . 2008-04-19 15:48 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-19 15:43 . 2008-04-19 15:48 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-19 15:43 . 2008-04-23 10:20 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.dat.LOG
2008-04-19 12:22 . 2008-04-23 11:43 <DIR> d-------- C:\Temp
2008-04-16 15:03 . 2008-04-16 15:03 <DIR> d-------- C:\Program Files\CyberLink
2008-04-16 15:03 . 2008-04-16 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-15 18:11 . 2008-04-15 18:13 <DIR> d-------- C:\WINDOWS\system32\Defaults
2008-04-15 18:11 . 2000-12-05 09:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2
2008-04-15 18:10 . 2008-04-15 18:11 <DIR> d-------- C:\Program Files\Creative
2008-04-15 18:10 . 2006-08-11 15:14 86,446 --a------ C:\WINDOWS\system32\instwdm.ini
2008-04-15 18:10 . 2006-08-11 14:56 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2008-04-15 18:10 . 2006-08-11 14:32 191 --a------ C:\WINDOWS\system32\ctzapxx.ini
2008-04-14 16:07 . 2008-04-23 10:33 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\U3
2008-04-14 14:36 . 2008-04-14 14:36 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-14 14:36 . 2008-04-14 14:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2008-04-14 14:35 . 2008-04-14 14:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-14 14:35 . 2008-04-14 14:37 <DIR> d-------- C:\Program Files\Zune
2008-04-14 14:35 . 2008-01-11 17:39 145,408 --a------ C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-14 14:35 . 2008-01-11 17:39 70,656 --a------ C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-14 14:35 . 2008-01-11 17:39 62,464 --a------ C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-14 14:35 . 2008-01-11 17:39 35,840 --a------ C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-12 13:25 . 2008-04-15 17:22 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\W Photo Studio Viewer
2008-04-11 16:56 . 2008-04-11 17:12 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\ATI MMC
2008-04-11 16:49 . 2003-12-15 14:28 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2008-04-11 16:49 . 2003-07-24 13:18 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2008-04-11 16:26 . 2008-04-11 16:26 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-04-11 16:24 . 2008-04-11 16:24 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-04-11 16:24 . 2008-04-11 16:49 <DIR> d-------- C:\Program Files\Common Files\ATI
2008-04-11 16:19 . 2008-04-11 16:19 <DIR> d-------- C:\Program Files\TitanTV
2008-04-11 16:19 . 2008-04-11 16:19 <DIR> d-------- C:\Program Files\msaccrt
2008-04-11 16:08 . 2008-04-11 16:08 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\Ahead
2008-04-09 19:38 . 2008-04-09 19:38 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\ATI
2008-04-09 19:38 . 2008-04-09 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-09 02:24 . 2006-10-04 07:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-09 02:24 . 2006-10-04 07:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-09 02:24 . 2006-10-04 07:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-09 02:23 . 2008-04-09 02:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-09 02:21 . 2008-04-09 02:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-09 02:21 . 2008-04-15 00:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-09 02:03 . 2008-04-09 02:04 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-09 02:03 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-08 22:19 . 2008-04-08 22:19 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-07 11:27 . 2008-04-07 11:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\DVDFabDecrypter_Temp
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-05 14:59 . 2008-04-05 15:01 <DIR> d-------- C:\Program Files\QuickTime
2008-04-05 13:23 . 2008-04-06 15:07 <DIR> d-------- C:\Program Files\DVDFab Decrypter
2008-04-05 13:20 . 2008-04-05 13:20 <DIR> d-------- C:\Program Files\DVD Shrink
2008-04-05 13:20 . 2008-04-15 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-05 13:17 . 2008-04-05 13:17 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-05 13:17 . 2008-04-05 13:17 <DIR> d-------- C:\Program Files\Ahead
2008-04-05 13:17 . 2001-07-06 06:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2008-04-05 13:17 . 2001-07-06 04:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2008-04-05 13:17 . 2001-07-06 10:24 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-05 13:17 . 2001-07-09 03:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-05 13:17 . 2001-06-26 00:15 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2008-04-05 13:08 . 2008-04-05 13:08 29,976 --a------ C:\20040318095344796_SM710T.zip
2008-04-05 12:55 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-05 12:55 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-05 12:55 . 2004-08-04 01:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-05 12:55 . 2004-08-04 01:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-05 00:17 . 2008-04-16 21:22 <DIR> d-------- C:\Work_Projects
2008-04-05 00:07 . 1997-05-05 20:26 721,168 --a------ C:\WINDOWS\system32\VB40032.DLL
2008-04-05 00:07 . 1997-05-05 20:15 267,264 --a------ C:\WINDOWS\system32\ACADFICN.DLL
2008-04-05 00:07 . 1997-05-30 08:12 260,368 --a------ C:\WINDOWS\system32\MSXB3032.DLL
2008-04-05 00:07 . 1997-05-30 08:12 244,496 --a------ C:\WINDOWS\system32\VBAR2232.DLL
2008-04-05 00:07 . 1997-05-30 08:12 226,576 --a------ C:\WINDOWS\system32\MSPX3032.DLL
2008-04-05 00:07 . 1997-05-05 20:26 92,672 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-04-05 00:07 . 1997-05-05 20:24 81,920 --a------ C:\WINDOWS\system32\GDIFONT3.HDI
2008-04-05 00:07 . 1997-05-05 20:24 42,496 --a------ C:\WINDOWS\system32\MTSTACK.EXE
2008-04-05 00:07 . 1997-05-05 20:24 14,848 --a------ C:\WINDOWS\system32\ADI3.HDI
2008-04-05 00:07 . 1997-05-05 20:15 7,680 --a------ C:\WINDOWS\system32\ADRESC.DLL
2008-04-04 23:14 . 1997-05-05 20:24 447,488 --a------ C:\WINDOWS\system32\HEIDI3.DLL
2008-04-04 22:58 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-04 17:18 . 2008-04-04 17:18 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-04-04 17:05 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-04 17:05 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-04 14:13 . 1997-05-30 08:12 965,904 --a------ C:\WINDOWS\system32\MSJT3032.DLL
2008-04-04 14:13 . 1997-05-30 08:12 245,520 --a------ C:\WINDOWS\system32\MSRD2X32.DLL
2008-04-04 14:13 . 1997-05-30 08:12 200,976 --a------ C:\WINDOWS\system32\MSXL3032.DLL
2008-04-04 14:13 . 1997-05-30 08:12 113,936 --a------ C:\WINDOWS\system32\MSTX3032.DLL
2008-04-04 14:13 . 1997-05-30 08:12 98,356 --a------ C:\WINDOWS\system32\MSJTER32.DLL
2008-04-04 14:13 . 1997-05-05 20:15 76,800 --a------ C:\WINDOWS\system32\REGACAD.DLL
2008-04-04 14:13 . 1997-05-05 20:24 41,984 --a------ C:\WINDOWS\system32\ADIMON.DLL
2008-04-04 14:13 . 1997-05-30 08:12 33,552 --a------ C:\WINDOWS\system32\MSJINT32.DLL
2008-04-04 14:12 . 2008-04-04 14:12 <DIR> d-------- C:\Program Files\Autodesk
2008-04-04 14:10 . 2008-04-04 14:10 <DIR> d-------- C:\Documents and Settings\Gallo\WINDOWS
2008-04-04 14:10 . 1997-05-06 18:53 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-04 13:48 . 2008-04-04 13:48 <DIR> d-------- C:\Program_Updates
2008-04-04 12:37 . 2008-04-04 12:37 <DIR> d-------- C:\Acad
2008-04-04 01:42 . 2008-04-04 23:16 <DIR> d-------- C:\David_Back_Up
2008-04-04 00:30 . 2001-08-17 23:36 171,008 --a------ C:\WINDOWS\system32\LXADSUI.DLL
2008-04-04 00:30 . 2001-07-21 19:52 25,645 --a------ C:\WINDOWS\system32\CNBJHLP.HLP
2008-04-04 00:30 . 2001-07-21 19:52 787 --a------ C:\WINDOWS\system32\CNBJHLP.CNT
2008-04-04 00:10 . 2008-04-04 00:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-04 00:08 . 2004-08-04 01:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-04-04 00:08 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\002301_.tmp
2008-04-04 00:06 . 2008-04-04 00:06 <DIR> d-------- C:\WINDOWS\EHome
2008-04-03 23:32 . 2008-04-03 23:32 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\Symantec
2008-04-03 22:35 . 2001-03-08 10:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-04-03 22:33 . 2008-04-03 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-03 22:24 . 2008-04-16 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-04-03 22:22 . 2008-04-11 16:33 <DIR> d-------- C:\Program Files\ATI Multimedia
2008-04-03 22:08 . 2008-04-03 22:08 0 --a------ C:\WINDOWS\ATIMMC.INI
2008-04-03 22:02 . 2008-04-03 22:02 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-03 21:50 . 2008-04-03 21:50 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-03 21:46 . 2004-08-04 01:56 294,912 --a------ C:\WINDOWS\system32\msh263.drv
2008-04-03 21:44 . 2008-04-11 16:23 <DIR> d-------- C:\ATI
2008-04-03 21:36 . 2008-04-15 18:13 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.dat.LOG
2008-04-03 21:35 . 2008-04-15 18:10 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\Creative
2008-04-03 21:34 . 2008-04-03 21:34 <DIR> d-------- C:\WINDOWS\system32\data

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 04:35 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-04 04:35 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-04 01:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-04 01:24 558,142 ----a-w C:\WINDOWS\java\Packages\SINBFFHF.ZIP
2008-04-04 01:24 155,995 ----a-w C:\WINDOWS\java\Packages\0EE2VVXF.ZIP
2008-03-06 00:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-06 00:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-06 00:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 23:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 23:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-05 23:50 80,896 ----a-w C:\WINDOWS\system32\dxdllreg.exe
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ------w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ------w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ------w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ------w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:54 105,088 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-02-06 07:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\Defaults ----

2008-04-15 18:20 6705 --a------ C:\WINDOWS\system32\Defaults\MX0004_00511102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2008-04-15 18:20 1131 --a------ C:\WINDOWS\system32\Defaults\EA0004_00511102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2008-04-15 18:13 7478 --a------ C:\WINDOWS\system32\Defaults\MX0004_00511102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2008-04-15 18:13 6705 --a------ C:\WINDOWS\system32\Defaults\MX0004_00511102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2008-04-15 18:13 6705 --a------ C:\WINDOWS\system32\Defaults\MX0004_00511102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2008-04-15 18:13 1131 --a------ C:\WINDOWS\system32\Defaults\MX0004_00511102{48FCFB81-480E-11D7-9C86-00D0B78E3BD7}.rdf
2008-04-15 18:13 1131 --a------ C:\WINDOWS\system32\Defaults\MX0004_00511102{1B2D3721-11D6-5795-D000-869CD73B8EB7}.rdf
2005-04-29 10:22 13977 --------- C:\WINDOWS\system32\Defaults\MX0008_20211102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2005-04-29 10:21 7192 --------- C:\WINDOWS\system32\Defaults\MX0008_20211102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2005-04-29 10:21 7192 --------- C:\WINDOWS\system32\Defaults\MX0008_20211102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2005-04-29 10:20 7192 --------- C:\WINDOWS\system32\Defaults\MX0008_20211102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2005-04-29 10:19 14243 --------- C:\WINDOWS\system32\Defaults\MX0008_20211102{48FCFB81-480E-11d7-9C86-00D0B78E3BD7}.rdf
2005-04-29 10:19 14243 --------- C:\WINDOWS\system32\Defaults\MX0008_20211102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2005-04-04 10:10 13905 --------- C:\WINDOWS\system32\Defaults\MX0008_10211102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2005-04-04 10:09 7120 --------- C:\WINDOWS\system32\Defaults\MX0008_10211102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2005-04-04 10:09 14171 --------- C:\WINDOWS\system32\Defaults\MX0008_10211102{48FCFB81-480E-11d7-9C86-00D0B78E3BD7}.rdf
2005-04-04 10:08 7120 --------- C:\WINDOWS\system32\Defaults\MX0008_10211102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2005-04-04 10:07 7120 --------- C:\WINDOWS\system32\Defaults\MX0008_10211102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2005-04-04 10:06 14171 --------- C:\WINDOWS\system32\Defaults\MX0008_10211102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2005-01-06 18:07 14319 --------- C:\WINDOWS\system32\Defaults\MX0008_20011102{48FCFB81-480E-11d7-9C86-00D0B78E3BD7}.rdf
2005-01-06 18:07 14319 --------- C:\WINDOWS\system32\Defaults\MX0008_20011102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2005-01-06 18:06 7268 --------- C:\WINDOWS\system32\Defaults\MX0008_20011102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2005-01-06 18:06 7268 --------- C:\WINDOWS\system32\Defaults\MX0008_20011102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2005-01-06 18:06 7268 --------- C:\WINDOWS\system32\Defaults\MX0008_20011102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2005-01-06 18:06 14053 --------- C:\WINDOWS\system32\Defaults\MX0008_20011102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2003-06-16 19:33 7478 --------- C:\WINDOWS\system32\Defaults\MX0004_00531102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2003-06-16 19:33 7478 --------- C:\WINDOWS\system32\Defaults\MX0004_00521102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2003-06-16 19:33 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_00531102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2003-06-16 19:33 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_00531102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2003-06-16 19:33 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_00531102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2003-06-16 19:33 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_00521102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2003-06-16 19:33 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_00521102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2003-06-16 19:33 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_00521102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2003-04-29 13:59 14508 --------- C:\WINDOWS\system32\Defaults\MX0004_20071102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2003-04-29 13:59 14508 --------- C:\WINDOWS\system32\Defaults\MX0004_20031102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2003-04-29 13:59 14508 --------- C:\WINDOWS\system32\Defaults\MX0004_20021102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2003-04-29 13:59 14508 --------- C:\WINDOWS\system32\Defaults\MX0004_20011102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2003-04-29 13:56 14866 --------- C:\WINDOWS\system32\Defaults\MX0004_20071102{48FCFB81-480E-11d7-9C86-00D0B78E3BD7}.rdf
2003-04-29 13:56 14866 --------- C:\WINDOWS\system32\Defaults\MX0004_20031102{48FCFB81-480E-11d7-9C86-00D0B78E3BD7}.rdf
2003-04-29 13:56 14866 --------- C:\WINDOWS\system32\Defaults\MX0004_20021102{48FCFB81-480E-11d7-9C86-00D0B78E3BD7}.rdf
2003-04-29 13:56 14866 --------- C:\WINDOWS\system32\Defaults\MX0004_20011102{48FCFB81-480E-11d7-9C86-00D0B78E3BD7}.rdf
2003-04-29 13:53 14774 --------- C:\WINDOWS\system32\Defaults\MX0004_20071102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2003-04-29 13:53 14774 --------- C:\WINDOWS\system32\Defaults\MX0004_20031102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2003-04-29 13:53 14774 --------- C:\WINDOWS\system32\Defaults\MX0004_20021102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2003-04-29 13:53 14774 --------- C:\WINDOWS\system32\Defaults\MX0004_20011102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2003-04-29 13:49 7120 --------- C:\WINDOWS\system32\Defaults\MX0004_20071102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2003-04-29 13:49 7120 --------- C:\WINDOWS\system32\Defaults\MX0004_20031102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2003-04-29 13:49 7120 --------- C:\WINDOWS\system32\Defaults\MX0004_20021102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2003-04-29 13:49 7120 --------- C:\WINDOWS\system32\Defaults\MX0004_20011102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2003-04-29 13:46 7120 --------- C:\WINDOWS\system32\Defaults\MX0004_20071102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2003-04-29 13:46 7120 --------- C:\WINDOWS\system32\Defaults\MX0004_20031102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2003-04-29 13:46 7120 --------- C:\WINDOWS\system32\Defaults\MX0004_20021102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2003-04-29 13:46 7120 --------- C:\WINDOWS\system32\Defaults\MX0004_20011102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2003-04-29 13:40 7120 --------- C:\WINDOWS\system32\Defaults\MX0004_20071102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2003-04-29 13:40 7120 --------- C:\WINDOWS\system32\Defaults\MX0004_20031102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2003-04-29 13:40 7120 --------- C:\WINDOWS\system32\Defaults\MX0004_20021102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2003-04-29 13:40 7120 --------- C:\WINDOWS\system32\Defaults\MX0004_20011102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2003-01-23 15:22 6778 --------- C:\WINDOWS\system32\Defaults\MX0004_10031102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2003-01-23 15:21 9366 --------- C:\WINDOWS\system32\Defaults\MX0004_10031102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2003-01-23 15:21 9366 --------- C:\WINDOWS\system32\Defaults\MX0004_10031102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2002-10-29 14:22 9291 --------- C:\WINDOWS\system32\Defaults\MX0004_005B1102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-10-29 14:22 9291 --------- C:\WINDOWS\system32\Defaults\MX0004_00571102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-10-29 14:22 9291 --------- C:\WINDOWS\system32\Defaults\MX0004_00541102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-10-29 14:22 7476 --------- C:\WINDOWS\system32\Defaults\MX0004_00581102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-10-29 14:22 6703 --------- C:\WINDOWS\system32\Defaults\MX0004_005B1102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-10-29 14:22 6703 --------- C:\WINDOWS\system32\Defaults\MX0004_005B1102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-10-29 14:22 6703 --------- C:\WINDOWS\system32\Defaults\MX0004_005B1102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-10-29 14:22 6703 --------- C:\WINDOWS\system32\Defaults\MX0004_00581102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-10-29 14:22 6703 --------- C:\WINDOWS\system32\Defaults\MX0004_00581102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-10-29 14:22 6703 --------- C:\WINDOWS\system32\Defaults\MX0004_00581102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-10-29 14:22 6703 --------- C:\WINDOWS\system32\Defaults\MX0004_00571102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-10-29 14:22 6703 --------- C:\WINDOWS\system32\Defaults\MX0004_00571102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-10-29 14:22 6703 --------- C:\WINDOWS\system32\Defaults\MX0004_00571102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-10-29 14:22 6703 --------- C:\WINDOWS\system32\Defaults\MX0004_00541102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-10-29 14:22 6703 --------- C:\WINDOWS\system32\Defaults\MX0004_00541102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-10-29 14:22 6703 --------- C:\WINDOWS\system32\Defaults\MX0004_00541102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-10-29 14:22 6349 --------- C:\WINDOWS\system32\Defaults\MX0002_806B1102{4F20B661-11D2-4187-8000-62829C2C8548}.rdf
2002-10-29 14:22 6349 --------- C:\WINDOWS\system32\Defaults\MX0002_80691102{4F20B661-11D2-4187-8000-62829C2C8548}.rdf
2002-10-29 14:01 8294 --------- C:\WINDOWS\system32\Defaults\MX0002_806B1102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-10-29 14:01 8294 --------- C:\WINDOWS\system32\Defaults\MX0002_80691102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-10-29 14:01 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_806B1102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-10-29 14:01 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_806B1102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-10-29 14:01 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_806B1102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-10-29 14:01 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_80691102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-10-29 14:01 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_80691102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-10-29 14:01 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_80691102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-10-24 15:20 1839 --------- C:\WINDOWS\system32\Defaults\Mx0004_10061102{59639116-11d1-d955-a000-9d9d737f8ec9}.rdf
2002-10-24 15:19 1839 --------- C:\WINDOWS\system32\Defaults\Mx0004_10061102{b591ec40-11d1-dbc3-a000-9d9d737f8ec9}.rdf
2002-10-24 15:19 1839 --------- C:\WINDOWS\system32\Defaults\Mx0004_10061102{9d74d2a0-11d1-dae5-a000-9d9d737f8ec9}.rdf
2002-10-24 15:19 1839 --------- C:\WINDOWS\system32\Defaults\Mx0004_10061102{8c0f8b81-11d1-de1a-4544-24b700005453}.rdf
2002-09-13 11:50 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10031102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-09-13 11:50 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10031102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 9293 --------- C:\WINDOWS\system32\Defaults\MX0004_10081102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 9293 --------- C:\WINDOWS\system32\Defaults\MX0004_10081102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2002-09-10 09:45 9293 --------- C:\WINDOWS\system32\Defaults\MX0004_10071102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 9293 --------- C:\WINDOWS\system32\Defaults\MX0004_10071102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2002-09-10 09:45 9293 --------- C:\WINDOWS\system32\Defaults\MX0004_10051102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 9293 --------- C:\WINDOWS\system32\Defaults\MX0004_10051102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2002-09-10 09:45 9293 --------- C:\WINDOWS\system32\Defaults\MX0004_10041102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 9293 --------- C:\WINDOWS\system32\Defaults\MX0004_10041102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2002-09-10 09:45 9293 --------- C:\WINDOWS\system32\Defaults\MX0004_10021102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 9293 --------- C:\WINDOWS\system32\Defaults\MX0004_10021102{1B2D3721-11d6-5795-D000-869CD73B8EB7}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10081102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10081102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10081102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10071102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10071102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10071102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10051102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10051102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10051102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10041102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10041102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10041102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10021102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10021102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-09-10 09:45 6705 --------- C:\WINDOWS\system32\Defaults\MX0004_10021102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-02-07 17:04 7459 --------- C:\WINDOWS\system32\Defaults\MX0002_80641102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-02-07 17:04 7459 --------- C:\WINDOWS\system32\Defaults\MX0002_80621102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-02-07 17:04 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_80641102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-02-07 17:04 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_80641102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-02-07 17:04 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_80641102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-02-07 17:04 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_80621102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-02-07 17:04 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_80621102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-02-07 17:04 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_80621102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-02-07 17:04 6349 --------- C:\WINDOWS\system32\Defaults\MX0002_80641102{4F20B661-11D2-4187-8000-62829C2C8548}.rdf
2002-02-07 17:04 6349 --------- C:\WINDOWS\system32\Defaults\MX0002_80621102{4F20B661-11D2-4187-8000-62829C2C8548}.rdf
2002-02-07 17:03 7459 --------- C:\WINDOWS\system32\Defaults\MX0002_806A1102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf
2002-02-07 17:03 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_806A1102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2002-02-07 17:03 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_806A1102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2002-02-07 17:03 6915 --------- C:\WINDOWS\system32\Defaults\MX0002_806A1102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2002-02-07 17:03 6349 --------- C:\WINDOWS\system32\Defaults\MX0002_806A1102{4F20B661-11D2-4187-8000-62829C2C8548}.rdf
2001-04-16 18:09 6362 --------- C:\WINDOWS\system32\Defaults\MX0004_00421102{8C0F8B81-11D1-DE1A-4544-24B700005453}.rdf
2001-04-16 18:08 6362 --------- C:\WINDOWS\system32\Defaults\MX0004_00421102{9D74D2A0-11D1-DAE5-A000-9D9D737F8EC9}.rdf
2001-04-16 18:08 6362 --------- C:\WINDOWS\system32\Defaults\MX0004_00421102{59639116-11D1-D955-A000-9D9D737F8EC9}.rdf
2001-04-16 18:03 6362 --------- C:\WINDOWS\system32\Defaults\MX0004_00421102{B591EC40-11D1-DBC3-A000-9D9D737F8EC9}.rdf


((((((((((((((((((((((((((((( snapshot@2008-04-23_10.28.06.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 17:24:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 18:47:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [2006-10-31 21:27 102400]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2006-10-31 21:24 57344]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-04-05 22:03 1622016]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 18:54 116072]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 03:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-05 14:59 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 17:54 166304]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 17:54]
S3 SaiH0006;SaiH0006;C:\WINDOWS\system32\DRIVERS\SaiH0006.sys [2004-07-26 12:54]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 11:49:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2008-04-23 11:53:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-23 18:53:07
ComboFix2.txt 2008-04-23 17:28:22

Pre-Run: 75,305,750,528 bytes free
Post-Run: 75,286,646,784 bytes free

433 --- E O F --- 2008-04-04 04:23:37






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:31 AM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1207282779437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207289702703
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6207 bytes
  • 0

#6
greyknight17
Posted 23 April 2008 - 07:41 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Delete these:

C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.CDF
C:\WINDOWS\002301_.tmp

Yes, you may remove Norton 360. Keep in mind that no program can catch everything. Avast is a good choice and it has a free edition also :)

The recovery console is a separate bootable area where we can use to repair Windows if it becomes corrupted. If you are interested in installing it, do the following:
Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console. Skip the part to run combofix. Skip the CD part and go straight to get the bootdisk download. Then drag and drop that into combofix to install the recovery console. You won't need to use this unless you run into problems booting Windows. It will come in handy...

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run and copy/paste in combofix /u and hit OK to remove it. You should be set to go.

Edited by greyknight17, 23 April 2008 - 07:51 PM.

  • 0

#7
Rooster87
Posted 23 April 2008 - 08:55 PM

Rooster87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
greyknight,

i was unable to delete "C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.CDF". a window pops up saying another program or person is using it. There does not seem to be any problems other than this. should I uninstall combofix first and then attempt to delet it? i was able to delete the other file.

Thanks again.

Edited by Rooster87, 23 April 2008 - 08:56 PM.

  • 0

#8
greyknight17
Posted 23 April 2008 - 09:14 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I'm not sure what's re-creating that file...let's run this one more time:

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

http://www.geekstogo...lp-t195834.html
Collect::
C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.CDF

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Combofix will prompt you to submit a file online. Click OK to submit it. We'll leave it alone if it returns....

You may remove Combofix now. Post back one more time to confirm that all is running ok now :)
  • 0

#9
Rooster87
Posted 23 April 2008 - 09:37 PM

Rooster87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I uninstaled combofix but was still not able to delete the "C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.CDF" file. Is that ok or should I be concerned about it? I submitted the file online. here is the log.


ComboFix 08-04-22.5 - Gallo 2008-04-23 20:21:18.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1018 [GMT -7:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.CDF

.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-23 20:24 . 2008-04-23 20:23 3,162,278 --a------ C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.CDF
2008-04-23 11:56 . 2008-04-23 20:23 3,162,278 --------- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.BAK
2008-04-23 11:56 . 2008-04-23 20:23 30,120 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-23 11:56 . 2008-04-23 20:23 30,120 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-23 11:56 . 2008-04-23 20:23 27,408 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-23 11:56 . 2008-04-23 20:23 27,408 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-23 11:56 . 2008-04-23 20:23 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-23 11:56 . 2008-04-23 20:23 1,076 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-04-23 11:56 . 2008-04-23 20:23 1,076 --a------ C:\WINDOWS\system32\settings.sfm
2008-04-23 11:41 . 2008-04-23 10:16 1,774,233 --a------ C:\ComboFix.exe
2008-04-22 23:02 . 2008-04-22 23:02 <DIR> d-------- C:\Program Files\Panda Security
2008-04-22 21:04 . 2008-04-22 22:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-22 21:04 . 2008-04-22 21:04 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\SUPERAntiSpyware.com
2008-04-22 21:04 . 2008-04-22 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-22 21:03 . 2008-04-22 21:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 20:53 . 2008-04-22 20:53 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\Malwarebytes
2008-04-22 20:52 . 2008-04-22 20:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 20:52 . 2008-04-22 20:52 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-22 20:52 . 2008-04-22 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 15:49 . 2008-04-19 16:50 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-19 15:48 . 2008-04-19 15:48 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-19 15:43 . 2008-04-19 15:48 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-19 15:43 . 2008-04-23 19:29 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.dat.LOG
2008-04-19 12:22 . 2008-04-23 11:43 <DIR> d-------- C:\Temp
2008-04-16 15:03 . 2008-04-16 15:03 <DIR> d-------- C:\Program Files\CyberLink
2008-04-16 15:03 . 2008-04-16 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-15 18:11 . 2008-04-15 18:13 <DIR> d-------- C:\WINDOWS\system32\Defaults
2008-04-15 18:11 . 2000-12-05 09:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2
2008-04-15 18:10 . 2008-04-15 18:11 <DIR> d-------- C:\Program Files\Creative
2008-04-15 18:10 . 2006-08-11 15:14 86,446 --a------ C:\WINDOWS\system32\instwdm.ini
2008-04-15 18:10 . 2006-08-11 14:56 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2008-04-15 18:10 . 2006-08-11 14:32 191 --a------ C:\WINDOWS\system32\ctzapxx.ini
2008-04-14 16:07 . 2008-04-23 10:33 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\U3
2008-04-14 14:36 . 2008-04-14 14:36 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-14 14:36 . 2008-04-14 14:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2008-04-14 14:35 . 2008-04-14 14:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-14 14:35 . 2008-04-14 14:37 <DIR> d-------- C:\Program Files\Zune
2008-04-14 14:35 . 2008-01-11 17:39 145,408 --a------ C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-14 14:35 . 2008-01-11 17:39 70,656 --a------ C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-14 14:35 . 2008-01-11 17:39 62,464 --a------ C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-14 14:35 . 2008-01-11 17:39 35,840 --a------ C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-12 13:25 . 2008-04-15 17:22 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\W Photo Studio Viewer
2008-04-11 16:56 . 2008-04-11 17:12 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\ATI MMC
2008-04-11 16:49 . 2003-12-15 14:28 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2008-04-11 16:49 . 2003-07-24 13:18 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2008-04-11 16:26 . 2008-04-11 16:26 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-04-11 16:24 . 2008-04-11 16:24 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-04-11 16:24 . 2008-04-11 16:49 <DIR> d-------- C:\Program Files\Common Files\ATI
2008-04-11 16:19 . 2008-04-11 16:19 <DIR> d-------- C:\Program Files\TitanTV
2008-04-11 16:19 . 2008-04-11 16:19 <DIR> d-------- C:\Program Files\msaccrt
2008-04-11 16:08 . 2008-04-11 16:08 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\Ahead
2008-04-09 19:38 . 2008-04-09 19:38 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\ATI
2008-04-09 19:38 . 2008-04-09 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-09 02:24 . 2006-10-04 07:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-09 02:24 . 2006-10-04 07:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-09 02:24 . 2006-10-04 07:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-09 02:23 . 2008-04-09 02:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-09 02:21 . 2008-04-09 02:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-09 02:21 . 2008-04-15 00:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-09 02:03 . 2008-04-09 02:04 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-09 02:03 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-08 22:19 . 2008-04-08 22:19 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-07 11:27 . 2008-04-07 11:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\DVDFabDecrypter_Temp
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-05 14:59 . 2008-04-05 15:01 <DIR> d-------- C:\Program Files\QuickTime
2008-04-05 13:23 . 2008-04-06 15:07 <DIR> d-------- C:\Program Files\DVDFab Decrypter
2008-04-05 13:20 . 2008-04-05 13:20 <DIR> d-------- C:\Program Files\DVD Shrink
2008-04-05 13:20 . 2008-04-15 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-05 13:17 . 2008-04-05 13:17 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-05 13:17 . 2008-04-05 13:17 <DIR> d-------- C:\Program Files\Ahead
2008-04-05 13:17 . 2001-07-06 06:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2008-04-05 13:17 . 2001-07-06 04:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2008-04-05 13:17 . 2001-07-06 10:24 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-05 13:17 . 2001-07-09 03:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-05 13:17 . 2001-06-26 00:15 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2008-04-05 13:08 . 2008-04-05 13:08 29,976 --a------ C:\20040318095344796_SM710T.zip
2008-04-05 12:55 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-05 12:55 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-05 12:55 . 2004-08-04 01:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-05 12:55 . 2004-08-04 01:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-05 00:17 . 2008-04-16 21:22 <DIR> d-------- C:\Work_Projects
2008-04-05 00:07 . 1997-05-05 20:26 721,168 --a------ C:\WINDOWS\system32\VB40032.DLL
2008-04-05 00:07 . 1997-05-05 20:15 267,264 --a------ C:\WINDOWS\system32\ACADFICN.DLL
2008-04-05 00:07 . 1997-05-30 08:12 260,368 --a------ C:\WINDOWS\system32\MSXB3032.DLL
2008-04-05 00:07 . 1997-05-30 08:12 244,496 --a------ C:\WINDOWS\system32\VBAR2232.DLL
2008-04-05 00:07 . 1997-05-30 08:12 226,576 --a------ C:\WINDOWS\system32\MSPX3032.DLL
2008-04-05 00:07 . 1997-05-05 20:26 92,672 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-04-05 00:07 . 1997-05-05 20:24 81,920 --a------ C:\WINDOWS\system32\GDIFONT3.HDI
2008-04-05 00:07 . 1997-05-05 20:24 42,496 --a------ C:\WINDOWS\system32\MTSTACK.EXE
2008-04-05 00:07 . 1997-05-05 20:24 14,848 --a------ C:\WINDOWS\system32\ADI3.HDI
2008-04-05 00:07 . 1997-05-05 20:15 7,680 --a------ C:\WINDOWS\system32\ADRESC.DLL
2008-04-04 23:14 . 1997-05-05 20:24 447,488 --a------ C:\WINDOWS\system32\HEIDI3.DLL
2008-04-04 22:58 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-04 17:18 . 2008-04-04 17:18 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-04-04 17:05 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-04 17:05 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-04 14:13 . 1997-05-30 08:12 965,904 --a------ C:\WINDOWS\system32\MSJT3032.DLL
2008-04-04 14:13 . 1997-05-30 08:12 245,520 --a------ C:\WINDOWS\system32\MSRD2X32.DLL
2008-04-04 14:13 . 1997-05-30 08:12 200,976 --a------ C:\WINDOWS\system32\MSXL3032.DLL
2008-04-04 14:13 . 1997-05-30 08:12 113,936 --a------ C:\WINDOWS\system32\MSTX3032.DLL
2008-04-04 14:13 . 1997-05-30 08:12 98,356 --a------ C:\WINDOWS\system32\MSJTER32.DLL
2008-04-04 14:13 . 1997-05-05 20:15 76,800 --a------ C:\WINDOWS\system32\REGACAD.DLL
2008-04-04 14:13 . 1997-05-05 20:24 41,984 --a------ C:\WINDOWS\system32\ADIMON.DLL
2008-04-04 14:13 . 1997-05-30 08:12 33,552 --a------ C:\WINDOWS\system32\MSJINT32.DLL
2008-04-04 14:12 . 2008-04-04 14:12 <DIR> d-------- C:\Program Files\Autodesk
2008-04-04 14:10 . 2008-04-04 14:10 <DIR> d-------- C:\Documents and Settings\Gallo\WINDOWS
2008-04-04 14:10 . 1997-05-06 18:53 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-04 13:48 . 2008-04-04 13:48 <DIR> d-------- C:\Program_Updates
2008-04-04 12:37 . 2008-04-04 12:37 <DIR> d-------- C:\Acad
2008-04-04 01:42 . 2008-04-04 23:16 <DIR> d-------- C:\David_Back_Up
2008-04-04 00:30 . 2001-08-17 23:36 171,008 --a------ C:\WINDOWS\system32\LXADSUI.DLL
2008-04-04 00:30 . 2001-07-21 19:52 25,645 --a------ C:\WINDOWS\system32\CNBJHLP.HLP
2008-04-04 00:30 . 2001-07-21 19:52 787 --a------ C:\WINDOWS\system32\CNBJHLP.CNT
2008-04-04 00:10 . 2008-04-04 00:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-04 00:08 . 2004-08-04 01:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2008-04-04 00:06 . 2008-04-04 00:06 <DIR> d-------- C:\WINDOWS\EHome
2008-04-03 23:32 . 2008-04-03 23:32 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\Symantec
2008-04-03 22:35 . 2001-03-08 10:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-04-03 22:33 . 2008-04-03 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-03 22:24 . 2008-04-16 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-04-03 22:22 . 2008-04-11 16:33 <DIR> d-------- C:\Program Files\ATI Multimedia
2008-04-03 22:08 . 2008-04-03 22:08 0 --a------ C:\WINDOWS\ATIMMC.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 04:35 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-04 04:35 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-04 01:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-04 01:24 558,142 ----a-w C:\WINDOWS\java\Packages\SINBFFHF.ZIP
2008-04-04 01:24 155,995 ----a-w C:\WINDOWS\java\Packages\0EE2VVXF.ZIP
2008-03-06 00:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-06 00:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-06 00:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 23:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 23:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-05 23:50 80,896 ----a-w C:\WINDOWS\system32\dxdllreg.exe
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ------w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ------w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ------w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ------w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:54 105,088 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-02-06 07:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-23_10.28.06.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 17:24:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 03:23:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [2006-10-31 21:27 102400]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2006-10-31 21:24 57344]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-04-05 22:03 1622016]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 18:54 116072]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 03:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-05 14:59 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 17:54 166304]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 17:54]
S3 SaiH0006;SaiH0006;C:\WINDOWS\system32\DRIVERS\SaiH0006.sys [2004-07-26 12:54]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61b2d2b1-0a68-11dd-bda2-00196630a223}]
\Shell\AutoRun\command - G:\LaunchU3.exe

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 20:24:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-04-23 20:28:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 03:28:51
ComboFix2.txt 2008-04-23 18:53:11
ComboFix3.txt 2008-04-23 17:28:22

Pre-Run: 75,069,353,984 bytes free
Post-Run: 75,198,435,328 bytes free

255 --- E O F --- 2008-04-04 04:23:37



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:31 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1207282779437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207289702703
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6080 bytes






All seems to be working ok. No weird activity and the machine is not working slow. Task manager is also accessible. Thank you so much for all your time. You are the greatest!

David

Edited by Rooster87, 23 April 2008 - 09:38 PM.

  • 0

#10
greyknight17
Posted 24 April 2008 - 06:49 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Good morning David, don't worry about those entries. I don't know why they are being created there but it's related to Creative. We'll leave them alone.

You're very welcome. It was a pleasure to help you resolve this issue. Feel free to post back again if you have any other issues.
  • 0

#11
greyknight17
Posted 24 April 2008 - 06:49 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP