Hi,
It worked great in safe mode. Thanks. Here are the new logs
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33, on 2008-09-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SE...S01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30CB6769-18E9-00E9-808A-023D8933711E} - C:\Program Files\uzmcxd\HlpApiAct.dll (file missing)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uichk] C:\WINDOWS\system32\rqpafslw.exe
O4 - HKCU\..\Run: [SysAplProc] C:\WINDOWS\system32\ipcdalaz.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone:
http://*.mcafee.comO16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) -
http://esupport.sony.com/VaioInfo.CABO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcaf...84/mcinsctl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1134536379421O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Zune Network Sharing Service (ZuneNetworkSvc) - Unknown owner - c:\Program Files\Zune\ZuneNss.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/SAMBAD~1/LOCALS~1/Temp/Untitled01.jpg
--
End of file - 9392 bytes
ComboFix 08-09-01.04 - Sam 2008-09-06 12:17:40.6 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.354 [GMT -4:00]
Running from: C:\Documents and Settings\Sam \Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sam \Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Sam \Application Data\macromedia\Flash Player\#SharedObjects\7YGHY3J5\bin.clearspring.com
C:\Documents and Settings\Sam \Application Data\macromedia\Flash Player\#SharedObjects\7YGHY3J5\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Sam \Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Sam \Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Sam \Cookies\
[email protected][1].txt
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\ejepybkz
C:\Documents and Settings\All Users\Application Data\ejepybkz\ubchwbwl.exe
C:\Documents and Settings\All Users\Application Data\ngburufe
C:\Program Files\uzmcxd
C:\Program Files\uzmcxd\HlpApiAct.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.
2008-09-06 02:07 . 2008-09-06 02:07 <DIR> d----c--- C:\WINDOWS\LastGood
2008-09-06 02:07 . 2008-04-13 20:12 159,232 --a--c--- C:\WINDOWS\system32\ptpusd.dll
2008-09-06 02:07 . 2001-08-17 22:36 5,632 --a--c--- C:\WINDOWS\system32\ptpusb.dll
2008-09-05 15:01 . 2008-09-05 15:01 <DIR> d----c--- C:\spoolerlogs
2008-09-03 19:15 . 2008-09-03 19:15 <DIR> d----c--- D:\Program Files\Google
2008-08-31 17:28 . 2008-08-31 17:28 <DIR> d----c--- D:\Program Files\iPod
2008-08-31 17:27 . 2008-08-31 17:28 <DIR> d----c--- D:\Program Files\iTunes
2008-08-31 17:26 . 2008-08-31 17:27 <DIR> d----c--- D:\Program Files\QuickTime
2008-08-24 13:51 . 2008-08-24 13:51 <DIR> d----c--- D:\Program Files\Windows Defender
2008-08-24 11:39 . 2008-08-24 11:39 <DIR> d----c--- D:\Program Files\Trend Micro
2008-08-21 00:13 . 2008-08-21 00:13 <DIR> d----c--- C:\WINDOWS\system32\scripting
2008-08-21 00:12 . 2008-08-21 00:12 <DIR> d----c--- C:\WINDOWS\system32\en
2008-08-21 00:12 . 2008-08-21 00:12 <DIR> d----c--- C:\WINDOWS\l2schemas
2008-08-19 23:36 . 2008-08-19 23:36 850 --a--c--- C:\WINDOWS\system32\ProductTweaks.xml
2008-08-19 23:36 . 2008-08-19 23:36 385 --a--c--- C:\WINDOWS\system32\user_gensett.xml
2008-08-19 23:29 . 2008-08-19 23:29 <DIR> d----c--- D:\Program Files\BitDefender
2008-08-19 23:24 . 2008-08-24 14:52 <DIR> d----c--- C:\Program Files\Common Files\BitDefender
2008-08-19 15:36 . 2008-08-19 15:57 <DIR> d----c--- C:\Documents and Settings\Sam \Application Data\MSNInstaller
2008-08-18 23:41 . 2008-08-18 23:41 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-18 23:22 . 2008-08-18 23:22 <DIR> d----c--- D:\Program Files\microsoft frontpage
2008-08-18 23:04 . 2008-08-18 23:04 <DIR> d----c--- C:\Documents and Settings\Sam \Application Data\Malwarebytes
2008-08-18 23:04 . 2008-08-18 23:04 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-18 23:04 . 2008-08-17 15:04 38,472 --a--c--- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-18 23:04 . 2008-08-17 15:04 17,144 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys
2008-08-18 18:11 . 2008-04-13 20:11 650,752 -----c--- C:\WINDOWS\system32\dot3ui.dll
2008-08-13 18:40 . 2008-05-01 10:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 18:36 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 06:07 --------- dc----w C:\Documents and Settings\Sam \Application Data\Apple Computer
2008-09-03 06:32 --------- dc----w C:\Documents and Settings\Sam \Application Data\MSN6
2008-07-23 00:32 32,000 -c--a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-19 02:10 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:34 586,240 -c--a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-14 00:05 --------- dc----w C:\Documents and Settings\Sam \Application Data\Hewlett-Packard
2008-07-13 16:34 79,928 -c--a-w C:\Documents and Settings\Sam \Application Data\GDIPFONTCACHEV1.DAT
2008-07-07 20:26 253,952 -c--a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 -c--a-w C:\WINDOWS\system32\mswsock.dll
2007-07-28 17:35 409,339 -c--a-w C:\Documents and Settings\Sam 's Folder\cc_20070728_1235.reg
2003-09-27 19:43 44,135 -c--a-w D:\Program Files\system.zip
.
------- Sigcheck -------
2005-06-10 19:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 20:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 20:12 57856 c03b100e04c3439b0d0b424860c0d0de C:\WINDOWS\system32\spoolsv.exe
2004-08-04 03:56 111104 4126d27cece4471e00e425411f7306b5 C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
2008-04-13 20:12 111104 ed7262e52c31cf1625b65039102bc16c C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-07-18 22:10 53448 4b901be6344d0819a8974a9f83b95018 C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-24_15.03.07.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-31 21:25:52 27,136 -c--a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
+ 2008-08-31 21:29:03 102,400 -c--a-r C:\WINDOWS\Installer\{3DE0053C-FD9A-483E-B7C9-B06E4392206E}\iTunesIco.exe
+ 2007-10-31 20:09:14 30,464 -c--a-w C:\WINDOWS\LastGood\System32\Drivers\usbaapl.sys
- 2007-07-31 00:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-19 02:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2007-07-31 00:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-19 02:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-31 00:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-19 02:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-31 00:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-19 02:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-31 00:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-19 02:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-31 00:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-19 02:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-01-29 16:01:28 16,168 -c--a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-07-23 00:32:44 32,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_97B931EF204A3188AFFD15A9A5337268E8B6F312\usbaapl.sys
+ 2008-01-29 16:02:30 107,368 -c--a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-07-19 02:10:20 36,552 -c--a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 02:10:40 45,768 -c--a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-02-27 114688]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-04-01 81920]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 40960]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2002-04-12 1417216]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-09-30 176128]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-19 335872]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 C:\WINDOWS\system32\Ati2mdxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-09-04 6856704]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{8CC15633-2327-43F4-BA85-B83FDB4B59BE}\_18be6784.exe [2004-08-18 25214]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [2003-05-01 872448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a--c--- 2003-12-19 23:00 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a--c--- 2001-09-05 05:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUtil.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNTray.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNCfg.exe"=
"C:\\Program Files\\Microsoft Broadband Networking\\MSBNUpdate.exe"=
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"C:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 71961]
S2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
S2 fsssvc;Windows Live OneCare Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
S2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 59296]
S3 fa410;NETGEAR FA410TX Fast Ethernet PC Card Driver;C:\WINDOWS\system32\DRIVERS\fa410nd5.sys [2001-08-17 24618]
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 39048]
S3 MSFT43XX;Microsoft Wireless Notebook Adapter Driver;C:\WINDOWS\system32\DRIVERS\mn720-50.sys [2003-07-18 254208]
S3 SEM43XX;Sony Ericsson 802.11 Wireless LAN Adapter Driver SEM43XX;C:\WINDOWS\system32\DRIVERS\semwl5.sys [2005-01-03 368896]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-01-03 114944]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-01-03 53248]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GCXXSC.sys [2004-12-21 21888]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 245664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79b81b07-d0a7-11db-862d-0004236f1f98}]
\Shell\AutoRun\command - F:\setupSNK.exe
*Newly Created Service* - PARPORT
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-06 12:21:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-06 12:24:28
ComboFix-quarantined-files.txt 2008-09-06 16:24:07
ComboFix2.txt 2008-08-24 19:04:00
Pre-Run: 986,927,104 bytes free
Post-Run: 1,047,633,920 bytes free
191 --- E O F --- 2008-09-04 20:53:11
This topic is locked
Sign In
Create Account
