ComboFix 08-05-12.1 - Admin 2008-05-14 13:38:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.563 [GMT -7:00]
Running from: C:\Documents and Settings\Admin\desktop\ComboFix.exe
Command switches used :: /killall
* Created a new restore point[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Admin\Application Data\inst.exe
C:\Documents and Settings\Admin\Desktop\sha\ISO\_desktop.ini
C:\WINDOWS\dc.exe
C:\WINDOWS\help\Other.exe
C:\WINDOWS\inf\Other.exe
C:\WINDOWS\sviq.exe
C:\WINDOWS\system\Fun.exe
C:\WINDOWS\system32\config\Win.exe
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\system32\Penx.dat
C:\WINDOWS\system32\WinSit.exe
C:\WINDOWS\system32\Xpen.dat
.
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.
2008-05-14 13:29 . 2008-05-14 13:29 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-05-14 13:29 . 2008-05-14 13:29 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-05-14 13:23 . 2008-05-14 13:23 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-14 13:17 . 2008-05-14 13:31 <DIR> d-------- C:\SDFix
2008-05-13 12:00 . 2008-05-13 12:00 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-05-11 20:52 . 2008-05-11 20:52 <DIR> d-------- C:\Program Files\directx
2008-05-11 20:52 . 2008-05-11 20:52 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\ArcSoft
2008-05-11 20:52 . 1998-09-02 01:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-05-11 20:52 . 1998-08-26 21:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-05-11 20:52 . 1998-08-20 04:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-05-11 20:52 . 1998-09-02 01:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-05-11 20:52 . 1998-09-02 01:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-05-11 20:52 . 1998-08-17 02:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-05-11 20:52 . 1998-08-17 02:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-05-11 20:52 . 1998-08-17 02:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-05-11 20:52 . 2008-05-11 20:52 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-05-11 20:52 . 2008-05-11 20:52 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-05-11 20:51 . 2008-05-11 20:51 <DIR> d-------- C:\Program Files\ArcSoft
2008-05-11 20:51 . 1999-05-26 09:46 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2008-05-11 20:51 . 2001-10-16 11:23 163,840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2008-05-11 20:51 . 2001-06-07 16:27 21 --a------ C:\WINDOWS\CS_setup.ini
2008-05-11 18:15 . 2000-12-12 19:21 7,572,224 --------- C:\WINDOWS\system32\CT8MGM.SF2
2008-05-11 18:15 . 2000-12-04 18:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2
2008-05-11 18:15 . 1999-09-22 00:18 2,167,684 -ra------ C:\WINDOWS\system32\ct2mgm.sf2
2008-05-11 18:15 . 2005-06-27 03:37 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll
2008-05-11 18:15 . 2000-05-11 01:00 90,112 --------- C:\WINDOWS\Updreg.EXE
2008-05-11 18:15 . 2005-07-07 02:26 5,627 -ra------ C:\WINDOWS\system32\Ludap17.ini
2008-05-11 18:15 . 2005-03-07 23:14 39 -ra------ C:\WINDOWS\system32\ctzapxx.ini
2008-05-11 18:11 . 2008-05-11 18:11 29 --a------ C:\WINDOWS\sfbm.INI
2008-05-11 00:20 . 2007-07-20 14:30 14,208 --a------ C:\WINDOWS\system32\drivers\voxthing.sys
2008-05-10 23:32 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-10 23:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-10 23:32 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-10 23:28 . 2008-05-10 23:30 <DIR> d-------- C:\Program Files\Winamp
2008-05-10 23:28 . 2008-05-10 23:29 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-05-10 23:17 . 2008-05-10 23:18 <DIR> d-------- C:\InDesignCS2_Setup
2008-05-09 23:24 . 2008-05-11 21:21 <DIR> d-------- C:\Recording
2008-05-08 23:02 . 2008-05-08 23:03 <DIR> d-------- C:\Program Files\Hamster Ball
2008-05-08 21:59 . 2008-05-08 21:59 <DIR> d-------- C:\Program Files\DiskTrix
2008-05-08 20:25 . 2008-05-08 20:25 <DIR> d-------- C:\Program Files\inKline Global
2008-05-03 00:44 . 2008-05-03 00:44 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-03 00:44 . 2008-05-03 00:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 00:44 . 2008-05-03 00:44 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-03 00:44 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-05-03 00:35 . 2008-05-08 22:05 65,552 --a------ C:\WINDOWS\system32\KeOS386.DLL
2008-05-02 13:44 . 2008-05-04 00:39 <DIR> d-------- C:\Program Files\PC Washer
2008-05-02 13:40 . 2008-05-02 13:40 <DIR> d-------- C:\Program Files\USB Disk Security
2008-05-02 13:37 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-05-02 13:37 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-05-02 13:37 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-05-02 13:37 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-05-02 13:36 . 2008-05-02 13:37 <DIR> d-------- C:\Program Files\VSO
2008-05-02 13:36 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-05-02 13:36 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-05-02 13:36 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-05-02 12:55 . 2008-05-02 12:55 <DIR> d-------- C:\Program Files\MP3 Player Utilities 3.5.02
2008-05-02 12:55 . 2005-11-09 02:57 9,277 -ra------ C:\WINDOWS\AmvTransform.ini
2008-05-02 12:55 . 2005-10-20 23:32 8,913 -ra------ C:\WINDOWS\fwupgrade.ini
2008-05-02 12:55 . 2005-09-15 02:40 8,157 -ra------ C:\WINDOWS\AmvPlayer.ini
2008-05-02 12:55 . 2005-10-20 23:24 7,454 -ra------ C:\WINDOWS\Disktool.INI
2008-05-02 12:55 . 2004-05-11 22:28 3,677 -ra------ C:\WINDOWS\SoundCon.INI
2008-05-02 12:55 . 2005-09-14 20:28 170 -ra------ C:\WINDOWS\settings.ini
2008-05-01 23:06 . 2008-05-01 23:06 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2008-05-01 17:52 . 2008-05-01 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-01 17:51 . 2008-05-01 17:51 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-01 17:50 . 2008-05-10 23:19 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-01 16:51 . 2008-05-01 16:51 <DIR> d-------- C:\Program Files\PT Atlantis Programma Prima
2008-05-01 16:51 . 2008-05-01 16:51 <DIR> d-------- C:\Program Files\COD10
2008-05-01 16:50 . 2004-09-02 22:32 269,824 --a------ C:\WINDOWS\uninst.exe
2008-05-01 16:49 . 2008-05-01 16:49 <DIR> d-------- C:\Program Files\OpenSys
2008-05-01 16:49 . 2008-05-01 16:49 <DIR> d-------- C:\Program Files\Common Files\OpenSys
2008-05-01 16:49 . 1998-06-26 20:22 205,848 --a------ C:\WINDOWS\system32\Threed32.ocx
2008-05-01 16:49 . 1997-07-19 16:01 196,880 --a------ C:\WINDOWS\system32\Richtx32.ocx
2008-05-01 13:43 . 2008-05-01 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-01 13:43 . 2008-05-01 13:43 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\TuneUp Software
2008-05-01 13:38 . 2008-05-01 13:38 <DIR> d-------- C:\Program Files\Arturia
2008-05-01 13:38 . 2003-02-24 17:27 151,552 --a------ C:\WINDOWS\system32\FDlg.dll
2008-05-01 13:33 . 2008-05-01 13:33 <DIR> d-------- C:\Program Files\Total Video Converter
2008-05-01 13:23 . 2008-05-01 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-05-01 13:21 . 2008-05-12 19:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-01 13:14 . 2008-05-01 13:14 <DIR> d-------- C:\Program Files\SpectralDesign
2008-05-01 13:12 . 2008-05-01 13:12 <DIR> d-------- C:\Program Files\YAMAHA
2008-05-01 13:09 . 2008-05-13 11:54 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-05-01 12:33 . 2008-05-01 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-05-01 12:31 . 2008-05-01 12:31 <DIR> d-------- C:\Program Files\VOB
2008-05-01 12:31 . 2002-08-28 11:09 611,840 --a------ C:\WINDOWS\system32\vobhw.dll
2008-05-01 12:31 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-01 12:31 . 2002-09-26 17:34 153,088 --a------ C:\WINDOWS\system32\IWUninstall.exe
2008-05-01 12:31 . 2000-04-27 12:31 19,456 --a------ C:\WINDOWS\system32\asapi.dll
2008-05-01 12:31 . 2002-04-17 20:27 11,264 --a------ C:\WINDOWS\system32\drivers\asapi.sys
2008-05-01 12:30 . 2008-05-01 12:30 <DIR> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-05-01 12:28 . 2008-05-01 12:28 <DIR> d-------- C:\Program Files\Nomad Factory
2008-05-01 12:28 . 2003-03-18 20:04 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2008-05-01 12:28 . 2003-03-18 20:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-05-01 12:05 . 2008-05-01 12:05 <DIR> d-------- C:\Program Files\Native Instruments
2008-05-01 12:05 . 2004-09-30 13:13 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-05-01 11:48 . 2008-05-13 14:27 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-01 11:08 . 2008-05-01 11:08 <DIR> d-------- C:\Program Files\Bome's Mouse Keyboard
2008-05-01 11:08 . 2008-05-01 11:08 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Propellerhead Software
2008-05-01 10:52 . 2008-05-01 10:54 <DIR> d-------- C:\Audio
2008-05-01 10:52 . 2008-05-13 13:51 32 --a------ C:\WINDOWS\system32\w3data.vss
2008-05-01 10:52 . 2008-05-13 13:51 32 --a------ C:\WINDOWS\msocreg32.dat
2008-05-01 10:51 . 2008-05-01 14:16 <DIR> d-------- C:\Program Files\IK Multimedia
2008-05-01 10:51 . 2008-05-01 10:51 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-05-01 10:51 . 2006-11-27 12:29 189 --a------ C:\WINDOWS\system32\.MySCMServerInfo
2008-05-01 10:47 . 2008-05-01 10:47 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Steinberg
2008-05-01 10:43 . 2008-05-01 12:29 <DIR> d-------- C:\Program Files\Steinberg
2008-05-01 10:43 . 2005-06-04 09:08 487,936 --a------ C:\WINDOWS\system32\rmbe3260.dll
2008-05-01 10:43 . 2005-06-04 09:09 352,768 --a------ C:\WINDOWS\system32\pngu3263.dll
2008-05-01 10:43 . 2005-06-04 09:09 131,072 --a------ C:\WINDOWS\system32\pneng50.dll
2008-05-01 10:43 . 2005-06-04 09:09 130,560 --a------ C:\WINDOWS\system32\pnc3250.dll
2008-05-01 10:43 . 2005-06-04 09:08 87,040 --a------ C:\WINDOWS\system32\ra32sipr.dll
2008-05-01 10:43 . 2005-06-04 09:11 85,504 --a------ C:\WINDOWS\system32\encdnet.dll
2008-05-01 10:43 . 2005-06-04 09:09 81,920 --a------ C:\WINDOWS\system32\ra3214_4.dll
2008-05-01 10:43 . 2005-06-04 09:09 72,704 --a------ C:\WINDOWS\system32\ra3228_8.dll
2008-05-01 10:43 . 2005-06-04 09:09 61,952 --a------ C:\WINDOWS\system32\decdnet.dll
2008-05-01 10:43 . 2005-06-04 09:09 21,504 --a------ C:\WINDOWS\system32\ra32dnet.dll
2008-05-01 10:41 . 2008-05-01 10:41 <DIR> d-------- C:\Program Files\Syncrosoft
2008-05-01 10:41 . 2005-02-01 04:34 700,416 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-05-01 10:41 . 2004-05-11 00:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2008-05-01 10:41 . 2003-08-01 05:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-05-01 10:41 . 2003-05-27 00:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-05-01 10:41 . 2003-05-27 00:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-05-01 10:41 . 2002-11-25 17:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-05-01 10:41 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 07:25 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-01 07:25 --------- d-----w C:\Program Files\Utilities
2008-05-01 07:25 --------- d-----w C:\Program Files\nLite
2008-03-05 23:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 23:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 23:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 22:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 22:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2006-11-29 13:26 28,160 ----a-w C:\WINDOWS\inf\MEDIAINF\myokent.dll
.
------- Sigcheck -------
2007-01-05 23:31 360576 e7dfcffa380749b8626ad71e8f367dcb C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-04 19:30 1253376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 11:49 36352]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46 200069]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"USB Antivirus"="C:\Program Files\USB Disk Security\USBGuard.exe" [2008-04-01 15:10 798720]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
"P17Helper"="P17.dll" [2005-05-03 04:38 64512 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-04 19:30 1253376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="cmd.exe" [2004-08-03 21:00 388608 C:\WINDOWS\system32\cmd.exe]
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-05-01 17:51:29 25214]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"ForceStartMenuLogoff"= 0 (0x0)
"NoStartMenuPinnedList"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"ForceStartMenuLogoff"= 0 (0x0)
"NoStartMenuPinnedList"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"MIDI1"= myokent.dll
"MIDI2"= myokent.dll
"MIDI3"= myokent.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 20:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 20:39]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 21:00]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 voxthing;Voice Thing service;C:\WINDOWS\system32\drivers\voxthing.sys [2007-07-20 14:30]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 00:44]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Windows Sidebar]
C:\WINDOWS\system32\hidec /W C:\VAIO\Tools\REGTLIB.EXE "C:\Program Files\Windows Sidebar\sidebar.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"C:\Program Files\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BADA65A0-86B7-462B-B720-CE66655C73F5}]
regsvr32 /s C:\VAIO\.\vshellext.dll
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 07:44:57 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 13:40:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
.
**************************************************************************
.
Completion time: 2008-05-14 13:41:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 20:41:41
Pre-Run: 70,728,728,576 bytes free
Post-Run: 70,719,471,616 bytes free
262
SDFix: Version 1.182
Run by Admin on Wed 05/14/2008 at 01:26 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\nvchost.exe - Deleted
C:\WINDOWS\winlogon.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 13:30:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 21 Jul 2002 418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"
Thu 18 Jul 2002 390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 19 Jul 2002 574,464 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Mon 19 Aug 2002 430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Mon 22 Jul 2002 390,656 ...HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 ...HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Sun 1 Dec 2002 431,616 ...HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Sun 9 Mar 2008 1,536 A..H. --- "C:\Documents and Settings\All Users\Desktop\KEYGENS FOR PROGRAMS\Antares VoiceThing 1.0\Softwrap.dll"
Sun 9 Mar 2008 1,536 A..H. --- "C:\Documents and Settings\All Users\Desktop\KEYGENS FOR PROGRAMS\vst\Antares VoiceThing 1.0\Softwrap.dll"
Finished!
