ComboFix 07-12-21.4 - MaNiX^ 2007-12-22 9:24:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1142 [GMT 1:00] Running from: D:\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\a.bat C:\WINDOWS\system32\messenger.exe . ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))) . 2007-12-21 20:19 . 2007-12-21 20:19 2007-12-20 18:21 . 2007-12-20 18:21 2007-12-20 18:21 . 2007-12-20 18:21 2007-12-20 18:21 . 2007-12-20 18:21 2007-12-20 18:21 . 2001-12-10 17:42 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll 2007-12-20 18:21 . 2001-12-10 17:42 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll 2007-12-20 18:21 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll 2007-12-20 18:21 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll 2007-12-20 18:21 . 2001-12-10 17:42 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll 2007-12-20 18:21 . 2001-12-10 17:42 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll 2007-12-20 18:21 . 2002-09-27 07:53 9,856 --------- C:\WINDOWS\system32\drivers\pfc.sys 2007-12-20 18:20 . 2007-12-20 18:20 2007-12-20 18:20 . 2007-02-07 11:01 22 --a------ C:\WINDOWS\system32\ansi13.sys 2007-12-19 19:35 . 2007-12-21 20:27 2007-12-19 17:57 . 2007-12-22 09:22 2007-12-19 13:36 . 2007-12-19 13:36 2007-12-19 13:35 . 2007-12-19 13:35 2007-12-19 13:35 . 2007-12-19 13:35 2007-12-19 13:35 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-19 13:04 . 2007-12-19 13:04 298 --a------ C:\WINDOWS\game.ini 2007-12-19 12:56 . 2007-12-19 12:56 2007-12-19 12:54 . 2007-12-19 12:54 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2007-12-19 12:47 . 2007-12-19 12:47 2007-12-19 12:00 . 2007-12-19 12:00 550 --a------ C:\WINDOWS\eReg.dat 2007-12-18 17:17 . 2007-12-18 17:17 2007-12-18 17:17 . 2005-10-21 02:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-12-18 17:17 . 2005-10-21 02:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-12-18 17:16 . 2007-12-18 17:16 2007-12-18 16:24 . 2007-12-18 16:24 2007-12-17 16:46 . 2007-12-17 16:46 2007-12-16 13:52 . 2007-12-16 13:52 2007-12-16 11:05 . 2005-05-18 11:43 81,920 --a------ C:\WINDOWS\system32\CloseApp.exe 2007-12-16 10:46 . 2007-12-19 18:54 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-12-16 10:46 . 2007-12-19 18:55 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-12-16 10:46 . 2007-12-19 18:55 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-12-16 10:43 . 2007-12-16 10:43 2007-12-16 09:29 . 2007-12-16 09:29 2007-12-16 09:29 . 2007-12-16 09:29 2007-12-16 09:29 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-12-16 09:28 . 2007-12-16 09:28 2007-12-16 09:27 . 2007-12-16 09:29 2007-12-16 09:26 . 2007-12-16 09:26 2007-12-16 09:26 . 2007-12-16 09:30 2007-12-16 09:16 . 2007-12-16 13:53 2007-12-15 22:07 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2007-12-15 22:07 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2007-12-15 22:07 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2007-12-15 22:07 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2007-12-15 21:17 . 2007-12-15 21:17 2007-12-15 21:08 . 2007-12-15 21:08 2007-12-15 21:08 . 2007-12-15 21:08 2007-12-15 20:48 . 2001-10-26 18:30 57,344 --a------ C:\WINDOWS\system32\sol.backup 2007-12-15 20:21 . 2007-12-15 20:21 2007-12-15 19:57 . 2007-12-19 11:59 2007-12-15 19:55 . 2007-12-15 19:55 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-15 19:51 . 2007-12-15 19:51 2007-12-15 19:51 . 2007-12-15 19:51 2007-12-15 19:04 . 2007-12-15 19:04 2007-12-15 19:02 . 2006-04-10 14:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll 2007-12-15 19:02 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-15 18:52 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-12-15 18:52 . 2004-08-04 00:44 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2007-12-15 18:52 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-12-15 18:52 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-12-15 18:52 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-12-15 18:52 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-12-15 18:51 . 2007-12-15 18:51 2007-12-15 18:49 . 2007-12-15 18:49 2007-12-15 18:49 . 2007-12-15 18:49 2007-12-15 15:15 . 2007-09-28 17:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-12-15 15:15 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-12-15 15:15 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm 2007-12-15 15:15 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-12-15 15:15 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-12-15 15:15 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2007-12-15 15:15 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm 2007-12-15 15:15 . 2007-09-28 17:05 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2007-12-15 15:15 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml 2007-12-15 15:14 . 2007-12-15 15:15 2007-12-15 15:14 . 2007-09-28 17:05 739,840 --a------ C:\WINDOWS\system32\divx.dll 2007-12-15 15:14 . 2007-07-29 16:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-12-15 15:14 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2007-12-15 15:10 . 2007-12-15 15:10 2007-12-15 14:29 . 2007-12-15 14:33 2007-12-15 14:29 . 2007-03-08 00:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-12-15 14:07 . 2007-12-15 14:07 2007-12-15 13:39 . 2007-12-15 13:39 2007-12-15 13:36 . 2007-12-15 13:36 2007-12-15 13:34 . 2007-12-15 13:34 2007-12-15 13:34 . 2007-12-15 13:34 2007-12-15 13:32 . 2007-12-15 13:32 2007-12-15 13:32 . 2007-12-15 13:34 2007-12-15 13:31 . 2007-12-15 13:31 2007-12-15 13:30 . 2007-12-15 13:30 2007-12-15 13:30 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-12-15 13:30 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-12-15 13:30 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-12-15 13:30 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-12-15 13:30 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-12-15 13:30 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 17:21 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-20 17:21 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-19 17:05 --------- d-----w C:\Documents and Settings\MaNiX^\Dane aplikacji\HP 2007-12-19 12:04 22,328 ----a-w C:\Documents and Settings\MaNiX^\Dane aplikacji\PnkBstrK.sys 2007-12-17 18:12 --------- d-----w C:\Documents and Settings\MaNiX^\Dane aplikacji\AdobeUM 2007-12-17 16:34 --------- d-----w C:\Documents and Settings\MaNiX^\Dane aplikacji\Xfire 2007-12-16 07:59 --------- d-----w C:\Documents and Settings\MaNiX^\Dane aplikacji\Nero 2007-12-15 19:18 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-12-15 19:18 --------- d-----w C:\Documents and Settings\MaNiX^\Dane aplikacji\DAEMON Tools Pro 2007-12-15 14:17 --------- d-----w C:\Documents and Settings\MaNiX^\Dane aplikacji\Media Player Classic 2007-12-15 13:08 --------- d-----w C:\Documents and Settings\MaNiX^\Dane aplikacji\Gadu-Gadu 2007-12-15 10:53 --------- d-----w C:\Program Files\Styler 2007-12-15 10:53 --------- d-----w C:\Program Files\Stardock 2007-12-15 10:35 --------- d-----w C:\Program Files\Your Uninstaller 2008 2007-12-15 10:34 --------- d-----w C:\Documents and Settings\MaNiX^\Dane aplikacji\URSoft 2007-12-15 10:29 --------- d-----w C:\Program Files\Analog Devices 2007-12-15 10:10 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-15 10:08 --------- d-----w C:\Program Files\Usługi online 2007-12-15 10:06 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-12-05 00:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll 2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-12-05 00:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-12-05 00:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-12-05 00:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-12-05 00:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll 2007-12-05 00:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll 2007-12-05 00:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll 2007-12-05 00:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll 2007-12-05 00:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “DAEMON Tools Pro Agent”=“C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 14:08] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe” [2006-11-13 15:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gainward”=“C:\WINDOWS\TBPanel.exe” [2007-11-27 07:34] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nltide_2”=“regsvr32 /s /n /i:U shell32” [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-12-15 11:54 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Photosmart Premier - Szybkie uruchomienie.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Photosmart Premier - Szybkie uruchomienie.lnk backup=C:\WINDOWS\pss\HP Photosmart Premier - Szybkie uruchomienie.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChrisTV Agent] C:\Program Files\ChrisTV PVR\ChrisTV_Agent.exe /silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 00:44 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] 2007-09-06 14:08 136136 --a------ C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 15:57 1289000 --a------ C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 02:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-14 09:11 1388544 --a------ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Messenger] messenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr] 2005-02-17 00:03 106496 --a------ C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “WMPNetworkSvc”=3 (0x3) “SoundMAX Agent Service (default)”=2 (0x2) “Pml Driver HPZ12”=2 (0x2) “NVSvc”=2 (0x2) “NOD32krn”=2 (0x2) “ose”=3 (0x3) “odserv”=3 (0x3) R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2005-06-02 19:59] R2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.SYS [2001-07-03 03:02] R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2001-07-03 03:02] R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2001-07-03 03:02] R3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2005-06-02 18:27] R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36] S3 aligp;USB Composite Device;C:\WINDOWS\system32\DRIVERS\AliGP.sys [2005-06-02 18:53] S3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys [2004-09-12 09:45] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 09:26:03 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\Program Files\Eset\pr_imon.dll . Completion time: 2007-12-22 9:26:25 . 2007-12-18 02:05:55 — E O F —