0

Hi all,

I have recently installed a program called rapidown and was able to remove it using the add/remove programs built in to xp. However windows Explorer keeps crashing now at random times. I have tried a Spybot, Ad-aware and Windows defender scan but nothing shows up.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:39, on 07/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\HiJackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.uclan.ac.uk/gw/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: *.line6.net
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210511689015
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8757 bytes

1
Contributor
1
Reply
2
Views
9 Years
Discussion Span
Last Post by tezla
0

And a ComboFix Log hope it helps.

ComboFix 08-06-06.6 - User Ben 2008-06-07 11:33:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.750 [GMT 1:00]
Running from: D:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.

2008-06-07 11:18 . 2008-06-07 11:18 <DIR> d-------- C:\Program Files\ieSpell
2008-06-07 11:18 . 2008-06-07 11:18 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\ieSpell
2008-06-06 18:46 . 2008-06-06 18:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 18:46 . 2008-06-06 18:46 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\Malwarebytes
2008-06-06 18:46 . 2008-06-06 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 18:46 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 18:46 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-06 18:30 . 2008-06-06 18:30 <DIR> d-------- C:\Program Files\backups
2008-06-06 18:29 . 2008-06-06 18:27 401,720 --a------ C:\Program Files\HiJackThis.exe
2008-06-06 18:23 . 2008-06-06 18:24 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\Software Informer
2008-06-06 18:19 . 2008-06-06 18:22 <DIR> d-------- C:\Documents and Settings\User Ben\.housecall6.6
2008-06-06 18:06 . 2008-06-06 23:11 <DIR> d-------- C:\Program Files\MediaCoder iPhone Edition
2008-06-04 22:34 . 2008-06-04 22:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 22:34 . 2008-06-04 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 22:33 . 2008-06-04 22:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 12:24 . 2008-06-04 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-04 12:21 . 2008-06-04 12:21 <DIR> d-------- C:\Program Files\Unlocker
2008-06-04 11:49 . 2008-06-04 11:49 <DIR> d-------- C:\Program Files\CCleaner
2008-06-04 11:44 . 2008-06-04 11:52 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\Propellerhead Software
2008-06-04 11:44 . 2008-06-04 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2008-06-04 11:44 . 2008-06-04 11:44 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-06-04 11:44 . 2008-06-04 11:44 225,280 --a------ C:\WINDOWS\system32\ReWire.dll
2008-06-04 11:42 . 2008-06-04 11:42 <DIR> d-------- C:\Program Files\Propellerhead
2008-06-03 23:17 . 2008-06-03 23:17 <DIR> d-------- C:\Program Files\microKORG SoundEditor
2008-06-02 22:07 . 2008-06-04 21:33 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\uTorrent
2008-06-02 19:32 . 2008-06-02 19:32 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-06-01 13:21 . 2008-06-01 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Line 6
2008-06-01 13:21 . 2008-04-02 22:16 521,088 --a------ C:\WINDOWS\system32\drivers\L6PODX3LV.sys
2008-06-01 13:21 . 2008-04-02 22:16 167,936 --a------ C:\WINDOWS\system32\l6podx3lv.dll
2008-06-01 12:55 . 2008-06-01 12:55 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-01 12:55 . 2005-06-03 03:52 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-05-31 19:19 . 2008-05-31 19:19 <DIR> d-------- C:\Program Files\Sibelius Software
2008-05-31 19:19 . 2008-05-31 19:19 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\Sibelius Software
2008-05-31 16:59 . 2008-05-31 16:59 0 --a------ C:\WINDOWS\DMM.INI
2008-05-31 16:56 . 2008-05-31 16:56 <DIR> d-------- C:\Program Files\Sienzo
2008-05-30 22:47 . 2008-05-30 22:47 <DIR> d-------- C:\Program Files\GlobFX
2008-05-28 21:50 . 2008-05-28 21:51 <DIR> d-------- C:\Program Files\7-Zip
2008-05-28 21:41 . 2008-05-28 21:43 <DIR> d-------- C:\temp
2008-05-27 21:04 . 2008-05-27 21:04 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\InstallShield Installation Information
2008-05-27 20:55 . 2008-05-27 20:55 <DIR> d-------- C:\Program Files\SEGA
2008-05-27 20:55 . 2006-05-31 08:22 62,232 -r------- C:\WINDOWS\system32\GameuxInstallHelper.dll
2008-05-27 19:46 . 2008-05-27 19:57 <DIR> d-------- C:\Unreal Anthology
2008-05-27 19:46 . 1997-07-19 17:00 315,585 --a------ C:\WINDOWS\system32\COMCTL32.ocx
2008-05-27 19:46 . 1997-07-19 17:01 118,781 --a------ C:\WINDOWS\system32\TABCTL32.ocx
2008-05-27 19:46 . 1998-01-24 03:39 110,725 --a------ C:\WINDOWS\system32\RICHTX32.ocx
2008-05-27 19:46 . 1995-07-26 01:00 98,588 --a------ C:\WINDOWS\system32\THREED32.ocx
2008-05-27 19:46 . 2005-11-13 22:40 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-27 19:46 . 1997-07-19 17:00 66,924 --a------ C:\WINDOWS\system32\COMDLG32.ocx
2008-05-27 19:46 . 1995-07-26 01:00 48,640 --a------ C:\WINDOWS\system32\GRID32.ocx
2008-05-27 19:46 . 1997-01-16 10:11 44,831 --a------ C:\WINDOWS\system32\PICCLP32.ocx
2008-05-27 19:46 . 1995-07-26 01:00 43,502 --a------ C:\WINDOWS\system32\MSOUTL32.ocx
2008-05-24 21:24 . 2008-04-13 19:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-24 21:24 . 2008-04-13 19:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-24 18:47 . 2007-11-22 15:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-05-23 09:25 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-23 09:25 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-05-23 09:25 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-05-23 09:25 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-05-23 09:25 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-05-23 09:25 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-05-23 09:25 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-05-22 21:07 . 2008-06-07 11:04 <DIR> d-------- C:\Downloads
2008-05-22 21:06 . 2008-05-22 21:06 <DIR> d-------- C:\Program Files\Software Informer
2008-05-22 21:06 . 2008-05-22 21:07 <DIR> d-------- C:\Program Files\Free Download Manager
2008-05-22 21:06 . 2008-06-07 11:27 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\Free Download Manager
2008-05-22 21:06 . 2008-05-22 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-05-22 15:31 . 2008-05-28 22:03 <DIR> d-------- C:\Program Files\Paragon Software
2008-05-21 20:08 . 2008-05-21 20:08 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-05-20 20:33 . 2008-05-20 20:33 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-05-20 15:29 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-20 15:29 . 2008-03-19 18:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-18 22:16 . 2008-05-18 22:23 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\Azureus
2008-05-18 22:16 . 2008-05-18 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-18 13:19 . 2008-05-18 13:19 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-18 10:31 . 2008-05-18 10:31 <DIR> d-------- C:\Program Files\directx
2008-05-18 10:24 . 2008-05-24 22:48 <DIR> d-------- C:\UT2003
2008-05-17 22:56 . 2008-05-17 22:56 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\vlc
2008-05-17 17:48 . 2008-05-17 17:48 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\cmw
2008-05-17 17:10 . 2008-05-17 18:26 <DIR> d-------- C:\Program Files\winpwn
2008-05-17 16:21 . 2008-05-17 16:21 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\MSN6
2008-05-17 16:21 . 2008-05-17 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-05-17 13:40 . 2008-05-17 22:56 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-17 13:35 . 2008-05-17 13:35 <DIR> d-------- C:\Documents and Settings\User Ben\Shared
2008-05-17 13:35 . 2008-05-24 18:11 <DIR> d-------- C:\Documents and Settings\User Ben\Incomplete
2008-05-17 13:35 . 2008-05-17 13:43 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\FrostWire
2008-05-17 13:12 . 2008-06-01 13:20 <DIR> d-------- C:\Program Files\Line6
2008-05-17 13:12 . 2008-05-17 13:12 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-05-17 13:12 . 2008-06-01 13:21 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\Line 6
2008-05-17 13:12 . 2008-06-01 13:21 374 --a------ C:\WINDOWS\GearBox.ini
2008-05-17 10:54 . 2008-05-17 10:54 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 23:49 . 2008-05-24 18:42 <DIR> d-------- C:\Program Files\iLiberty
2008-05-16 22:28 . 2008-05-16 22:28 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-05-16 15:10 . 2008-06-03 23:59 4,047,853 --a------ C:\WINDOWS\pfirewall.log.old
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-16 10:50 . 2008-05-16 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-05-16 10:48 . 2008-05-16 10:48 52 --a------ C:\WINDOWS\SiSAudioRack.ini
2008-05-15 23:04 . 2008-06-01 19:26 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-05-15 23:04 . 2008-05-15 23:04 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-05-15 22:58 . 2008-05-15 22:55 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-05-15 22:57 . 2008-05-15 22:57 <DIR> d-------- C:\Program Files\Realtek AC97
2008-05-15 22:57 . 2008-05-15 22:57 <DIR> d-------- C:\Program Files\Orb Networks
2008-05-15 22:57 . 2008-05-15 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-05-15 22:57 . 2008-05-15 22:55 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-05-15 22:57 . 2008-05-15 22:55 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-05-15 22:23 . 2008-05-15 22:23 <DIR> d-------- C:\Program Files\WinSCP
2008-05-15 22:11 . 2008-05-15 22:11 <DIR> d-------- C:\Program Files\iTunes
2008-05-15 22:11 . 2008-05-15 22:11 <DIR> d-------- C:\Program Files\iPod
2008-05-15 22:11 . 2008-05-15 22:11 <DIR> d-------- C:\Program Files\Bonjour
2008-05-15 22:11 . 2008-05-17 18:44 <DIR> d-------- C:\Documents and Settings\User Ben\Application Data\Apple Computer
2008-05-15 22:11 . 2008-06-07 11:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-15 22:11 . 2008-05-15 22:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-15 22:10 . 2008-05-15 22:10 <DIR> d-------- C:\Program Files\QuickTime
2008-05-15 22:10 . 2008-05-15 22:10 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-15 22:10 . 2008-05-15 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 22:09 . 2008-06-01 13:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-15 22:09 . 2008-05-15 22:09 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-15 22:09 . 2008-05-15 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-15 22:09 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-05-15 16:53 . 2008-05-15 16:53 <DIR> d-------- C:\WINDOWS\Performance
2008-05-15 16:52 . 2008-05-15 16:52 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-05-15 16:52 . 2008-05-15 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-05-13 14:53 . 2008-05-13 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-13 14:44 . 2008-05-13 14:44 <DIR> d-------- C:\ATI
2008-05-13 13:56 . 2008-05-13 13:56 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-05-13 13:56 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 10:36 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-07 10:20 8,758 ----a-w C:\Program Files\hijackthis.log
2008-05-11 13:52 --------- d-----w C:\Program Files\Symantec
2008-05-11 13:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-11 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-11 13:42 --------- d-----w C:\Program Files\Windows Defender
2008-05-11 12:35 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-29 10:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 10:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 10:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-14 04:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ------w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ------w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"fsm"="" []
"ares"="C:\Program Files\Ares\Ares.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 20:31 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-10-06 17:56 161096]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SoundMan"="SOUNDMAN.EXE" [2008-05-15 22:55 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52 36975]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 01:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"C:\\Program Files\\SEGA\\SEGA Rally\\SEGA Rally.exe"=
"C:\\Program Files\\SEGA\\SEGA Rally\\SEGA Rally_SSE1.exe"=
"C:\\Program Files\\Sienzo\\DMM\\DMM.exe"=
"D:\\Program Files\\UnH Solutions\\New Folder\\UTORRENT.EXE"=

S3 L6PODX3LV;POD X3 Live Service;C:\WINDOWS\system32\Drivers\L6PODX3LV.sys [2008-04-02 22:16]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-07 10:39:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 11:38:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-07 11:40:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 10:40:24

Pre-Run: 20,190,748,672 bytes free
Post-Run: 20,250,075,136 bytes free

319 --- E O F --- 2008-06-06 17:14:32

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.