GMER 1.0.12.12244 -
http://www.gmer.net
Rootkit scan 2007-04-25 08:48:55
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT 8AE18D60 ZwAlertResumeThread
SSDT 8AE0CD10 ZwAlertThread
SSDT 8A9D7818 ZwAllocateVirtualMemory
SSDT 8A95B4B8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 8AE00D88 ZwCreateMutant
SSDT 8AD64538 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 8AE13FD0 ZwFreeVirtualMemory
SSDT 8ADFC730 ZwImpersonateAnonymousToken
SSDT 8ADF9310 ZwImpersonateThread
SSDT 8AE450E8 ZwMapViewOfSection
SSDT 8AE01C40 ZwOpenEvent
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 8AE22B90 ZwOpenProcessToken
SSDT 8AE1DD10 ZwOpenThreadToken
SSDT 8AA1A7A0 ZwQueryValueKey
SSDT 8AD00B70 ZwResumeThread
SSDT 8AE1DE88 ZwSetContextThread
SSDT 8AE1D308 ZwSetInformationProcess
SSDT 8AE1EE50 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 8ADDE8F0 ZwSuspendProcess
SSDT 8AE22698 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 8AE23940 ZwTerminateThread
SSDT 8AE1BB98 ZwUnmapViewOfSection
SSDT 8AD13C68 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.12 ----
? C:\WINDOWS\system32\DRIVERS\update.sys
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified.
---- User code sections - GMER 1.0.12 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 009CF205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 00B5FEBF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 00B5FE40 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 00B5FE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 00B5FDCC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 00B5FE06 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 00B5FEFA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3428] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 009F15DA C:\WINDOWS\system32\IEFRAME.dll
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\User\Favorites\iFreelance.com :favicon
---- EOF - GMER 1.0.12 ----
"User" - 07-04-25 8:24:33 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\User\Desktop\"
((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))
2007-04-24 15:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-04-24 14:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-23 19:54 <DIR> d-------- C:\kav
2007-04-23 19:18 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2007-04-23 16:25 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-04-23 16:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-18 13:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-04-18 13:26 <DIR> d-------- C:\WINDOWS\nview
2007-04-18 13:05 <DIR> d-------- C:\Program Files\ResChanger 2005
2007-04-18 12:38 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-04-18 12:34 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-18 12:32 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-15 23:00 1,843,584 --a------ C:\WINDOWS\system32\win32k.sys
2007-04-15 22:48 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\SecondLife
2007-04-15 22:47 <DIR> d-------- C:\Program Files\SecondLife
2007-03-28 18:51 97,936 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 18:51 538,256 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-03-28 18:51 31,888 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 18:51 28,304 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 18:51 24,208 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 18:51 189,584 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 18:51 161,424 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-03-28 18:51 12,944 --a------ C:\WINDOWS\system32\drivers\symdns.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-25 07:41 18696 --a------ C:\WINDOWS\system32\tablet.dat
2007-04-18 21:11 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-04-16 07:30 -------- d-------- C:\Program Files\norton antivirus
2007-04-15 21:27 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2007-04-15 21:27 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-15 21:27 -------- d-------- C:\Program Files\symantec
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 00:05 -------- d-------- C:\Program Files\msxml 4.0
2007-03-14 11:13 -------- d-------- C:\Program Files\canon
2007-03-14 11:11 -------- d-------- C:\Program Files\scansoft
2007-03-14 11:11 -------- d-------- C:\Program Files\Common Files\scansoft shared
2007-03-14 11:11 -------- d-------- C:\DOCUME~1\User\APPLIC~1\scansoft
2007-03-14 10:56 -------- d--h----- C:\Program Files\canonbj
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-06 10:14 -------- d-------- C:\DOCUME~1\User\APPLIC~1\system tweaker
2007-03-06 09:59 -------- d-------- C:\Program Files\uniblue
2007-03-06 09:44 -------- d-------- C:\DOCUME~1\User\APPLIC~1\uniblue
2007-03-03 23:54 -------- d-------- C:\Program Files\msn messenger
2007-03-03 11:13 -------- d--h----- C:\Program Files\installshield installation information
2007-02-28 16:09 -------- d-------- C:\Program Files\temp
2007-02-28 15:18 -------- d-------- C:\DOCUME~1\User\APPLIC~1\ulead systems
2007-02-28 15:17 -------- d-------- C:\Program Files\windows media components
2007-02-28 14:49 -------- d-------- C:\Program Files\scanexpress a3 usb
2007-02-27 11:32 -------- d-------- C:\Program Files\pokerstars
2007-02-26 15:16 -------- d-------- C:\Program Files\amd
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Norton AntiVirus\NavShExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Gtwatch"="C:\\WINDOWS\\gtwatch.exe"
@="C:\\WINDOWS\\Gtwatch.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"OpwareSE4"="\"C:\\Program Files\\ScanSoft\\OmniPageSE4.0\\OpwareSE4.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Wise-FTP Scheduler"="C:\\Program Files\\AceBIT\\WISE-FTP\\WF_Scheduler.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I]
Shell\AutoRun\command I:\LaunchU3.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3dbf611-66dd-11db-b7a2-0016b6986979}]
Shell\AutoRun\command I:\LaunchU3.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - User.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-04-25 08:26:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-25 8:26:10
C:\ComboFix-quarantined-files.txt ... 07-04-25 08:26
"User" - 07-04-25 8:24:33 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\User\Desktop\"
((((((((((((((((((((((((((((((( Files Created from 2007-03-25 to 2007-04-25 ))))))))))))))))))))))))))))))))))
2007-04-24 15:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-04-24 14:22 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-23 19:54 <DIR> d-------- C:\kav
2007-04-23 19:18 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2007-04-23 16:25 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-04-23 16:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-18 13:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-04-18 13:26 <DIR> d-------- C:\WINDOWS\nview
2007-04-18 13:05 <DIR> d-------- C:\Program Files\ResChanger 2005
2007-04-18 12:38 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-04-18 12:34 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-18 12:32 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-15 23:00 1,843,584 --a------ C:\WINDOWS\system32\win32k.sys
2007-04-15 22:48 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\SecondLife
2007-04-15 22:47 <DIR> d-------- C:\Program Files\SecondLife
2007-03-28 18:51 97,936 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 18:51 538,256 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-03-28 18:51 31,888 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 18:51 28,304 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 18:51 24,208 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 18:51 189,584 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 18:51 161,424 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-03-28 18:51 12,944 --a------ C:\WINDOWS\system32\drivers\symdns.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-25 07:41 18696 --a------ C:\WINDOWS\system32\tablet.dat
2007-04-18 21:11 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-04-16 07:30 -------- d-------- C:\Program Files\norton antivirus
2007-04-15 21:27 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2007-04-15 21:27 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-15 21:27 -------- d-------- C:\Program Files\symantec
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-16 00:05 -------- d-------- C:\Program Files\msxml 4.0
2007-03-14 11:13 -------- d-------- C:\Program Files\canon
2007-03-14 11:11 -------- d-------- C:\Program Files\scansoft
2007-03-14 11:11 -------- d-------- C:\Program Files\Common Files\scansoft shared
2007-03-14 11:11 -------- d-------- C:\DOCUME~1\User\APPLIC~1\scansoft
2007-03-14 10:56 -------- d--h----- C:\Program Files\canonbj
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-06 10:14 -------- d-------- C:\DOCUME~1\User\APPLIC~1\system tweaker
2007-03-06 09:59 -------- d-------- C:\Program Files\uniblue
2007-03-06 09:44 -------- d-------- C:\DOCUME~1\User\APPLIC~1\uniblue
2007-03-03 23:54 -------- d-------- C:\Program Files\msn messenger
2007-03-03 11:13 -------- d--h----- C:\Program Files\installshield installation information
2007-02-28 16:09 -------- d-------- C:\Program Files\temp
2007-02-28 15:18 -------- d-------- C:\DOCUME~1\User\APPLIC~1\ulead systems
2007-02-28 15:17 -------- d-------- C:\Program Files\windows media components
2007-02-28 14:49 -------- d-------- C:\Program Files\scanexpress a3 usb
2007-02-27 11:32 -------- d-------- C:\Program Files\pokerstars
2007-02-26 15:16 -------- d-------- C:\Program Files\amd
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Norton AntiVirus\NavShExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Gtwatch"="C:\\WINDOWS\\gtwatch.exe"
@="C:\\WINDOWS\\Gtwatch.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"OpwareSE4"="\"C:\\Program Files\\ScanSoft\\OmniPageSE4.0\\OpwareSE4.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Wise-FTP Scheduler"="C:\\Program Files\\AceBIT\\WISE-FTP\\WF_Scheduler.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I]
Shell\AutoRun\command I:\LaunchU3.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3dbf611-66dd-11db-b7a2-0016b6986979}]
Shell\AutoRun\command I:\LaunchU3.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - User.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-04-25 08:26:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
04/25/07 08:55:02 [Info]: BlackLight Engine 1.0.61 initialized
04/25/07 08:55:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/25/07 08:55:02 [Note]: 7019 4
04/25/07 08:55:02 [Note]: 7005 0
04/25/07 08:55:08 [Note]: 7006 0
04/25/07 08:55:08 [Note]: 7011 1752
04/25/07 08:55:08 [Note]: 7026 0
04/25/07 08:55:08 [Note]: 7026 0
04/25/07 08:55:11 [Note]: FSRAW library version 1.7.1021
04/25/07 08:59:03 [Note]: 7007 0