Part2 Combofix
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray”=“C:\WINDOWS\ehome\ehtray.exe” [2005-09-29 15:01]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-11-29 05:56]
“IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2004-10-30 15:59]
“SigmatelSysTrayApp”=“stsystra.exe” [2005-09-10 00:19 C:\WINDOWS\stsystra.exe]
“ISUSPM Startup”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-06-10 11:44]
“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2005-06-10 11:44]
“DLA”=“C:\WINDOWS\System32\DLA\DLACTRLW.EXE” [2005-09-08 06:20]
“CoolSwitch”=“C:\WINDOWS\system32\taskswitch.exe” [2002-03-19 17:30]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00]
“WinPatrol”=“C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe” [2006-07-20 21:38]
“SiteAdvisor”=“C:\Program Files\SiteAdvisor\6172\SiteAdv.exe” [2006-10-02 15:09]
“Dell QuickSet”=“C:\PROGRA~1\Dell\QuickSet\quickset.exe” [2006-04-06 15:58]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-06-29 06:24]
“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2006-09-15 16:53]
“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-09-15 16:50]
“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-09-15 16:54]
“Broadcom Wireless Manager UI”=“C:\WINDOWS\system32\WLTRAY.exe” [2006-11-01 12:48]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 06:06]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 05:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [2007-01-19 13:54]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-10 06:00]
“ScreenHunter 4.0 Free”=“C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe” [2003-02-22 16:25]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-07-16 21:18]
[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t
C:\Documents and Settings\Name\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 13:57:16]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-26 02:42:34]
VPN Client.lnk - C:\WINDOWS\Installer{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-07-09 17:41:01]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableRegistryTools”=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoCookiesForDCFTA”=E<60
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winysd32]
winysd32.dll
R2 VCAM;Webcam Simulator;C:\WINDOWS\system32\DRIVERS\vcam.sys
R2 windrvNT;windrvNT;??\C:\WINDOWS\system32\windrvNT.sys
R3 vgadrv;vgadrv;C:\WINDOWS\system32\DRIVERS\vgadrv.sys
R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys
S3 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys
S3 SNDP610;Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\sndp610.sys
S4 0035991173529615mcinstcleanup;McAfee Application Installer Cleanup (0035991173529615);C:\WINDOWS\TEMP\003599~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command
.
Contents of the ‘Scheduled Tasks’ folder
“2007-10-09 17:37:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
“2007-10-05 09:59:12 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DH6M12B1-Name).job”
- c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
“2007-10-09 20:50:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job”
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 16:48:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
disk error: C:\WINDOWS\
.
Completion time: 2007-10-09 16:51:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-10-09 16:50
.
— E O F —
END - COMBOFIX
