6

(3 of 3)
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-15 20:00 15360]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe”
“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe”
“Steam”=“c:\program files\steam\steam.exe”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray”=“C:\WINDOWS\ehome\ehtray.exe”
“hpWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2006-10-18 09:32 472800]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”
“MsmqIntCert”=“regsvr32 /s mqrt.dll”
“High Definition Audio Property Page Shortcut”=“CHDAudPropShortcut.exe” [2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe”
“QPService”=“C:\Program Files\HP\QuickPlay\QPService.exe”
“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-09-06 13:47 173360]
“Cpqset”=“C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe”
“RecGuard”=“C:\Windows\SMINST\RecGuard.exe”
“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe”
“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe”
“SynTPStart”=“C:\Program Files\Synaptics\SynTP\SynTPStart.exe”
“HP Software Update”=“c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe”
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe”
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-07-20 20:58 7581696]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-07-20 20:58 86016]
“nwiz”=“nwiz.exe” [2006-07-20 20:58 1519616 C:\WINDOWS\system32\nwiz.exe]
“SoloSentry”=“C:\SRNMIC~1\SOLOSENT.EXE”
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe”

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-15 20:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 15:14:00]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-11-30 03:25:02]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 16:39:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 23:49]
S0 Spssys;Toshiba SPS Service;C:\WINDOWS\system32\drivers\spssys.sys
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 20:39]
S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [2006-07-16 06:27]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2007-02-25 14:42]

.
Contents of the ‘Scheduled Tasks’ folder
“2007-12-31 10:18:50 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job”

  • C:\Program Files\AdwareAlert\AdwareAlert .ex
  • C:\Program Files\AdwareAlert
    “2007-12-30 14:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    “2008-01-01 14:52:12 C:\WINDOWS\Tasks\User_Feed_Synchronization-{805A47BE-DB5F-4E09-82A4-199856E9AA86}.job”
  • C:\WINDOWS\system32\msfeedssync.exe
    .

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 15:20:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
Completion time: 2008-01-01 15:23:10 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 15:23:07
.
2007-11-02 13:48:36 — E O F —