Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Pop-ups,sluggish Computer,hid Norton Symbol. (found Check_lsa7)


  • Please log in to reply
26 replies to this topic

#1 seapen

seapen

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 11 September 2007 - 05:12 AM

If anyone could help me out i'd really appreciate it.

I've lately had pop-ups, the computer has been sluggish and its even hid my norton symbol. I've found the check_LSA7.txt file and i also noticed NTUSER.dat and a ntuser.dat.txt file (in docs n settings)

Ive run norton so many times, it picks up nothing and I've also run Hijackthis because ive seen everyone else do it and i guess it could mean something to you.

(2 month old computer) might explain the small HijackThis v2.0.2 file. Please help thx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:25 PM, on 11/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\sikwnbxc.dll",forkonce
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvkix.dll,startup
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6955 bytes

    Advertisements

Register to Remove


#2 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 11 September 2007 - 09:58 AM

  • Hello, and welcome to the forum.

    My name is Simon V., and I'll be glad to help you with your computer problems.

    HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happens.
    I am currently looking over your log. As I am a trainee, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

    Please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


#3 seapen

seapen

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 11 September 2007 - 02:33 PM

Thank you, take your time. I'm currently running spyware scans from different programs to try get rid of it. I d/l'd spydoctor, but it wouldnt let me remove the infected files -.- im trying ad-aware 2007 now. Once again thank you

#4 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 11 September 2007 - 02:55 PM

  • Hi :)

    Rename HijackThis
  • Please right-click on HijackThis.exe and choose Rename. Rename it to Scanner.exe.

    SDFix
  • Please download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)
    • Print these instructions or copy them to Notepad and save it to your desktop, as you won't be able to access internet in Safe Mode.
    • Please reboot into Safe Mode. To do this, go to Start>Turn off Computer, and select Restart. Rapidly tap F8 just before Windows starts to load. In the menu that appears, select Safe Mode (Without Networking)

      Once in Safe Mode, do the following:
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
    • Press any key and it will restart the PC.
    • When the PC restarts the fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to clipboard ready for posting back on the forum).
    VundoFix
  • Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES.
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • A logfile will be saved at C:\vundofix.txt.
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

    SmitfraudFix
  • Please download SmitfraudFix (By S!ri).
    • Double-click on SmitfraudFix.exe. A screen will pop up. Select Option 1 (Search) by typing 1 and hit enter. A text file will appear, which will list the infected files. Save it to a convenient location.
    • The log will also be saved here: C:\rapport.txt
    • Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    Make an Uninstall List
  • To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and save the file to a convenient location. When you press Save, Notepad will open with the contents of that file.

    Report Back
  • Please post the reports from Vundofix, SDFix, Smitfraudfix and the Uninstall List, along with a new HijackThis log in your next reply.


#5 seapen

seapen

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 12 September 2007 - 02:07 AM

Hey, ive done the tests here are the reports
FYI im still getting pop-ups (dont knw if its meant 2 be solved yet)

SDFix Report

SDFix: Version 1.104

Run by Sachi Eapen on Wed 12/09/2007 at 05:17 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
DomainService

ImagePath:
C:\WINDOWS\system32\eabkunrs.exe /service

DomainService - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\Temp\win1DE.tmp.exe - Deleted
C:\WINDOWS\Temp\win1E2.tmp.exe - Deleted
C:\WINDOWS\Temp\win1DE.tmp.exe - Deleted
C:\WINDOWS\Temp\win1E2.tmp.exe - Deleted
C:\WINDOWS\mgrs.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\WINDOWS\\TEMP\\win1DC.tmp.exe"="C:\\WINDOWS\\TEMP\\win1DC.tmp.exe:*:Enabled:win1DC.tmp"
"C:\\WINDOWS\\system32\\eabkunrs.exe"="C:\\WINDOWS\\system32\\eab"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Program Files\Steam\steamapps\im_on_fire101@hotmail.com\counter-strike\cstrike\radial.cdb
C:\Program Files\Steam\steamapps\im_on_fire101@hotmail.com\counter-strike\cstrike\models\player\Thumbs.db
C:\WINDOWS\system32\jjkmp.tmp
C:\WINDOWS\system32\jjkmp.tmp2

Finished!

VundoFix Report


VundoFix V6.5.8

Checking Java version...

Scan started at 5:43:43 PM 12/09/2007

Listing files found while scanning....

C:\windows\system32\cxbnwkis.ini
C:\windows\system32\drvkix.dll
C:\windows\system32\sikwnbxc.dll

Beginning removal...

Attempting to delete C:\windows\system32\cxbnwkis.ini
C:\windows\system32\cxbnwkis.ini Has been deleted!

Attempting to delete C:\windows\system32\drvkix.dll
C:\windows\system32\drvkix.dll Has been deleted!

Attempting to delete C:\windows\system32\sikwnbxc.dll
C:\windows\system32\sikwnbxc.dll Has been deleted!

Performing Repairs to the registry.
Done!

SmitFraudFix report

SmitFraudFix v2.222

Scan done at 17:55:57.73, Wed 12/09/2007
Run from C:\Documents and Settings\Sachi Eapen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sachi Eapen


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sachi Eapen\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SACHIE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.138
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A228E439-A623-4E43-8E26-0D0DC1FB1310}: DhcpNameServer=10.0.0.138 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A228E439-A623-4E43-8E26-0D0DC1FB1310}: DhcpNameServer=10.0.0.138 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A228E439-A623-4E43-8E26-0D0DC1FB1310}: DhcpNameServer=10.0.0.138 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138 192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

New HijackThis report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:03 PM, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvkix.dll,startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7470 bytes

#6 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 12 September 2007 - 06:32 AM

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


#7 seapen

seapen

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 12 September 2007 - 07:06 AM

Hey, ok done both tests here are the results. (i have a windows update ready to install so i was just wondering whether i should wait till the testing etc. is complete)

ComboFix

ComboFix 07-09-10.6 - "Sachi Eapen" 2007-09-12 22:48:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1432 [GMT 10:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cfmngmks.dll
C:\WINDOWS\system32\hggddef.dll
C:\WINDOWS\system32\hgggeba.dll
C:\WINDOWS\system32\iifgdda.dll
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\jjkmp.tmp
C:\WINDOWS\system32\nsi308.dll
C:\WINDOWS\system32\rqrsrop.dll
C:\WINDOWS\system32\skmgnmfc.ini
C:\WINDOWS\system32\wineil32.dll
C:\WINDOWS\system32\yaywvvw.dll


((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 )))))))))))))))))))))))))))))))
.

2007-09-12 22:54 733,148 ---hs---- C:\WINDOWS\system32\jjkmp.bak1
2007-09-12 22:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 20:00 <DIR> d-------- C:\Program Files\Paint.NET
2007-09-12 17:55 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-12 17:55 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-12 17:55 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-12 17:55 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-12 17:43 <DIR> d-------- C:\VundoFix Backups
2007-09-12 17:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-12 06:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-12 06:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-11 22:10 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-11 20:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-11 17:20 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-09-11 16:52 <DIR> d-------- C:\WINDOWS\pss
2007-09-11 16:26 <DIR> d-------- C:\Program Files\Google
2007-09-10 16:34 36,576 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-09-10 16:32 244,832 --a------ C:\WINDOWS\system32\pmkjj.dll
2007-09-09 22:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\BitTorrent DNA
2007-09-09 21:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\WinRAR
2007-09-09 21:28 39,881 --a------ C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-09 21:27 55,592 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-09-07 22:33 <DIR> d-------- C:\Program Files\Xilisoft
2007-09-07 21:25 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Nokia Multimedia Player
2007-09-07 21:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-09-07 21:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Nokia
2007-09-07 21:17 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-07 21:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-09-07 21:17 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-09-07 21:17 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-09-07 21:17 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-09-07 21:17 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-09-07 21:17 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-09-07 21:17 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-07 21:17 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-07 21:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-09-07 07:42 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-06 23:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Phone Browser
2007-09-06 23:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\PC Suite
2007-09-06 23:34 <DIR> d-------- C:\Program Files\Nokia
2007-09-05 22:37 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-09-05 22:37 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-09-05 22:37 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-09-05 22:37 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-01 11:39 <DIR> d-------- C:\Program Files\ahead
2007-08-31 13:07 <DIR> d-------- C:\Program Files\Armadillo Run Demo
2007-08-30 21:17 66 --a------ C:\WINDOWS\system32\MASHTWTY.SYS
2007-08-30 21:17 <DIR> d-------- C:\Program Files\Blaze Audio
2007-08-27 19:19 <DIR> d-------- C:\DOCUME~1\SACHIE~1\WINDOWS
2007-08-26 14:41 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-08-26 14:16 <DIR> d-------- C:\Program Files\Ventrilo
2007-08-26 14:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 14:16 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Ventrilo
2007-08-25 11:36 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-25 11:36 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-25 11:36 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-25 11:36 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-24 17:30 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Shared
2007-08-24 17:30 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\LimeWire
2007-08-22 16:53 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-08-22 16:53 1,732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2007-08-22 16:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-08-21 21:50 61,440 --a------ C:\WINDOWS\system32\gzmrotate.dll
2007-08-20 18:59 <DIR> d-------- C:\Program Files\mIRC
2007-08-20 18:59 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\mIRC
2007-08-20 18:53 <DIR> d-------- C:\Program Files\Steam
2007-08-20 18:46 <DIR> d-------- C:\Program Files\iTunes
2007-08-20 18:46 <DIR> d-------- C:\Program Files\iPod
2007-08-20 18:46 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Apple Computer
2007-08-20 18:45 <DIR> d-------- C:\Program Files\QuickTime
2007-08-20 18:45 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-20 18:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-20 18:44 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-20 18:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-19 20:31 <DIR> d-------- C:\Program Files\EA GAMES
2007-08-17 17:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Contacts
2007-08-17 17:10 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-17 14:02 <DIR> d-------- C:\Program Files\Motherboard Monitor 5
2007-08-17 13:26 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-17 13:18 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-17 13:18 <DIR> d-------- C:\WINDOWS\nview
2007-08-17 13:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-17 08:48 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-17 08:47 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-17 08:47 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-08-17 08:47 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-08-17 08:45 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-08-17 08:43 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-08-17 08:43 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-08-17 08:07 16,176 --------- C:\WINDOWS\system32\drivers\NVXBAR.SYS
2007-08-17 08:07 141,246 --------- C:\WINDOWS\system32\drivers\NVCAP.SYS
2007-08-17 08:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-17 08:05 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-17 08:02 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2007-08-17 08:02 <DIR> d-------- C:\Program Files\XpertVision
2007-08-17 08:00 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-08-17 07:56 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-08-17 07:55 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-17 07:55 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-17 07:55 <DIR> d-------- C:\Program Files\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 17:23 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-11 17:23 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-26 14:27 520192 --a------ C:\WINDOWS\RtlExUpd.dll
2007-08-17 07:50 315392 --a------ C:\WINDOWS\HideWin.exe
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 20:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{620F91F9-79D6-421D-A136-779F553A8C0E}]
2007-09-10 16:33 244832 --a------ C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\XpertVision\TBPanel.exe" [2007-04-23 19:20]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 17:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 11:22]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Steam"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\pmkjj

R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys
S3 Cardex;Cardex;\??\C:\WINDOWS\system32\drivers\TBPANEL.SYS
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-09-11 07:26:24 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sachi Eapen.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-12 22:54:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-12 22:58:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-12 22:58
.
--- E O F ---

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:53 PM, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7207 bytes

#8 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 12 September 2007 - 08:47 AM

  • Hi :)

    P2P Warning
  • I understand that downloading music and other files may be important to you; however, the P2P programs that you are using to do that, even if they are not infected with malware, will bring malware into your system. Therefore, the chances of you becoming infected again are very high. This obviously can result in disabling your computer and could even lead to someone stealing sensitive personal data from your computer. Beyond the inconvenience this causes you, these programs also tend to use your computer as a server to spread more infection all over the internet, so your computer becomes a part of the malware problem.

    Remember that no matter how clean the program you're using for Peer-to-Peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via P2P filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Any program or file that offers you the ability to access non-freeware programs at no cost, e.g., pirated software and/or cracks/key generators for gaining access to legitimate software, is 100% guaranteed to contain malware.

    Here is some information that looks at the rates of infection:

    http://www.benedelman.org/spyware/p2p/

    With that being said, I recommend that you remove the following P2P program(s):

    BitTorrent

    Rename HijackThis
  • Please right-click on HijackThis.exe and choose Rename. Rename it to Scanner.exe.

    Make an Uninstall List
  • To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and save the file to a convenient location. When you press Save, Notepad will open with the contents of that file.

    Upload Files to Virustotal
  • Please visit Virustotal
    • Click the Browse... button.
    • Navigate to the file C:\WINDOWS\system32\MASHTWTY.SYS
    • Click the Open button.
    • Click the Send button.
    • Copy and paste the results in Notepad, and save them to your desktop, so you can post them in your next reply.
    Run Kaspersky Online Scan
  • Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
      • Scan Options:
      Scan Archives Scan Mail Bases
    • Click OK
    • Now under select a target to scan:Select My Computer
    • The program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    Report Back
  • Please post the results from Virustotal, the report from the Kaspersky Online Scan and the Uninstall List, along with a new HijackThis log in your next reply.


#9 seapen

seapen

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 12 September 2007 - 08:43 PM

Ok done but with one problem. When i clicked save list after going to uninstall manager the program just dissappears. But ive got the other 3 reports:

VirusTotal

File MASHTWTY.SYS received on 09.12.2007 23:26:42 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.9.13.0 2007.09.12 -
AntiVir 7.6.0.10 2007.09.12 -
Authentium 4.93.8 2007.09.12 -
Avast 4.7.1043.0 2007.09.12 -
AVG 7.5.0.485 2007.09.12 -
BitDefender 7.2 2007.09.12 -
CAT-QuickHeal 9.00 2007.09.12 -
ClamAV 0.91.2 2007.09.12 -
DrWeb 4.33 2007.09.12 -
eSafe 7.0.15.0 2007.09.12 -
eTrust-Vet 31.1.5128 2007.09.12 -
Ewido 4.0 2007.09.12 -
FileAdvisor 1 2007.09.12 -
Fortinet 3.11.0.0 2007.09.12 -
F-Prot 4.3.2.48 2007.09.12 -
F-Secure 6.70.13030.0 2007.09.12 -
Ikarus T3.1.1.12 2007.09.12 -
Kaspersky 4.0.2.24 2007.09.12 -
McAfee 5118 2007.09.12 -
Microsoft 1.2803 2007.09.12 -
NOD32v2 2525 2007.09.12 -
Norman 5.80.02 2007.09.12 -
Panda 9.0.0.4 2007.09.12 -
Prevx1 V2 2007.09.12 -
Rising 19.40.22.00 2007.09.12 -
Sophos 4.21.0 2007.09.12 -
Sunbelt 2.2.907.0 2007.09.12 -
Symantec 10 2007.09.12 -
TheHacker 6.1.10.184 2007.09.11 -
VBA32 3.12.2.4 2007.09.12 -
VirusBuster 4.3.26:9 2007.09.12 -
Webwasher-Gateway 6.0.1 2007.09.12 -
Additional information
File size: 66 bytes
MD5: 632a5bfc20777c0f8fa6efc3a8dabc1d
SHA1: 9ebbefbf9a4ec0efcce14abb0aee9192a5ac940b

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, September 13, 2007 12:36:05 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 13/09/2007
Kaspersky Anti-Virus database records: 412762
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 36350
Number of viruses found: 12
Number of infected objects: 77
Number of suspicious objects: 0
Duration of the scan process: 00:35:10

Infected Object Name / Virus Name / Last Action
C:\check_LSA7.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-13_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\235A5792.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\248A1843.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\258C0D27.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389E3E2B.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\D9D12210.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sachi Eapen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sachi Eapen\Desktop\Fix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sachi Eapen\Desktop\Fix\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sachi Eapen\Desktop\Fix\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sachi Eapen\Desktop\Fix\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Sachi Eapen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sachi Eapen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sachi Eapen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sachi Eapen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sachi Eapen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Sachi Eapen\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hggddef.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hgggeba.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\iifgdda.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nsi308.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.fj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rqrsrop.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wineil32.dll.vir Infected: Trojan.Win32.Dialer.qn skipped
C:\qoobox\Quarantine\catchme2007-09-12_225412.67.zip/yaywvvw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\qoobox\Quarantine\catchme2007-09-12_225412.67.zip ZIP: infected - 1 skipped
C:\SDFix\backups\backups.zip/backups/mgrs.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\SDFix\backups\backups.zip/backups/win1DE.tmp.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\SDFix\backups\backups.zip/backups/win1E2.tmp.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\SDFix\backups\backups.zip ZIP: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010317.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010317.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ql skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010317.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.uo skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010317.exe/data.rar Infected: Trojan.Win32.Dialer.uo skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010317.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010322.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010322.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ql skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010322.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.uo skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010322.exe/data.rar Infected: Trojan.Win32.Dialer.uo skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010322.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010323.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010323.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ql skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010323.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.uo skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010323.exe/data.rar Infected: Trojan.Win32.Dialer.uo skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010323.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010327.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010327.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ql skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010327.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.uo skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010327.exe/data.rar Infected: Trojan.Win32.Dialer.uo skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP74\A0010327.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010339.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010339.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ql skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010339.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.uo skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010339.exe/data.rar Infected: Trojan.Win32.Dialer.uo skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010339.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010341.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010341.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ql skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010341.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.uo skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010341.exe/data.rar Infected: Trojan.Win32.Dialer.uo skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010341.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010342.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010342.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ql skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010342.exe/data.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.ql skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010342.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0010343.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0011454.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BHO.fj skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0011454.exe/stream Infected: not-a-virus:AdWare.Win32.BHO.fj skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP75\A0011454.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP76\A0013647.exe Infected: Trojan-Downloader.Win32.Alphabet.y skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP76\A0013648.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.cme skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP76\A0013648.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP76\A0013649.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.b skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP77\A0014863.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP77\A0015869.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP77\A0015875.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP77\A0015877.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP77\A0015878.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP77\A0015906.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP77\A0015909.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP79\A0017009.dll Infected: not-a-virus:AdWare.Win32.BHO.fj skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP79\A0017011.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP79\A0017012.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP79\A0017013.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP79\A0017014.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP79\A0017015.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP79\A0017026.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{9A808635-6749-48CB-8B2D-D63314386286}\RP80\change.log Object is locked skipped
C:\VundoFix Backups\drvkix.dll.bad Infected: Trojan.Win32.Dialer.qn skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

New HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:56 PM, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Paint.NET\PaintDotNet.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\pstbwcgk.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7042 bytes

#10 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 12 September 2007 - 11:31 PM

Please rename HijackThis.exe to Scanner.exe and post a new log.

    Advertisements

Register to Remove


#11 seapen

seapen

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 12 September 2007 - 11:35 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:31 PM, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\pstbwcgk.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7265 bytes

#12 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 12 September 2007 - 11:48 PM

Ok. I think you're renaming the shortcut... I'll explain it better :)

Go to My Computer > C: > Program Files > Trend Micro > HijackThis. Then right-click on HijackThis.exe, and choose Rename. Rename it to Scanner.exe, and post back with a new HijackThis (Scanner) log.

#13 seapen

seapen

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 12 September 2007 - 11:54 PM

Hahaha, how embarressing :P i did what u said and tada

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:55 PM, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\scanner\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {46D0A485-AA51-4B5E-BE9D-021A635D4DCC} - C:\WINDOWS\system32\pmkjj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\pstbwcgk.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7774 bytes

#14 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 13 September 2007 - 09:33 AM

  • Hi :)

    Upload Malware to uploadmalware.com
  • Please go to http://www.uploadmalware.com/
    • Put your username in the correct box and give a link to this topic.
    • In the File(s) To Submit: copy and paste the following (one line per box):

      C:\WINDOWS\system32\pmkjj.dll
      C:\WINDOWS\system32\pstbwcgk.dll
    • Now click Send File and close the window.
    Fix Entries with HijackThis
  • Open HijackThis, perform a scan and put a check next to the following items (if present):

    O2 - BHO: (no name) - {46D0A485-AA51-4B5E-BE9D-021A635D4DCC} - C:\WINDOWS\system32\pmkjj.dll
    O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\pstbwcgk.dll",forkonce


    Close all programs except HijackThis and click on Fix checked.

    VundoFix
  • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once the scan is complete, right-click inside the listbox (white box) and click add more files.
    • Copy & Paste the entries below into the boxes:
      • C:\WINDOWS\system32\pmkjj.dll
      • C:\WINDOWS\system32\pstbwcgk.dll
    • Click Add Files and click Close Window.
    • Click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES.
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • A logfile will be saved at C:\vundofix.txt.
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

  • Rerun Combofix.exe. Post the log it creates, along with the Vundofix log and a new HijackThis log.


#15 seapen

seapen

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 13 September 2007 - 03:57 PM

Vundofix didnt make a log. i also noticed that the pmkjj file is continuously changing its numbers before it. ill post the combofix and hijackthis logs but i was wondering if i should just re-format the computer?

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:53 AM, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\scanner\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9179C48D-2048-40D1-AD09-912749A2719A} - C:\WINDOWS\system32\pmkjj.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7562 bytes

Combofix

ComboFix 07-09-10.6 - "Sachi Eapen" 2007-09-14 7:41:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1581 [GMT 10:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\nmawrurv.ini
C:\WINDOWS\system32\vrurwamn.dll


((((((((((((((((((((((((( Files Created from 2007-08-13 to 2007-09-13 )))))))))))))))))))))))))))))))
.

2007-09-14 07:45 728,092 ---hs---- C:\WINDOWS\system32\jjkmp.bak1
2007-09-13 07:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-13 07:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-12 22:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 20:00 <DIR> d-------- C:\Program Files\Paint.NET
2007-09-12 17:55 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-12 17:55 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-12 17:55 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-12 17:55 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-12 17:43 <DIR> d-------- C:\VundoFix Backups
2007-09-12 17:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-12 06:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-12 06:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-11 22:10 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-11 20:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-11 17:20 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-09-11 16:52 <DIR> d-------- C:\WINDOWS\pss
2007-09-11 16:26 <DIR> d-------- C:\Program Files\Google
2007-09-10 16:34 36,576 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-09-10 16:32 244,832 --------- C:\WINDOWS\system32\pmkjj.dll
2007-09-09 22:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\BitTorrent DNA
2007-09-09 21:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\WinRAR
2007-09-09 21:28 39,881 --a------ C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-09 21:27 55,592 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-09-07 22:33 <DIR> d-------- C:\Program Files\Xilisoft
2007-09-07 21:25 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Nokia Multimedia Player
2007-09-07 21:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-09-07 21:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Nokia
2007-09-07 21:17 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-07 21:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-09-07 21:17 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-09-07 21:17 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-09-07 21:17 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-09-07 21:17 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-09-07 21:17 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-09-07 21:17 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-07 21:17 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-07 21:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-09-07 07:42 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-06 23:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Phone Browser
2007-09-06 23:36 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\PC Suite
2007-09-06 23:34 <DIR> d-------- C:\Program Files\Nokia
2007-09-05 22:37 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-09-05 22:37 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-09-05 22:37 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-09-05 22:37 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-01 11:39 <DIR> d-------- C:\Program Files\ahead
2007-08-31 13:07 <DIR> d-------- C:\Program Files\Armadillo Run Demo
2007-08-30 21:17 66 --a------ C:\WINDOWS\system32\MASHTWTY.SYS
2007-08-30 21:17 <DIR> d-------- C:\Program Files\Blaze Audio
2007-08-27 19:19 <DIR> d-------- C:\DOCUME~1\SACHIE~1\WINDOWS
2007-08-26 14:41 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-08-26 14:16 <DIR> d-------- C:\Program Files\Ventrilo
2007-08-26 14:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 14:16 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Ventrilo
2007-08-25 11:36 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-25 11:36 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-08-25 11:36 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-08-25 11:36 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-24 17:30 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Shared
2007-08-24 17:30 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\LimeWire
2007-08-22 16:53 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-08-22 16:53 1,732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2007-08-22 16:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-08-21 21:50 61,440 --a------ C:\WINDOWS\system32\gzmrotate.dll
2007-08-20 18:59 <DIR> d-------- C:\Program Files\mIRC
2007-08-20 18:59 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\mIRC
2007-08-20 18:53 <DIR> d-------- C:\Program Files\Steam
2007-08-20 18:46 <DIR> d-------- C:\Program Files\iTunes
2007-08-20 18:46 <DIR> d-------- C:\Program Files\iPod
2007-08-20 18:46 <DIR> d-------- C:\DOCUME~1\SACHIE~1\APPLIC~1\Apple Computer
2007-08-20 18:45 <DIR> d-------- C:\Program Files\QuickTime
2007-08-20 18:45 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-20 18:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-20 18:44 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-20 18:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-19 20:31 <DIR> d-------- C:\Program Files\EA GAMES
2007-08-17 17:18 <DIR> d-------- C:\DOCUME~1\SACHIE~1\Contacts
2007-08-17 17:10 <DIR> d-------- C:\Program Files\MSN Messenger
2007-08-17 14:02 <DIR> d-------- C:\Program Files\Motherboard Monitor 5
2007-08-17 13:26 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-17 13:18 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-17 13:18 <DIR> d-------- C:\WINDOWS\nview
2007-08-17 13:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-17 08:48 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-17 08:47 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-17 08:47 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-08-17 08:47 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-08-17 08:45 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-08-17 08:43 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-08-17 08:43 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-08-17 08:07 16,176 --------- C:\WINDOWS\system32\drivers\NVXBAR.SYS
2007-08-17 08:07 141,246 --------- C:\WINDOWS\system32\drivers\NVCAP.SYS
2007-08-17 08:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-17 08:05 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-17 08:02 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2007-08-17 08:02 <DIR> d-------- C:\Program Files\XpertVision
2007-08-17 08:00 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-08-17 07:56 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-08-17 07:55 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 17:23 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-11 17:23 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-26 14:27 520192 --a------ C:\WINDOWS\RtlExUpd.dll
2007-08-17 07:50 315392 --a------ C:\WINDOWS\HideWin.exe
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-12_225811.18 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 68,608 2007-09-13 21:14:17 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2007-09-13 21:14:35 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 4,308,992 2007-09-13 21:14:36 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 2,902,016 2007-09-13 21:14:29 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 482,304 2007-09-13 21:14:37 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 258,048 2007-09-13 21:14:08 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 114,176 2007-09-13 21:14:08 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
----a-w 260,096 2007-09-13 21:14:47 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,156,864 2007-09-13 21:14:23 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2007-09-13 21:14:15 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 507,904 2007-09-13 21:14:07 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2007-09-13 21:14:10 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2007-09-13 21:14:32 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 36,864 2007-09-13 21:14:33 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 5,632 2007-09-13 21:14:34 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 413,696 2007-09-13 21:14:11 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
----a-w 36,864 2007-09-13 21:14:12 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
----a-w 647,168 2007-09-13 21:14:13 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
----a-w 73,728 2007-09-13 21:14:14 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
----a-w 749,568 2007-09-13 21:14:11 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 667,648 2007-09-13 21:14:49 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 372,736 2007-09-13 21:14:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
----a-w 110,592 2007-09-13 21:14:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2007-09-13 21:14:05 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
----a-w 5,632 2007-09-13 21:14:52 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2007-09-13 21:14:05 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2007-09-13 21:14:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2007-09-13 21:14:06 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 110,592 2007-09-13 21:14:41 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
----a-w 2,940,928 2007-09-13 21:14:45 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
----a-w 413,696 2007-09-13 21:14:43 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2007-09-13 21:14:18 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
----a-w 716,800 2007-09-13 21:14:38 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 888,832 2007-09-13 21:14:09 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,001,216 2007-09-13 21:14:30 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 397,312 2007-09-13 21:14:18 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 188,416 2007-09-13 21:14:19 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
----a-w 577,536 2007-09-13 21:14:45 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2007-09-13 21:14:21 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
----a-w 372,736 2007-09-13 21:14:39 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2007-09-13 21:14:46 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2007-09-13 21:14:40 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 131,072 2007-09-13 21:14:40 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2007-09-13 21:14:16 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 114,688 2007-09-13 21:14:22 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 835,584 2007-09-13 21:14:48 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 86,016 2007-09-13 21:14:24 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 823,296 2007-09-13 21:14:25 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,152,768 2007-09-13 21:14:26 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 2,027,520 2007-09-13 21:14:28 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
----a-w 11,304,960 2007-09-13 21:06:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\94126ac85ed603c9cf102c946c574248\mscorlib.ni.dll
----a-w 8,130,560 2007-09-13 21:07:15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\d7398c0a831a8f34930ac63c8fb2d5cb\System.ni.dll
----a-w 6,676,480 2007-09-13 21:07:38 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\e6c2afe0979e5b17aa21ede171ac92c3\System.Data.ni.dll
----a-w 10,702,848 2007-09-13 21:12:13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\28e0c28804f0a9fd240ecacee3bc80ec\System.Design.ni.dll
----a-w 1,601,536 2007-09-13 21:12:17 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\e1e7f81a7649db69e386036bbfbe7536\System.Drawing.ni.dll
----a-w 229,376 2007-09-13 21:12:19 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\8551095999dcad4b93d09cc3fbb5b08b\System.Drawing.Design.ni.dll
----a-w 13,107,200 2007-09-13 21:12:40 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\de3f835565e852f631d2d35e18aeb8d5\System.Windows.Forms.ni.dll
----a-w 5,623,808 2007-09-13 21:16:20 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a0716d4926ca6948100c0c89e7178f64\System.Xml.ni.dll
----a-w 1,297,910 2007-09-13 21:13:07 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1DB.tmp\System.Xml.dll
----a-r 290,182 2007-09-13 03:01:42 C:\WINDOWS\Installer\{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}\_6FEFF9B68218417F98F549.exe
----a-w 58,712 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
----a-w 507,904 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
----a-w 10,752 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
----a-w 8,192 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
----a-w 23,552 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
----a-w 75,264 2007-04-12 17:20:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
----a-w 32,608 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
----a-w 33,632 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
----a-w 32,600 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
----a-w 88,576 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
----a-w 5,120 2007-04-12 17:20:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
----a-w 9,728 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
----a-w 228,688 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
----a-w 28,672 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
----a-w 413,696 2007-04-12 17:21:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
----a-w 647,168 2007-04-12 17:21:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
----a-w 749,568 2007-04-12 17:21:08 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
----a-w 87,040 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
----a-w 802,304 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
----a-w 36,864 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
----a-w 326,656 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
----a-w 4,308,992 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
----a-w 102,912 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
----a-w 227,328 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
----a-w 68,952 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
----a-w 5,634,048 2007-04-12 17:21:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
----a-w 99,152 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
----a-w 15,360 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
----a-w 136,192 2007-04-12 17:21:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
----a-w 382,464 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
----a-w 110,592 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
----a-w 413,696 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
----a-w 2,902,016 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
----a-w 482,304 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
----a-w 716,800 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
----a-w 888,832 2007-04-12 17:20:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
----a-w 5,001,216 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
----a-w 188,416 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
----a-w 2,940,928 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
----a-w 577,536 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
----a-w 258,048 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
----a-w 47,616 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
----a-w 114,176 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
----a-w 372,736 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
----a-w 299,008 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
----a-w 260,096 2007-04-12 17:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
----a-w 5,156,864 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
----a-w 5,152,768 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
----a-w 2,027,520 2007-04-12 17:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
----a-w 1,166,672 2007-04-12 17:21:28 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
----a-w 1,330,688 2007-04-12 17:20:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
----a-w 406,016 2007-04-12 17:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
----a-w 271,360 2007-04-12 17:21:14 C:\WINDOWS\system32\mscoree.dll
----a-w 58,732 2007-09-13 21:15:09 C:\WINDOWS\system32\perfc009.dat
----a-w 392,432 2007-09-13 21:15:09 C:\WINDOWS\system32\perfh009.dat
----a-w 213,048 2005-05-24 01:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
----a-w 94,208 2007-09-07 01:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 946,176 2007-09-07 01:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
----atw 16,384 2007-09-13 21:44:49 C:\WINDOWS\Temp\Perflib_Perfdata_3a0.dat
----a-w 258,048 2007-09-13 21:14:08 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 114,176 2007-09-13 21:14:08 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
----a-w 68,608 2007-09-12 09:36:59 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2007-09-12 09:37:34 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 4,308,992 2007-09-12 09:37:42 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 2,878,976 2007-09-12 09:37:14 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 482,304 2007-09-12 09:37:45 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 258,048 2007-09-12 09:36:43 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 114,176 2007-09-12 09:36:43 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
----a-w 260,096 2007-09-12 09:38:06 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,025,792 2007-09-12 09:37:07 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2007-09-12 09:36:58 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 503,808 2007-09-12 09:36:39 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2007-09-12 09:36:48 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2007-09-12 09:37:18 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 36,864 2007-09-12 09:37:21 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 5,632 2007-09-12 09:37:23 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 413,696 2007-09-12 09:36:51 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
----a-w 36,864 2007-09-12 09:36:54 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
----a-w 647,168 2007-09-12 09:36:56 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
----a-w 73,728 2007-09-12 09:36:57 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
----a-w 745,472 2007-09-12 09:36:50 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 667,648 2007-09-12 09:38:09 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 372,736 2007-09-12 09:38:11 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
----a-w 110,592 2007-09-12 09:38:12 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2007-09-12 09:36:31 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
----a-w 5,632 2007-09-12 09:38:13 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2007-09-12 09:36:34 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2007-09-12 09:36:39 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2007-09-12 09:36:35 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 110,592 2007-09-12 09:37:55 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
----a-w 3,018,752 2007-09-12 09:38:01 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
----a-w 389,120 2007-09-12 09:37:56 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2007-09-12 09:37:01 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
----a-w 716,800 2007-09-12 09:37:48 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 884,736 2007-09-12 09:36:44 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,050,368 2007-09-12 09:37:15 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 397,312 2007-09-12 09:37:02 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 188,416 2007-09-12 09:37:03 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
----a-w 700,416 2007-09-12 09:38:02 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2007-09-12 09:37:05 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
----a-w 368,640 2007-09-12 09:37:50 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2007-09-12 09:38:04 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2007-09-12 09:37:52 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 131,072 2007-09-12 09:37:54 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2007-09-12 09:36:59 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 114,688 2007-09-12 09:37:06 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 835,584 2007-09-12 09:38:08 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 86,016 2007-09-12 09:37:08 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 823,296 2007-09-12 09:37:10 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,316,608 2007-09-12 09:37:12 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 2,035,712 2007-09-12 09:37:13 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
----a-r 290,182 2007-09-12 10:00:49 C:\WINDOWS\Installer\{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}\_6FEFF9B68218417F98F549.exe
----a-w 55,488 2005-09-22 21:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
----a-w 503,808 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
----a-w 10,752 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
----a-w 8,192 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
----a-w 23,552 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
----a-w 70,656 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
----a-w 26,824 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
----a-w 29,896 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
----a-w 29,888 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
----a-w 88,576 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
----a-w 4,608 2005-09-22 21:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
----a-w 9,728 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
----a-w 224,952 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
----a-w 28,672 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
----a-w 413,696 2005-09-22 21:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
----a-w 647,168 2005-09-22 21:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
----a-w 745,472 2005-09-22 21:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
----a-w 87,552 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
----a-w 800,768 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
----a-w 36,864 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
----a-w 326,144 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
----a-w 4,308,992 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
----a-w 102,400 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
----a-w 226,816 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
----a-w 66,240 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
----a-w 5,615,616 2005-09-22 21:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
----a-w 96,440 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
----a-w 14,848 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
----a-w 136,192 2005-09-22 21:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
----a-w 377,344 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
----a-w 110,592 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
----a-w 389,120 2005-09-22 21:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
----a-w 2,878,976 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
----a-w 482,304 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
----a-w 716,800 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
----a-w 884,736 2005-09-22 21:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
----a-w 5,050,368 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
----a-w 188,416 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
----a-w 3,018,752 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
----a-w 700,416 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
----a-w 258,048 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
----a-w 47,616 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
----a-w 114,176 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
----a-w 368,640 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
----a-w 299,008 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
----a-w 260,096 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
----a-w 5,025,792 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
----a-w 5,316,608 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
----a-w 2,035,712 2005-09-22 21:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
----a-w 1,140,920 2005-09-22 21:29:06 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
----a-w 1,306,624 2005-09-22 21:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
----a-w 298,496 2005-09-22 21:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
----a-w 16,789,464 2007-08-02 11:34:12 C:\WINDOWS\system32\MRT.exe
----a-w 270,848 2005-09-22 21:28:52 C:\WINDOWS\system32\mscoree.dll
----a-w 59,052 2007-09-12 09:40:39 C:\WINDOWS\system32\perfc009.dat
----a-w 393,070 2007-09-12 09:40:39 C:\WINDOWS\system32\perfh009.dat
----a-w 258,048 2007-09-12 09:36:43 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 114,176 2007-09-12 09:36:43 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A3AD9DB-3B6F-44E0-ABD1-EFD08E959F47}]
2007-09-10 16:33 244832 --------- C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\XpertVision\TBPanel.exe" [2007-04-23 19:20]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 17:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 11:22]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Steam"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\pmkjj

R2 TBPanel;TBPanel;C:\WINDOWS\system32\drivers\TBPanel.sys
S3 Cardex;Cardex;\??\C:\WINDOWS\system32\drivers\TBPANEL.SYS
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-09-11 07:26:24 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sachi Eapen.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 07:45:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-14 7:48:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-14 07:48
C:\ComboFix2.txt ... 2007-09-12 22:58
.
--- E O F ---

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users