Under information it just says "connection terminated - quarentined" no matter what the original message was.
The messages change but it is always Win32.
Thanks
Win32 messages through NOD32
#1
- Group: Member
- Posts: 9
- Joined: 04-December 07
Posted 04 December 2007 - 11:18 AM
Under information it just says "connection terminated - quarentined" no matter what the original message was.
The messages change but it is always Win32.
Thanks
#2
- Group: Member
- Posts: 9
- Joined: 04-December 07
Posted 04 December 2007 - 11:40 AM
I also get popups when using IE7 every few minutes but I dont get any when using safari.
This the hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 17:33:52, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
C:\Program Files\Sheffield Wednesday - DNA\app.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\SYSTEM32\mspaint.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ROB~1.ROB\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?sourceid=navcli...LJ:en&hl=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [\\HOMEMADE\EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P37 "\\HOMEMADE\EPSON Stylus CX6600 Series" /O6 "USB002" /M "Stylus CX6600"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sheffield Wednesday - Desktop News Alerts] C:\Program Files\Sheffield Wednesday - DNA\launch.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {46058878-5352-4550-8CD0-839BE09FAD8E} (PowerFootball1.PowerFootballLoader1) - http://adidas.powerchallenge.com/applet/Po...tballLoader.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
This the hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 17:33:52, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
C:\Program Files\Sheffield Wednesday - DNA\app.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\SYSTEM32\mspaint.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ROB~1.ROB\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?sourceid=navcli...LJ:en&hl=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [\\HOMEMADE\EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P37 "\\HOMEMADE\EPSON Stylus CX6600 Series" /O6 "USB002" /M "Stylus CX6600"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sheffield Wednesday - Desktop News Alerts] C:\Program Files\Sheffield Wednesday - DNA\launch.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {46058878-5352-4550-8CD0-839BE09FAD8E} (PowerFootball1.PowerFootballLoader1) - http://adidas.powerchallenge.com/applet/Po...tballLoader.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
#3
- Group: GeekU Moderator
- Posts: 15,822
- Joined: 13-April 06
Posted 08 December 2007 - 11:31 AM
Hello swfcrule4eva
Welcome to G2Go.
=========================
You are running Hijackthis from temporary location.
Please redownload and install it using the directions below.
* Click here to download HJTsetup.exe
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
Welcome to G2Go.
=========================
You are running Hijackthis from temporary location.
Please redownload and install it using the directions below.
* Click here to download HJTsetup.exe
- Save HJTsetup.exe to your desktop.
- Doubleclick on the HJTsetup.exe icon on your desktop.
- By default it will install to C:\Program Files\Trend Micro\Hijack This.
- Click on I agree
- Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log with the combofix log in your next reply.
- DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
------------------------------------------------------------ Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
#4
- Group: Member
- Posts: 9
- Joined: 04-December 07
Posted 08 December 2007 - 12:01 PM
Thanks for the reply
Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:19, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sheffield Wednesday - DNA\app.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?sourceid=navcli...LJ:en&hl=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [\\HOMEMADE\EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P37 "\\HOMEMADE\EPSON Stylus CX6600 Series" /O6 "USB002" /M "Stylus CX6600"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sheffield Wednesday - Desktop News Alerts] C:\Program Files\Sheffield Wednesday - DNA\launch.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {46058878-5352-4550-8CD0-839BE09FAD8E} (PowerFootball1.PowerFootballLoader1) - http://adidas.powerchallenge.com/applet/Po...tballLoader.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: fcccabx - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 11086 bytes
Comfofix log:
ComboFix 07-12-08.1 - Rob 2007-12-08 17:44:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2044 [GMT 0:00]
Running from: C:\Documents and Settings\Rob.ROBERT\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\Yazzle1848OinUninstaller.exe
C:\WINDOWS\smbols~1
C:\WINDOWS\smbols~1\s?mbols\
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\bmerxvsx.dll
C:\WINDOWS\system32\cmiwahdg.dll
C:\WINDOWS\system32\fseewjrq.dll
C:\WINDOWS\system32\hehpeujy.dll
C:\WINDOWS\system32\svddelew.dll
C:\WINDOWS\system32\tawqlkid.dll
C:\WINDOWS\SYSTEM32\tvvwa.ini
C:\WINDOWS\SYSTEM32\tvvwa.ini2
C:\WINDOWS\system32\usapmxhb.dll
C:\WINDOWS\system32\vfixfkja.dll
C:\WINDOWS\system32\vrtnigur.dll
.
((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.
2007-12-08 17:36 . 2007-12-08 17:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 19:08 . 2007-12-02 19:08 <DIR> d-------- C:\Program Files\Microsoft Application Compatibility Toolkit 5
2007-12-01 11:02 . 2007-12-01 11:02 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-29 17:14 . 2007-11-29 17:14 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-29 17:14 . 2007-11-29 17:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2007-11-29 08:38 . 2007-11-29 08:38 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2007-11-29 08:16 . 2007-11-30 18:19 <DIR> d-------- C:\Program Files\Macromedia
2007-11-28 21:20 . 2007-11-29 17:17 143 --a------ C:\WINDOWS\SYSTEM32\mcrh.tmp
2007-11-28 18:05 . 2007-11-28 18:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2007-11-28 08:16 . 2007-11-28 08:16 82,258 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2007-11-28 08:16 . 2007-11-28 08:16 82,258 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2007-11-28 00:08 . 2007-11-28 00:08 <DIR> d-------- C:\kav
2007-11-28 00:08 . 2007-11-28 00:08 78,415 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klif.cab
2007-11-27 22:15 . 2007-11-27 22:15 <DIR> d-------- C:\Program Files\PowerISO
2007-11-26 21:39 . 2007-11-26 21:48 <DIR> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-11-26 21:39 . 2007-11-26 21:39 <DIR> d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\Adssite Advanced Toolbar
2007-11-20 22:36 . 2007-12-08 17:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-20 22:36 . 2007-11-20 22:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-20 22:34 . 2007-11-20 22:34 <DIR> d-------- C:\Program Files\QuickTime
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2007-11-14 15:06 . 2007-11-14 15:06 30,728 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdir.sys
2007-11-14 15:04 . 2007-11-14 15:04 27,656 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\easdrv.sys
2007-11-14 15:03 . 2007-11-14 15:03 33,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys
2007-11-09 20:38 . 2007-11-10 10:56 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-09 17:07 . 2007-11-09 20:36 <DIR> d-------- C:\Program Files\STOPzilla!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 17:58 --------- d-----w C:\Program Files\Sheffield Wednesday - DNA
2007-12-08 17:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
2007-12-07 17:05 --------- d-----w C:\Documents and Settings\Rob.ROBERT\Application Data\LimeWire
2007-12-02 20:50 --------- d-----w C:\Program Files\Championship Manager 01-02
2007-12-02 12:11 --------- d-----w C:\Documents and Settings\Rob.ROBERT\Application Data\uTorrent
2007-12-01 11:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-29 17:19 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-29 03:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2007-11-28 00:09 --------- d-----w C:\Program Files\Kaspersky Lab
2007-11-20 22:36 --------- d-----w C:\Program Files\iTunes
2007-11-20 22:35 --------- d-----w C:\Program Files\iPod
2007-11-20 22:27 --------- d-----w C:\Program Files\Safari
2007-11-20 22:27 --------- d-----w C:\Program Files\Bonjour
2007-11-17 09:59 --------- d-----w C:\Program Files\LimeWire
2007-11-09 20:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2007-11-08 22:12 2,002,237 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-10-22 15:57 --------- d-----w C:\Program Files\Sports Interactive
2007-10-19 14:59 --------- d-----w C:\Documents and Settings\Rob.ROBERT\Application Data\Sports Interactive
2007-10-19 14:58 --------- d--h--r C:\Documents and Settings\Rob.ROBERT\Application Data\SecuROM
2007-10-13 09:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 09:01 --------- d-----w C:\Program Files\Eidos
2007-04-19 18:29 1,040,832 -c--a-w C:\Documents and Settings\Rob.ROBERT\KHost.exe
2007-01-28 23:21 87,608 -c--a-w C:\Documents and Settings\Rob.ROBERT\Application Data\ezpinst.exe
2007-01-28 23:21 47,360 -c--a-w C:\Documents and Settings\Rob.ROBERT\Application Data\pcouffin.sys
2006-11-18 17:30 56 -csha-w C:\Documents and Settings\All Users.WINDOWS\Application Data\dc64vg9.sys
.
((((((((((((((((((((((((((((( snapshot@2007-11-08_22.15.47.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-27 17:38:28 232,248 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2007-11-27 17:38:41 12,104 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
- 2007-10-29 18:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 03:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe
- 2007-09-04 14:59:42 380,144 ----a-w C:\WINDOWS\Downloaded Program Files\sabspx.dll
+ 2007-09-04 15:59:42 380,144 ----a-w C:\WINDOWS\Downloaded Program Files\sabspx.dll
+ 2006-10-27 15:04:10 9,581,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 20:09:44 590,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2007-11-29 08:23:23 65,536 ----a-r C:\WINDOWS\Installer\{0837A661-FEC3-48B3-876C-91E7D32048A9}\DWARPPRODUCTICON.exe
+ 2007-11-29 17:13:52 65,536 ----a-r C:\WINDOWS\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D}\NewShortcut1_236BB7C4441942FD04091E257A25E34D.exe
+ 2007-11-29 08:33:13 65,536 ----a-r C:\WINDOWS\Installer\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\ARPPRODUCTICONFL8.exe
+ 2007-11-29 08:38:29 65,536 ----a-r C:\WINDOWS\Installer\{4B9535BF-CC90-4158-AF32-CAF57A8820CA}\NewShortcut11_2388ED126A5243258E7B1A229914C1AE.exe
+ 2007-11-29 08:26:23 65,536 ----a-r C:\WINDOWS\Installer\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}\NewShortcut4_4C24A8C17CFA4650AF15732F5BD7B46D.exe
+ 2007-11-20 22:36:21 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
+ 2007-11-29 08:27:45 53,248 ----a-r C:\WINDOWS\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe
+ 2007-11-29 03:01:07 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-11-29 03:01:07 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0019-0000-0000-0000000FF1CE}\misc.exe
+ 2007-11-29 03:01:07 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-29 03:01:07 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-11-29 03:01:06 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0019-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-11-29 17:17:54 65,536 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\AdobeBridge_B74D4E10103300000000000000000001_1.exe
+ 2007-11-29 17:17:54 65,536 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\BridgeCommonShortcut_B74D4E101033000000000001_1.exe
+ 2007-11-29 17:17:54 1,904,640 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\ESLaunchShortcut_B74D4E10103300000000000000000001.exe
+ 2007-11-29 17:17:54 61,440 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\NewShortcut2_B74D4E10103300000000000000000001.exe
+ 2007-11-28 18:06:10 10,134 ----a-r C:\WINDOWS\Installer\{BB703122-AF65-4AD9-BCA0-273E165DABEE}\callmsi.exe
+ 2007-11-28 18:06:10 136,448 ----a-r C:\WINDOWS\Installer\{BB703122-AF65-4AD9-BCA0-273E165DABEE}\egui.exe
+ 2007-12-02 19:08:43 29,926 ----a-r C:\WINDOWS\Installer\{BBB3F622-D848-4CDA-B282-CC53627432F0}\ACM.exe
+ 2007-12-02 19:08:43 29,926 ----a-r C:\WINDOWS\Installer\{BBB3F622-D848-4CDA-B282-CC53627432F0}\ARPPRODUCTICON.exe
+ 2007-11-20 22:27:29 307,200 ----a-r C:\WINDOWS\Installer\{DDEDBEE3-E5B7-454A-A457-9B06C5C67B85}\SafariIco.exe
+ 2007-11-29 17:25:45 65,536 ----a-r C:\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001}\AppLanuchShortcut_E9787678103300008E67000000000001_1.exe
+ 2007-11-29 17:25:45 65,536 ----a-r C:\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001}\ProgramMenuShortcut_E9787678103300008E670000000001_1.exe
- 2006-08-12 12:53:20 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2007-11-28 16:36:54 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2006-08-12 12:53:20 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-28 16:36:54 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-12 12:53:20 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-28 16:36:54 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-19 21:52:18 8,453,632 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
+ 2007-08-07 00:15:07 33,052 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\scdemu.sys
+ 2007-10-31 14:09:14 30,464 -c--a-w C:\WINDOWS\SYSTEM32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2007-10-23 15:49:33 265,288 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2007-12-01 10:51:54 373,160 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2005-06-11 11:47:00 45,056 ----a-w C:\WINDOWS\SYSTEM32\fpprintmon.dll
- 2006-03-24 18:08:14 28,778 ----a-w C:\WINDOWS\SYSTEM32\klogon.dll
+ 2007-06-28 12:51:48 206,088 ----a-w C:\WINDOWS\SYSTEM32\klogon.dll
- 2007-08-07 16:20:44 182,248 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
+ 2007-08-07 17:20:44 182,248 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
- 2007-03-27 23:04:28 2,115,816 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2007-06-11 20:34:34 2,115,816 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
- 2007-03-27 23:04:32 190,696 -c--a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-06-11 20:34:40 190,696 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2007-06-14 06:49:43 44,706 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2007-11-30 22:33:13 45,218 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2007-08-07 12:35:56 585,728 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Control.dll
+ 2007-08-07 13:35:56 585,728 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Control.dll
- 2007-08-07 12:19:40 1,490,944 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\dirapi.dll
+ 2007-08-07 13:19:40 1,490,944 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\dirapi.dll
- 2007-08-07 12:36:32 24,576 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2007-08-07 13:36:32 24,576 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\DynaPlayer.dll
- 2007-08-07 15:52:32 1,113,600 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\gi.dll
+ 2007-08-07 16:52:32 1,113,600 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\gi.dll
- 2007-08-07 12:08:48 52,288 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\gtapi.dll
+ 2007-08-07 13:08:48 52,288 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\gtapi.dll
- 2007-08-07 12:17:24 606,208 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\iml32.dll
+ 2007-08-07 13:17:24 606,208 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\iml32.dll
- 2007-08-07 12:35:22 339,968 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Plugin.dll
+ 2007-08-07 13:35:22 339,968 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Plugin.dll
- 2007-08-07 12:35:32 483,328 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\PluginPing.dll
+ 2007-08-07 13:35:32 483,328 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\PluginPing.dll
- 2007-08-07 12:28:38 180,224 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Proj.dll
+ 2007-08-07 13:28:38 180,224 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Proj.dll
- 2007-08-07 16:20:28 391,144 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwHelper_1020023.exe
+ 2007-08-07 17:20:28 391,144 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwHelper_1020023.exe
- 2007-08-07 12:37:56 77,824 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwInit.exe
+ 2007-08-07 13:37:56 77,824 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwInit.exe
- 2007-08-07 12:35:18 86,016 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwMenu.dll
+ 2007-08-07 13:35:18 86,016 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwMenu.dll
- 2007-08-07 12:37:58 98,304 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwOnce.dll
+ 2007-08-07 13:37:58 98,304 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwOnce.dll
- 2007-08-07 12:08:46 50,808 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SYMCCHECKER.DLL
+ 2007-08-07 13:08:46 50,808 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SYMCCHECKER.DLL
- 1999-06-25 09:55:30 149,504 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\UNWISE.EXE
+ 1999-06-25 10:55:30 149,504 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\UNWISE.EXE
- 2007-10-23 21:14:37 38,416 ---ha-w C:\WINDOWS\SYSTEM32\mlfcache.dat
+ 2007-11-30 23:13:27 66,572 ---ha-w C:\WINDOWS\SYSTEM32\mlfcache.dat
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2007-02-13 16:22:54 947,472 ----a-w C:\WINDOWS\SYSTEM32\msjava.dll
- 2007-10-28 09:23:17 59,440 ----a-w C:\WINDOWS\SYSTEM32\perfc009.dat
+ 2007-12-02 19:08:33 59,908 ----a-w C:\WINDOWS\SYSTEM32\perfc009.dat
- 2007-10-28 09:23:17 395,200 ----a-w C:\WINDOWS\SYSTEM32\perfh009.dat
+ 2007-12-02 19:08:33 396,770 ----a-w C:\WINDOWS\SYSTEM32\perfh009.dat
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\SYSTEM32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\shell32.dll
+ 2005-06-11 11:47:00 408,576 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\flashpaperprinterdrv2.dll
+ 2005-06-11 11:47:00 328,704 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\flashpaperprinterui2.dll
+ 2007-11-05 16:38:50 172,088 ----a-w C:\WINDOWS\SYSTEM32\vfLuaPriv2.dll
- 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2007-12-08 17:57:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Sheffield Wednesday - Desktop News Alerts"="C:\Program Files\Sheffield Wednesday - DNA\launch.exe" [2006-04-07 17:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 18:43]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 10:23]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 11:36]
"\\HOMEMADE\EPSON Stylus CX6600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.exe" [2004-03-01 03:00]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2006-07-27 15:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-18 22:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 10:23]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 00:05]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56]
C:\Documents and Settings\Rob.ROBERT\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe [2006-08-24 08:44:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccabx]
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-12-04 22:19:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-08 17:41:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\ROB~1.ROB\LOCALS~1\Temp\hjveojso.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 17:58:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\\\HOMEMADE\\EPSON Stylus CX6600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EE.EXE /P37 \"\\\\HOMEMADE\\EPSON Stylus CX6600 Series\" /O6 \"USB002\" /M \"Stylus CX6600\""
.
Completion time: 2007-12-08 17:58:49 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-08 22:16
.
--- E O F ---
Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:19, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sheffield Wednesday - DNA\app.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?sourceid=navcli...LJ:en&hl=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [\\HOMEMADE\EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P37 "\\HOMEMADE\EPSON Stylus CX6600 Series" /O6 "USB002" /M "Stylus CX6600"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sheffield Wednesday - Desktop News Alerts] C:\Program Files\Sheffield Wednesday - DNA\launch.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {46058878-5352-4550-8CD0-839BE09FAD8E} (PowerFootball1.PowerFootballLoader1) - http://adidas.powerchallenge.com/applet/Po...tballLoader.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - Winlogon Notify: fcccabx - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 11086 bytes
Comfofix log:
ComboFix 07-12-08.1 - Rob 2007-12-08 17:44:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2044 [GMT 0:00]
Running from: C:\Documents and Settings\Rob.ROBERT\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\Yazzle1848OinUninstaller.exe
C:\WINDOWS\smbols~1
C:\WINDOWS\smbols~1\s?mbols\
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\bmerxvsx.dll
C:\WINDOWS\system32\cmiwahdg.dll
C:\WINDOWS\system32\fseewjrq.dll
C:\WINDOWS\system32\hehpeujy.dll
C:\WINDOWS\system32\svddelew.dll
C:\WINDOWS\system32\tawqlkid.dll
C:\WINDOWS\SYSTEM32\tvvwa.ini
C:\WINDOWS\SYSTEM32\tvvwa.ini2
C:\WINDOWS\system32\usapmxhb.dll
C:\WINDOWS\system32\vfixfkja.dll
C:\WINDOWS\system32\vrtnigur.dll
.
((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.
2007-12-08 17:36 . 2007-12-08 17:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 19:08 . 2007-12-02 19:08 <DIR> d-------- C:\Program Files\Microsoft Application Compatibility Toolkit 5
2007-12-01 11:02 . 2007-12-01 11:02 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-29 17:14 . 2007-11-29 17:14 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-29 17:14 . 2007-11-29 17:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2007-11-29 08:38 . 2007-11-29 08:38 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2007-11-29 08:16 . 2007-11-30 18:19 <DIR> d-------- C:\Program Files\Macromedia
2007-11-28 21:20 . 2007-11-29 17:17 143 --a------ C:\WINDOWS\SYSTEM32\mcrh.tmp
2007-11-28 18:05 . 2007-11-28 18:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2007-11-28 08:16 . 2007-11-28 08:16 82,258 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2007-11-28 08:16 . 2007-11-28 08:16 82,258 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2007-11-28 00:08 . 2007-11-28 00:08 <DIR> d-------- C:\kav
2007-11-28 00:08 . 2007-11-28 00:08 78,415 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klif.cab
2007-11-27 22:15 . 2007-11-27 22:15 <DIR> d-------- C:\Program Files\PowerISO
2007-11-26 21:39 . 2007-11-26 21:48 <DIR> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-11-26 21:39 . 2007-11-26 21:39 <DIR> d-------- C:\Documents and Settings\Rob.ROBERT\Application Data\Adssite Advanced Toolbar
2007-11-20 22:36 . 2007-12-08 17:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-20 22:36 . 2007-11-20 22:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-20 22:34 . 2007-11-20 22:34 <DIR> d-------- C:\Program Files\QuickTime
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2007-11-14 15:06 . 2007-11-14 15:06 30,728 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdir.sys
2007-11-14 15:04 . 2007-11-14 15:04 27,656 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\easdrv.sys
2007-11-14 15:03 . 2007-11-14 15:03 33,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys
2007-11-09 20:38 . 2007-11-10 10:56 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-09 17:07 . 2007-11-09 20:36 <DIR> d-------- C:\Program Files\STOPzilla!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 17:58 --------- d-----w C:\Program Files\Sheffield Wednesday - DNA
2007-12-08 17:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
2007-12-07 17:05 --------- d-----w C:\Documents and Settings\Rob.ROBERT\Application Data\LimeWire
2007-12-02 20:50 --------- d-----w C:\Program Files\Championship Manager 01-02
2007-12-02 12:11 --------- d-----w C:\Documents and Settings\Rob.ROBERT\Application Data\uTorrent
2007-12-01 11:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-29 17:19 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-29 03:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2007-11-28 00:09 --------- d-----w C:\Program Files\Kaspersky Lab
2007-11-20 22:36 --------- d-----w C:\Program Files\iTunes
2007-11-20 22:35 --------- d-----w C:\Program Files\iPod
2007-11-20 22:27 --------- d-----w C:\Program Files\Safari
2007-11-20 22:27 --------- d-----w C:\Program Files\Bonjour
2007-11-17 09:59 --------- d-----w C:\Program Files\LimeWire
2007-11-09 20:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2007-11-08 22:12 2,002,237 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-10-22 15:57 --------- d-----w C:\Program Files\Sports Interactive
2007-10-19 14:59 --------- d-----w C:\Documents and Settings\Rob.ROBERT\Application Data\Sports Interactive
2007-10-19 14:58 --------- d--h--r C:\Documents and Settings\Rob.ROBERT\Application Data\SecuROM
2007-10-13 09:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 09:01 --------- d-----w C:\Program Files\Eidos
2007-04-19 18:29 1,040,832 -c--a-w C:\Documents and Settings\Rob.ROBERT\KHost.exe
2007-01-28 23:21 87,608 -c--a-w C:\Documents and Settings\Rob.ROBERT\Application Data\ezpinst.exe
2007-01-28 23:21 47,360 -c--a-w C:\Documents and Settings\Rob.ROBERT\Application Data\pcouffin.sys
2006-11-18 17:30 56 -csha-w C:\Documents and Settings\All Users.WINDOWS\Application Data\dc64vg9.sys
.
((((((((((((((((((((((((((((( snapshot@2007-11-08_22.15.47.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-27 17:38:28 232,248 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2007-11-27 17:38:41 12,104 ----a-w C:\WINDOWS\ASSEMBLY\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
- 2007-10-29 18:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-08 03:32:45 141,824 ----a-w C:\WINDOWS\catchme.exe
- 2007-09-04 14:59:42 380,144 ----a-w C:\WINDOWS\Downloaded Program Files\sabspx.dll
+ 2007-09-04 15:59:42 380,144 ----a-w C:\WINDOWS\Downloaded Program Files\sabspx.dll
+ 2006-10-27 15:04:10 9,581,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 20:09:44 590,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2007-11-29 08:23:23 65,536 ----a-r C:\WINDOWS\Installer\{0837A661-FEC3-48B3-876C-91E7D32048A9}\DWARPPRODUCTICON.exe
+ 2007-11-29 17:13:52 65,536 ----a-r C:\WINDOWS\Installer\{236BB7C4-4419-42FD-0409-1E257A25E34D}\NewShortcut1_236BB7C4441942FD04091E257A25E34D.exe
+ 2007-11-29 08:33:13 65,536 ----a-r C:\WINDOWS\Installer\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\ARPPRODUCTICONFL8.exe
+ 2007-11-29 08:38:29 65,536 ----a-r C:\WINDOWS\Installer\{4B9535BF-CC90-4158-AF32-CAF57A8820CA}\NewShortcut11_2388ED126A5243258E7B1A229914C1AE.exe
+ 2007-11-29 08:26:23 65,536 ----a-r C:\WINDOWS\Installer\{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}\NewShortcut4_4C24A8C17CFA4650AF15732F5BD7B46D.exe
+ 2007-11-20 22:36:21 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
+ 2007-11-29 08:27:45 53,248 ----a-r C:\WINDOWS\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe
+ 2007-11-29 03:01:07 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-11-29 03:01:07 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0019-0000-0000-0000000FF1CE}\misc.exe
+ 2007-11-29 03:01:07 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-11-29 03:01:07 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-11-29 03:01:06 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0019-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-11-29 17:17:54 65,536 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\AdobeBridge_B74D4E10103300000000000000000001_1.exe
+ 2007-11-29 17:17:54 65,536 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\BridgeCommonShortcut_B74D4E101033000000000001_1.exe
+ 2007-11-29 17:17:54 1,904,640 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\ESLaunchShortcut_B74D4E10103300000000000000000001.exe
+ 2007-11-29 17:17:54 61,440 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\NewShortcut2_B74D4E10103300000000000000000001.exe
+ 2007-11-28 18:06:10 10,134 ----a-r C:\WINDOWS\Installer\{BB703122-AF65-4AD9-BCA0-273E165DABEE}\callmsi.exe
+ 2007-11-28 18:06:10 136,448 ----a-r C:\WINDOWS\Installer\{BB703122-AF65-4AD9-BCA0-273E165DABEE}\egui.exe
+ 2007-12-02 19:08:43 29,926 ----a-r C:\WINDOWS\Installer\{BBB3F622-D848-4CDA-B282-CC53627432F0}\ACM.exe
+ 2007-12-02 19:08:43 29,926 ----a-r C:\WINDOWS\Installer\{BBB3F622-D848-4CDA-B282-CC53627432F0}\ARPPRODUCTICON.exe
+ 2007-11-20 22:27:29 307,200 ----a-r C:\WINDOWS\Installer\{DDEDBEE3-E5B7-454A-A457-9B06C5C67B85}\SafariIco.exe
+ 2007-11-29 17:25:45 65,536 ----a-r C:\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001}\AppLanuchShortcut_E9787678103300008E67000000000001_1.exe
+ 2007-11-29 17:25:45 65,536 ----a-r C:\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001}\ProgramMenuShortcut_E9787678103300008E670000000001_1.exe
- 2006-08-12 12:53:20 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2007-11-28 16:36:54 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2006-08-12 12:53:20 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-28 16:36:54 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-12 12:53:20 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-28 16:36:54 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-19 21:52:18 8,453,632 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
+ 2007-08-07 00:15:07 33,052 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\scdemu.sys
+ 2007-10-31 14:09:14 30,464 -c--a-w C:\WINDOWS\SYSTEM32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2007-10-23 15:49:33 265,288 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2007-12-01 10:51:54 373,160 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2005-06-11 11:47:00 45,056 ----a-w C:\WINDOWS\SYSTEM32\fpprintmon.dll
- 2006-03-24 18:08:14 28,778 ----a-w C:\WINDOWS\SYSTEM32\klogon.dll
+ 2007-06-28 12:51:48 206,088 ----a-w C:\WINDOWS\SYSTEM32\klogon.dll
- 2007-08-07 16:20:44 182,248 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
+ 2007-08-07 17:20:44 182,248 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
- 2007-03-27 23:04:28 2,115,816 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2007-06-11 20:34:34 2,115,816 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
- 2007-03-27 23:04:32 190,696 -c--a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-06-11 20:34:40 190,696 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2007-06-14 06:49:43 44,706 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2007-11-30 22:33:13 45,218 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2007-08-07 12:35:56 585,728 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Control.dll
+ 2007-08-07 13:35:56 585,728 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Control.dll
- 2007-08-07 12:19:40 1,490,944 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\dirapi.dll
+ 2007-08-07 13:19:40 1,490,944 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\dirapi.dll
- 2007-08-07 12:36:32 24,576 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2007-08-07 13:36:32 24,576 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\DynaPlayer.dll
- 2007-08-07 15:52:32 1,113,600 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\gi.dll
+ 2007-08-07 16:52:32 1,113,600 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\gi.dll
- 2007-08-07 12:08:48 52,288 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\gtapi.dll
+ 2007-08-07 13:08:48 52,288 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\gtapi.dll
- 2007-08-07 12:17:24 606,208 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\iml32.dll
+ 2007-08-07 13:17:24 606,208 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\iml32.dll
- 2007-08-07 12:35:22 339,968 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Plugin.dll
+ 2007-08-07 13:35:22 339,968 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Plugin.dll
- 2007-08-07 12:35:32 483,328 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\PluginPing.dll
+ 2007-08-07 13:35:32 483,328 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\PluginPing.dll
- 2007-08-07 12:28:38 180,224 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Proj.dll
+ 2007-08-07 13:28:38 180,224 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\Proj.dll
- 2007-08-07 16:20:28 391,144 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwHelper_1020023.exe
+ 2007-08-07 17:20:28 391,144 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwHelper_1020023.exe
- 2007-08-07 12:37:56 77,824 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwInit.exe
+ 2007-08-07 13:37:56 77,824 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwInit.exe
- 2007-08-07 12:35:18 86,016 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwMenu.dll
+ 2007-08-07 13:35:18 86,016 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwMenu.dll
- 2007-08-07 12:37:58 98,304 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwOnce.dll
+ 2007-08-07 13:37:58 98,304 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwOnce.dll
- 2007-08-07 12:08:46 50,808 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SYMCCHECKER.DLL
+ 2007-08-07 13:08:46 50,808 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SYMCCHECKER.DLL
- 1999-06-25 09:55:30 149,504 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\UNWISE.EXE
+ 1999-06-25 10:55:30 149,504 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\UNWISE.EXE
- 2007-10-23 21:14:37 38,416 ---ha-w C:\WINDOWS\SYSTEM32\mlfcache.dat
+ 2007-11-30 23:13:27 66,572 ---ha-w C:\WINDOWS\SYSTEM32\mlfcache.dat
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2007-02-13 16:22:54 947,472 ----a-w C:\WINDOWS\SYSTEM32\msjava.dll
- 2007-10-28 09:23:17 59,440 ----a-w C:\WINDOWS\SYSTEM32\perfc009.dat
+ 2007-12-02 19:08:33 59,908 ----a-w C:\WINDOWS\SYSTEM32\perfc009.dat
- 2007-10-28 09:23:17 395,200 ----a-w C:\WINDOWS\SYSTEM32\perfh009.dat
+ 2007-12-02 19:08:33 396,770 ----a-w C:\WINDOWS\SYSTEM32\perfh009.dat
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\SYSTEM32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\shell32.dll
+ 2005-06-11 11:47:00 408,576 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\flashpaperprinterdrv2.dll
+ 2005-06-11 11:47:00 328,704 ----a-w C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\flashpaperprinterui2.dll
+ 2007-11-05 16:38:50 172,088 ----a-w C:\WINDOWS\SYSTEM32\vfLuaPriv2.dll
- 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2007-12-08 17:57:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Sheffield Wednesday - Desktop News Alerts"="C:\Program Files\Sheffield Wednesday - DNA\launch.exe" [2006-04-07 17:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 18:43]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 10:23]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 11:36]
"\\HOMEMADE\EPSON Stylus CX6600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.exe" [2004-03-01 03:00]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2006-07-27 15:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-18 22:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 10:23]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 00:05]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56]
C:\Documents and Settings\Rob.ROBERT\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe [2006-08-24 08:44:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccabx]
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-12-04 22:19:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-08 17:41:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\ROB~1.ROB\LOCALS~1\Temp\hjveojso.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 17:58:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\\\HOMEMADE\\EPSON Stylus CX6600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EE.EXE /P37 \"\\\\HOMEMADE\\EPSON Stylus CX6600 Series\" /O6 \"USB002\" /M \"Stylus CX6600\""
.
Completion time: 2007-12-08 17:58:49 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-08 22:16
.
--- E O F ---
#5
- Group: GeekU Moderator
- Posts: 15,822
- Joined: 13-April 06
Posted 08 December 2007 - 12:34 PM
1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File:: C:\DOCUME~1\ROB~1.ROB\LOCALS~1\Temp\hjveojso.dll Folder:: C:\Program Files\Adssite Advanced Toolbar C:\Documents and Settings\Rob.ROBERT\Application Data\Adssite Advanced Toolbar Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccabx]
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
- A new HijackThis log.
#6
- Group: Member
- Posts: 9
- Joined: 04-December 07
Posted 08 December 2007 - 01:18 PM
Combofix log:
ComboFix 07-12-08.1 - Rob 2007-12-08 18:47:51.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2032 [GMT 0:00]
Running from: C:\Documents and Settings\Rob.ROBERT\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rob.ROBERT\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\DOCUME~1\ROB~1.ROB\LOCALS~1\Temp\hjveojso.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Rob.ROBERT\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\Rob.ROBERT\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\Rob.ROBERT\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Program Files\Adssite Advanced Toolbar
.
((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.
2007-12-08 18:45 . 2007-12-08 18:45 0 --a------ C:\Documents and Settings\Rob.ROBERT\.exe
2007-12-08 17:36 . 2007-12-08 17:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 19:08 . 2007-12-02 19:08 <DIR> d-------- C:\Program Files\Microsoft Application Compatibility Toolkit 5
2007-12-01 11:02 . 2007-12-01 11:02 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-29 17:14 . 2007-11-29 17:14 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-29 17:14 . 2007-11-29 17:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2007-11-29 08:38 . 2007-11-29 08:38 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2007-11-29 08:16 . 2007-11-30 18:19 <DIR> d-------- C:\Program Files\Macromedia
2007-11-28 21:20 . 2007-11-29 17:17 143 --a------ C:\WINDOWS\SYSTEM32\mcrh.tmp
2007-11-28 18:05 . 2007-11-28 18:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2007-11-28 08:16 . 2007-11-28 08:16 82,258 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2007-11-28 08:16 . 2007-11-28 08:16 82,258 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2007-11-28 00:08 . 2007-11-28 00:08 <DIR> d-------- C:\kav
2007-11-28 00:08 . 2007-11-28 00:08 78,415 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klif.cab
2007-11-27 22:15 . 2007-11-27 22:15 <DIR> d-------- C:\Program Files\PowerISO
2007-11-20 22:36 . 2007-12-08 17:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-20 22:36 . 2007-11-20 22:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-20 22:34 . 2007-11-20 22:34 <DIR> d-------- C:\Program Files\QuickTime
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2007-11-14 15:06 . 2007-11-14 15:06 30,728 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdir.sys
2007-11-14 15:04 . 2007-11-14 15:04 27,656 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\easdrv.sys
2007-11-14 15:03 . 2007-11-14 15:03 33,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys
2007-11-09 20:38 . 2007-11-10 10:56 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-09 17:07 . 2007-11-09 20:36 <DIR> d-------- C:\Program Files\STOPzilla!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 18:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
2007-12-08 18:45 0 ----a-w C:\Documents and Settings\Rob.ROBERT\.exe
2007-12-08 17:58 --------- d-----w C:\Program Files\Sheffield Wednesday - DNA
2007-12-07 17:05 --------- d-----w C:\Documents and Settings\Rob.ROBERT\Application Data\LimeWire
2007-12-02 20:50 --------- d-----w C:\Program Files\Championship Manager 01-02
2007-12-02 12:11 --------- d-----w C:\Documents and Settings\Rob.ROBERT\Application Data\uTorrent
2007-12-01 11:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-29 17:19 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-29 03:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2007-11-28 00:09 --------- d-----w C:\Program Files\Kaspersky Lab
2007-11-20 22:36 --------- d-----w C:\Program Files\iTunes
2007-11-20 22:35 --------- d-----w C:\Program Files\iPod
2007-11-20 22:27 --------- d-----w C:\Program Files\Safari
2007-11-20 22:27 --------- d-----w C:\Program Files\Bonjour
2007-11-17 09:59 --------- d-----w C:\Program Files\LimeWire
2007-11-09 20:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2007-11-08 22:12 2,002,237 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-05 16:38 172,088 ----a-w C:\WINDOWS\SYSTEM32\vfLuaPriv2.dll
2007-10-22 15:57 --------- d-----w C:\Program Files\Sports Interactive
2007-10-19 14:59 --------- d-----w C:\Documents and Settings\Rob.ROBERT\Application Data\Sports Interactive
2007-10-19 14:58 --------- d--h--r C:\Documents and Settings\Rob.ROBERT\Application Data\SecuROM
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\SYSTEM32\WhoisCL.exe
2007-10-13 09:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 09:01 --------- d-----w C:\Program Files\Eidos
2007-09-30 06:44 107,888 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-04-19 18:29 1,040,832 -c--a-w C:\Documents and Settings\Rob.ROBERT\KHost.exe
2007-01-28 23:21 87,608 -c--a-w C:\Documents and Settings\Rob.ROBERT\Application Data\ezpinst.exe
2007-01-28 23:21 47,360 -c--a-w C:\Documents and Settings\Rob.ROBERT\Application Data\pcouffin.sys
2006-11-18 17:30 56 -csha-w C:\Documents and Settings\All Users.WINDOWS\Application Data\dc64vg9.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Sheffield Wednesday - Desktop News Alerts"="C:\Program Files\Sheffield Wednesday - DNA\launch.exe" [2006-04-07 17:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 18:43]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 10:23]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 11:36]
"\\HOMEMADE\EPSON Stylus CX6600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.exe" [2004-03-01 03:00]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2006-07-27 15:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-18 22:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 10:23]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 00:05]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56]
C:\Documents and Settings\Rob.ROBERT\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe [2006-08-24 08:44:45]
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-12-04 22:19:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-08 18:41:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 18:54:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\\\HOMEMADE\\EPSON Stylus CX6600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EE.EXE /P37 \"\\\\HOMEMADE\\EPSON Stylus CX6600 Series\" /O6 \"USB002\" /M \"Stylus CX6600\""
.
Completion time: 2007-12-08 18:54:40
C:\ComboFix2.txt ... 2007-12-08 17:58
C:\ComboFix3.txt ... 2007-11-08 22:16
.
--- E O F ---
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:38, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sheffield Wednesday - DNA\app.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?sourceid=navcli...LJ:en&hl=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [\\HOMEMADE\EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P37 "\\HOMEMADE\EPSON Stylus CX6600 Series" /O6 "USB002" /M "Stylus CX6600"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sheffield Wednesday - Desktop News Alerts] C:\Program Files\Sheffield Wednesday - DNA\launch.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {46058878-5352-4550-8CD0-839BE09FAD8E} (PowerFootball1.PowerFootballLoader1) - http://adidas.powerchallenge.com/applet/Po...tballLoader.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 10993 bytes
ComboFix 07-12-08.1 - Rob 2007-12-08 18:47:51.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2032 [GMT 0:00]
Running from: C:\Documents and Settings\Rob.ROBERT\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rob.ROBERT\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\DOCUME~1\ROB~1.ROB\LOCALS~1\Temp\hjveojso.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Rob.ROBERT\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\Rob.ROBERT\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\Rob.ROBERT\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Program Files\Adssite Advanced Toolbar
.
((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.
2007-12-08 18:45 . 2007-12-08 18:45 0 --a------ C:\Documents and Settings\Rob.ROBERT\.exe
2007-12-08 17:36 . 2007-12-08 17:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 19:08 . 2007-12-02 19:08 <DIR> d-------- C:\Program Files\Microsoft Application Compatibility Toolkit 5
2007-12-01 11:02 . 2007-12-01 11:02 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-29 17:14 . 2007-11-29 17:14 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-29 17:14 . 2007-11-29 17:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2007-11-29 08:38 . 2007-11-29 08:38 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2007-11-29 08:16 . 2007-11-30 18:19 <DIR> d-------- C:\Program Files\Macromedia
2007-11-28 21:20 . 2007-11-29 17:17 143 --a------ C:\WINDOWS\SYSTEM32\mcrh.tmp
2007-11-28 18:05 . 2007-11-28 18:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2007-11-28 08:16 . 2007-11-28 08:16 82,258 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2007-11-28 08:16 . 2007-11-28 08:16 82,258 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2007-11-28 00:08 . 2007-11-28 00:08 <DIR> d-------- C:\kav
2007-11-28 00:08 . 2007-11-28 00:08 78,415 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klif.cab
2007-11-27 22:15 . 2007-11-27 22:15 <DIR> d-------- C:\Program Files\PowerISO
2007-11-20 22:36 . 2007-12-08 17:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-20 22:36 . 2007-11-20 22:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-20 22:34 . 2007-11-20 22:34 <DIR> d-------- C:\Program Files\QuickTime
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2007-11-14 15:06 . 2007-11-14 15:06 30,728 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\epfwtdir.sys
2007-11-14 15:04 . 2007-11-14 15:04 27,656 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\easdrv.sys
2007-11-14 15:03 . 2007-11-14 15:03 33,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\eamon.sys
2007-11-09 20:38 . 2007-11-10 10:56 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-09 17:07 . 2007-11-09 20:36 <DIR> d-------- C:\Program Files\STOPzilla!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 18:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
2007-12-08 18:45 0 ----a-w C:\Documents and Settings\Rob.ROBERT\.exe
2007-12-08 17:58 --------- d-----w C:\Program Files\Sheffield Wednesday - DNA
2007-12-07 17:05 --------- d-----w C:\Documents and Settings\Rob.ROBERT\Application Data\LimeWire
2007-12-02 20:50 --------- d-----w C:\Program Files\Championship Manager 01-02
2007-12-02 12:11 --------- d-----w C:\Documents and Settings\Rob.ROBERT\Application Data\uTorrent
2007-12-01 11:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-29 17:19 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-29 03:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2007-11-28 00:09 --------- d-----w C:\Program Files\Kaspersky Lab
2007-11-20 22:36 --------- d-----w C:\Program Files\iTunes
2007-11-20 22:35 --------- d-----w C:\Program Files\iPod
2007-11-20 22:27 --------- d-----w C:\Program Files\Safari
2007-11-20 22:27 --------- d-----w C:\Program Files\Bonjour
2007-11-17 09:59 --------- d-----w C:\Program Files\LimeWire
2007-11-09 20:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2007-11-08 22:12 2,002,237 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-05 16:38 172,088 ----a-w C:\WINDOWS\SYSTEM32\vfLuaPriv2.dll
2007-10-22 15:57 --------- d-----w C:\Program Files\Sports Interactive
2007-10-19 14:59 --------- d-----w C:\Documents and Settings\Rob.ROBERT\Application Data\Sports Interactive
2007-10-19 14:58 --------- d--h--r C:\Documents and Settings\Rob.ROBERT\Application Data\SecuROM
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\SYSTEM32\WhoisCL.exe
2007-10-13 09:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 09:01 --------- d-----w C:\Program Files\Eidos
2007-09-30 06:44 107,888 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-04-19 18:29 1,040,832 -c--a-w C:\Documents and Settings\Rob.ROBERT\KHost.exe
2007-01-28 23:21 87,608 -c--a-w C:\Documents and Settings\Rob.ROBERT\Application Data\ezpinst.exe
2007-01-28 23:21 47,360 -c--a-w C:\Documents and Settings\Rob.ROBERT\Application Data\pcouffin.sys
2006-11-18 17:30 56 -csha-w C:\Documents and Settings\All Users.WINDOWS\Application Data\dc64vg9.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Sheffield Wednesday - Desktop News Alerts"="C:\Program Files\Sheffield Wednesday - DNA\launch.exe" [2006-04-07 17:04]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 18:43]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 10:23]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 11:36]
"\\HOMEMADE\EPSON Stylus CX6600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.exe" [2004-03-01 03:00]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2006-07-27 15:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-18 22:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 20:54]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 10:23]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 00:05]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56]
C:\Documents and Settings\Rob.ROBERT\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Ulead Photo Express 4.0 SE Calendar Checker .lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe [2006-08-24 08:44:45]
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
.
Contents of the 'Scheduled Tasks' folder
"2007-12-04 22:19:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-08 18:41:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 18:54:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\\\HOMEMADE\\EPSON Stylus CX6600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EE.EXE /P37 \"\\\\HOMEMADE\\EPSON Stylus CX6600 Series\" /O6 \"USB002\" /M \"Stylus CX6600\""
.
Completion time: 2007-12-08 18:54:40
C:\ComboFix2.txt ... 2007-12-08 17:58
C:\ComboFix3.txt ... 2007-11-08 22:16
.
--- E O F ---
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:38, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sheffield Wednesday - DNA\app.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?sourceid=navcli...LJ:en&hl=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [\\HOMEMADE\EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P37 "\\HOMEMADE\EPSON Stylus CX6600 Series" /O6 "USB002" /M "Stylus CX6600"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sheffield Wednesday - Desktop News Alerts] C:\Program Files\Sheffield Wednesday - DNA\launch.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SEf\CalCheck.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {46058878-5352-4550-8CD0-839BE09FAD8E} (PowerFootball1.PowerFootballLoader1) - http://adidas.powerchallenge.com/applet/Po...tballLoader.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
--
End of file - 10993 bytes
#7
- Group: GeekU Moderator
- Posts: 15,822
- Joined: 13-April 06
Posted 08 December 2007 - 01:41 PM
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Click OK
Now under select a target to scan:
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Save the file to your desktop.
Copy and paste that information in your next post.
(This scanner is for use with internet explorer only)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
Scan Mail Bases
- Select My Computer
- Now click on the Save as Text button:
#8
- Group: Member
- Posts: 9
- Joined: 04-December 07
Posted 08 December 2007 - 05:30 PM
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 08, 2007 11:29:21 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/12/2007
Kaspersky Anti-Virus database records: 477399
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 208971
Number of viruses found 5
Number of infected objects 9
Number of suspicious objects 0
Duration of the scan process 03:32:44
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki\error.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Application Data\Apple Computer\Safari\PubSub\Database\Database.sqlite3 Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Apple Computer\Safari\Cache.db Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Apple Computer\Safari\WebpageIcons.db Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Messenger\robertlawsonm@hotmail.co.uk\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Messenger\robertlawsonm@hotmail.co.uk\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Messenger\robertlawsonm@hotmail.co.uk\SharingMetadata\Working\database_7AD0_2C6F_D02C_3433\dfsr.db Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Messenger\robertlawsonm@hotmail.co.uk\SharingMetadata\Working\database_7AD0_2C6F_D02C_3433\fsr.log Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Messenger\robertlawsonm@hotmail.co.uk\SharingMetadata\Working\database_7AD0_2C6F_D02C_3433\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Messenger\robertlawsonm@hotmail.co.uk\SharingMetadata\Working\database_7AD0_2C6F_D02C_3433\tmp.edb Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Windows Live Contacts\robertlawsonm@hotmail.co.uk\real\members.stg Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Windows Live Contacts\robertlawsonm@hotmail.co.uk\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\History\History.IE5\MSHist012007120820071209\index.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temp\~DF220B.tmp Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temp\~DF2223.tmp Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temp\~DF2A03.tmp Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temp\~DF2A1B.tmp Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temp\~DF9994.tmp Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\My Documents\My Chat Logs\December 2007\chrisyboy1234@hotmail.com.html Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\My Documents\My Chat Logs\December 2007\steph_handy1992@hotmail.com.html Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\My Documents\My Chat Logs\December 2007\tashastein@hotmail.com.html Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\ntuser.dat.LOG Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\drivers\nfcyvbxe.dat.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\fseewjrq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\nsq65.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.ko skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\svddelew.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ak skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\tawqlkid.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ag skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\vfixfkja.dll.vir Infected: Trojan.Win32.BHO.abs skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1EC6A816-2999-4609-A314-2ABEB107937D}\RP520\A0216380.exe Object is locked skipped
C:\System Volume Information\_restore{1EC6A816-2999-4609-A314-2ABEB107937D}\RP521\A0216693.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\System Volume Information\_restore{1EC6A816-2999-4609-A314-2ABEB107937D}\RP521\A0216695.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ak skipped
C:\System Volume Information\_restore{1EC6A816-2999-4609-A314-2ABEB107937D}\RP521\A0216696.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ag skipped
C:\System Volume Information\_restore{1EC6A816-2999-4609-A314-2ABEB107937D}\RP521\A0216698.dll Infected: Trojan.Win32.BHO.abs skipped
C:\System Volume Information\_restore{1EC6A816-2999-4609-A314-2ABEB107937D}\RP522\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\ROBERT.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\default Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ODiag.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\OSession.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\software Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\system Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT05cb8.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT05cbc.TMP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Saturday, December 08, 2007 11:29:21 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/12/2007
Kaspersky Anti-Virus database records: 477399
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 208971
Number of viruses found 5
Number of infected objects 9
Number of suspicious objects 0
Duration of the scan process 03:32:44
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki\error.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Application Data\Apple Computer\Safari\PubSub\Database\Database.sqlite3 Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Apple Computer\Safari\Cache.db Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Apple Computer\Safari\WebpageIcons.db Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Messenger\robertlawsonm@hotmail.co.uk\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Messenger\robertlawsonm@hotmail.co.uk\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Messenger\robertlawsonm@hotmail.co.uk\SharingMetadata\Working\database_7AD0_2C6F_D02C_3433\dfsr.db Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Messenger\robertlawsonm@hotmail.co.uk\SharingMetadata\Working\database_7AD0_2C6F_D02C_3433\fsr.log Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Messenger\robertlawsonm@hotmail.co.uk\SharingMetadata\Working\database_7AD0_2C6F_D02C_3433\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Messenger\robertlawsonm@hotmail.co.uk\SharingMetadata\Working\database_7AD0_2C6F_D02C_3433\tmp.edb Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Windows Live Contacts\robertlawsonm@hotmail.co.uk\real\members.stg Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Application Data\Microsoft\Windows Live Contacts\robertlawsonm@hotmail.co.uk\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\History\History.IE5\MSHist012007120820071209\index.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temp\~DF220B.tmp Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temp\~DF2223.tmp Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temp\~DF2A03.tmp Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temp\~DF2A1B.tmp Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temp\~DF9994.tmp Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\My Documents\My Chat Logs\December 2007\chrisyboy1234@hotmail.com.html Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\My Documents\My Chat Logs\December 2007\steph_handy1992@hotmail.com.html Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\My Documents\My Chat Logs\December 2007\tashastein@hotmail.com.html Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rob.ROBERT\ntuser.dat.LOG Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\drivers\nfcyvbxe.dat.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\fseewjrq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\nsq65.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.ko skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\svddelew.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ak skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\tawqlkid.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ag skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\vfixfkja.dll.vir Infected: Trojan.Win32.BHO.abs skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1EC6A816-2999-4609-A314-2ABEB107937D}\RP520\A0216380.exe Object is locked skipped
C:\System Volume Information\_restore{1EC6A816-2999-4609-A314-2ABEB107937D}\RP521\A0216693.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\System Volume Information\_restore{1EC6A816-2999-4609-A314-2ABEB107937D}\RP521\A0216695.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ak skipped
C:\System Volume Information\_restore{1EC6A816-2999-4609-A314-2ABEB107937D}\RP521\A0216696.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ag skipped
C:\System Volume Information\_restore{1EC6A816-2999-4609-A314-2ABEB107937D}\RP521\A0216698.dll Infected: Trojan.Win32.BHO.abs skipped
C:\System Volume Information\_restore{1EC6A816-2999-4609-A314-2ABEB107937D}\RP522\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\ROBERT.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\default Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ODiag.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\OSession.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\software Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\system Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT05cb8.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT05cbc.TMP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
#9
- Group: GeekU Moderator
- Posts: 15,822
- Joined: 13-April 06
Posted 08 December 2007 - 05:36 PM
Please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems
Ugrading Java:
Time for some housekeeping
Please then delete all other tools if any that I had you download.
Empty your recycle bin.
========================
After that Your log is clean.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
If you have any further problems please feel free to contact G2Go.
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems
Ugrading Java:
- Download the latest version of Java Runtime Environment (JRE) 6 update 3.
- Choose Free Java Download
- Close any programs you may have running and follow the prompts.
- Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
Time for some housekeeping
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
Please then delete all other tools if any that I had you download.
Empty your recycle bin.
========================
After that Your log is clean.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
If you have any further problems please feel free to contact G2Go.
#10
- Group: Member
- Posts: 9
- Joined: 04-December 07
Posted 08 December 2007 - 05:42 PM
When I try and install Java a message comes up saying "Java™ Plug-in Fatal Error Several Java Virtual Machines running in the same process caused an error
#11
- Group: GeekU Moderator
- Posts: 15,822
- Joined: 13-April 06
Posted 08 December 2007 - 05:44 PM
Try to uninstall all of the java first and then download the update.
#12
- Group: Member
- Posts: 9
- Joined: 04-December 07
Posted 08 December 2007 - 05:57 PM
Cheers for all the help. Have done all that now and will let you know if the problem persists.
Should it all be fixed now even though I never did anything through hijack this or to the infected filed found on the kaspersky online scan?
Should it all be fixed now even though I never did anything through hijack this or to the infected filed found on the kaspersky online scan?
#13
- Group: GeekU Moderator
- Posts: 15,822
- Joined: 13-April 06
Posted 08 December 2007 - 06:02 PM
The files that were found by Kaspersky are in the combofix quarantine folder->qoobox
and in the system restore points.
When we uninstalled combofix it deletes it's quarantine folder and the system restore points.
So uninstalling it took care of all those files found by kaspersky.
You are clean.
and in the system restore points.
When we uninstalled combofix it deletes it's quarantine folder and the system restore points.
So uninstalling it took care of all those files found by kaspersky.
You are clean.
#14
- Group: Member
- Posts: 9
- Joined: 04-December 07
Posted 08 December 2007 - 06:04 PM
Ok thanks a lot for your help
#15
- Group: GeekU Moderator
- Posts: 15,822
- Joined: 13-April 06
Posted 08 December 2007 - 06:08 PM
You are welcome
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Share this topic:
Page 1 of 1
