Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

weird trojans HJT [CLOSED]


  • This topic is locked This topic is locked

#1
theterk

theterk

    New Member

  • Member
  • Pip
  • 4 posts
Hello again. I have recently acquired a nice virus/trojan that I can't seem to get rid of. Each time I run the antispyware/antivirus tools a different virus pops up under a different file path. Hopefully, with this HJT log my solutions can be solved!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:20 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
F:\Sygate\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
F:\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\CVSNT\cvsservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\MySQL 5.0 Server\bin\mysqld-nt.exe
F:\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\Rundll32.exe
F:\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
F:\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
F:\Ultramon\UltraMon.exe
F:\ATI Tray Tools\atitray.exe
F:\ActiveSync\wcescomm.exe
F:\Bluetooth\BTTray.exe
F:\Ultramon\UltraMonTaskbar.exe
F:\ACTIVE~1\rapimgr.exe
F:\Hewlett Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Trillian\trillian.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\BLUETO~1\BTSTAC~1.EXE
F:\Mozilla\Firefox 3 Beta 5\firefox.exe
C:\Documents and Settings\Jacob\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MBM 5] "F:\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools] "F:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WatchDog] F:\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] F:\Sygate\smc.exe -startgui
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [UltraMon] "F:\Ultramon\UltraMon.exe" /auto
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Jacob\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Steam] "f:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AtiTrayTools] "F:\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Trillian.lnk = F:\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = F:\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = F:\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = F:\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - F:\Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\ACTIVE~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F503F4D-621F-4A5D-8F9A-91D84EB25E72}: NameServer = 128.194.254.1
O20 - Winlogon Notify: !SASWinLogon - F:\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - F:\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Bluetooth\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - F:\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe
O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe
O23 - Service: ewido security suite control - Unknown owner - G:\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - F:\MySQL.exe (file missing)
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Sygate\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - G:\Alcohol 120\StarWind\StarWindService.exe (file missing)

--
End of file - 11836 bytes
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
theterk

theterk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry for the late reply, been really busy workin on my project in school.

ComboFix 08-04-26.1 - Jacob 2008-04-26 19:14:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.245 [GMT -5:00]
Running from: C:\Documents and Settings\Jacob\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-05-18 12:15 . 2008-05-18 12:15 89,600 --a------ C:\WINDOWS\system32\atl71.dll
2008-04-21 22:46 . 2008-04-21 22:47 <DIR> d-------- C:\MCC18
2008-04-21 22:39 . 2008-04-21 22:39 <DIR> d-------- C:\Documents and Settings\digerati\Application Data\Realtime Soft
2008-04-21 22:39 . 2008-04-21 22:39 <DIR> d-------- C:\Documents and Settings\digerati\Application Data\Logitech
2008-04-21 22:38 . 2008-04-21 22:38 <DIR> d-------- C:\Documents and Settings\digerati
2008-04-21 22:38 . 2008-04-26 19:19 1,024 --ah----- C:\Documents and Settings\digerati\NTUSER.dat.LOG
2008-04-21 16:21 . 2008-04-21 16:24 <DIR> d-------- C:\Program Files\Panda Security
2008-04-21 16:17 . 2008-04-21 16:17 <DIR> d-------- C:\My Music
2008-04-21 16:09 . 2008-04-21 16:09 0 --a------ C:\WINDOWS\SMMVSplitter.INI
2008-04-10 19:06 . 2008-02-19 14:39 191,424 --a------ C:\WINDOWS\system32\drivers\windrvr6.sys
2008-04-10 19:05 . 2008-02-19 14:42 143,360 --a------ C:\WINDOWS\system32\wdapi920.dll
2008-04-10 19:05 . 2006-10-18 14:29 102,400 --a------ C:\WINDOWS\system32\wdapi811.dll
2008-04-10 19:04 . 2008-04-10 19:04 <DIR> d-------- C:\Program Files\Atmel
2008-04-05 15:18 . 2008-04-05 15:18 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft
2008-04-05 15:18 . 2008-04-05 15:18 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\Realtime Soft
2008-04-05 15:18 . 2008-04-05 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-04-04 22:57 . 2008-04-04 22:57 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\SUPERAntiSpyware.com
2008-04-04 22:57 . 2008-04-04 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-04 14:24 . 2008-04-04 14:27 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-04 14:17 . 2008-04-04 14:17 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-04 14:17 . 2008-04-04 14:17 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-04 14:11 . 2008-04-04 14:11 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-04-04 12:48 . 2008-04-04 16:09 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-04-04 12:47 . 2008-04-04 12:47 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-04-04 12:47 . 2008-04-04 12:47 <DIR> d-------- C:\Program Files\Microsoft Device Emulator
2008-04-04 12:28 . 2008-04-04 12:28 <DIR> d-------- C:\WINDOWS\Symbols
2008-04-04 12:28 . 2008-04-04 12:39 <DIR> d-------- C:\Program Files\HTML Help Workshop
2008-04-04 12:28 . 2008-04-04 12:38 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-04-04 12:28 . 2008-04-04 12:28 <DIR> d-------- C:\Program Files\CE Remote Tools
2008-04-04 12:28 . 2008-04-04 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-04-04 12:24 . 2008-04-04 12:24 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-04 12:24 . 2008-04-04 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-29 19:33 . 2008-03-29 19:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-03-28 15:50 . 2008-03-28 15:50 55,438 --a------ C:\WINDOWS\zdegpig.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 22:39 --------- d-----w C:\Documents and Settings\Jacob\Application Data\uTorrent
2008-04-24 00:56 --------- d-----w C:\Documents and Settings\Jacob\Application Data\MySQL
2008-04-22 19:40 --------- d-----w C:\Documents and Settings\Jacob\Application Data\FileZilla
2008-04-22 03:32 --------- d-----w C:\Program Files\Microchip
2008-04-11 00:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 23:28 --------- d-----w C:\Program Files\ATI Technologies
2008-04-05 03:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 17:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-04 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 00:40 --------- d-----w C:\Documents and Settings\Jacob\Application Data\Lavasoft
2008-03-26 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-26 00:54 --------- d-----w C:\Program Files\Yahoo!
2008-03-24 17:40 --------- d--h--r C:\Documents and Settings\Jacob\Application Data\Microchip
2008-03-21 05:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-27 19:02 --------- d-----w C:\Documents and Settings\Jacob\Application Data\AdobeUM
2008-02-02 19:13 92,064 ----a-w C:\Documents and Settings\Jacob\mqdmmdm.sys
2008-02-02 19:13 9,232 ----a-w C:\Documents and Settings\Jacob\mqdmmdfl.sys
2008-02-02 19:13 79,328 ----a-w C:\Documents and Settings\Jacob\mqdmserd.sys
2008-02-02 19:13 66,656 ----a-w C:\Documents and Settings\Jacob\mqdmbus.sys
2008-02-02 19:13 6,208 ----a-w C:\Documents and Settings\Jacob\mqdmcmnt.sys
2008-02-02 19:13 5,936 ----a-w C:\Documents and Settings\Jacob\mqdmwhnt.sys
2008-02-02 19:13 4,048 ----a-w C:\Documents and Settings\Jacob\mqdmcr.sys
2008-02-02 19:13 25,600 ----a-w C:\Documents and Settings\Jacob\usbsermptxp.sys
2008-02-02 19:13 22,768 ----a-w C:\Documents and Settings\Jacob\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Steam"="f:\valve\steam\steam.exe" [2008-03-28 15:52 1271032]
"AtiTrayTools"="F:\ATI Tray Tools\atitray.exe" [2007-05-22 04:04 521128]
"H/PC Connection Agent"="F:\ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"SpybotSD TeaTimer"="F:\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="F:\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"braviax"="C:\WINDOWS\system32\braviax.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-06-17 04:18 73728 C:\WINDOWS\system32\sstray.exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"P17Helper"="P17.dll" [2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll]
"MBM 5"="F:\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40 594944]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-02 01:07 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 14:07 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2006-01-06 14:07 348160]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-07 15:48 185784]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"DAEMON Tools"="F:\DAEMON Tools\daemon.exe" [2006-11-12 05:48 157592]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 07:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"WatchDog"="F:\mobile PhoneTools\WatchDog.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SmcService"="F:\Sygate\smc.exe" [2004-10-15 20:40 2577632]
"braviax"="C:\WINDOWS\system32\braviax.exe" [ ]
"UltraMon"="F:\Ultramon\UltraMon.exe" [2006-10-12 21:27 304640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="C:\WINDOWS\system32\advpack.dll" [2007-12-06 21:21 124928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 20:29 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Bluetooth.lnk - F:\Bluetooth\BTTray.exe [2006-06-07 18:05:38 553021]
Cisco Systems VPN Client.lnk - F:\Cisco Systems\VPN Client\vpngui.exe [2006-11-16 09:39:05 1528880]
hp psc 1000 series.lnk - F:\Hewlett Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 19:21:38 147456]
hpoddt01.exe.lnk - F:\Hewlett Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 19:11:12 28672]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-22 21:55:17 784912]
Microsoft Office OneNote 2003 Quick Launch.lnk - F:\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]
Monitor Apache Servers.lnk - F:\Apache Group\Apache2\bin\ApacheMonitor.exe [2008-01-17 23:59:58 41042]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 F:\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 setuid

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\AIM95\\aim.exe"=
"F:\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"F:\\mIRC\\mirc.exe"=
"F:\\Trillian\\trillian.exe"=
"F:\\MySQL 5.0 GUI\\MySQLQueryBrowser.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"F:\ActiveSync\rapimgr.exe"= F:\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"F:\ActiveSync\wcescomm.exe"= F:\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"F:\ActiveSync\WCESMgr.exe"= F:\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"F:\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Yahoo!\\Messenger\\YServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:Cisco VPN Service
"44616:TCP"= 44616:TCP:utorrent
"3306:TCP"= 3306:TCP:MySQL
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys [2006-01-12 12:56]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2004-11-01 12:21]
R1 atitray;atitray;F:\ATI Tray Tools\atitray.sys [2007-05-22 04:04]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2005-03-30 11:22]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2005-03-30 11:22]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2005-03-30 11:22]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
S2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);C:\WINDOWS\system32\Drivers\icd2w2k.sys [2004-03-22 02:43]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;C:\WINDOWS\system32\drivers\libusb0.sys [2007-03-20 11:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e184580c-a1b7-11dc-9a5b-00508de39a8e}]
\Shell\AutoRun\command - E:\LaunchU3.exe

*Newly Created Service* - ENTDRV51

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 20:17:50 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1200946479.job"
- F:\Hewlett Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-04-27 00:22:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 19:19:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"F:\MySQL 5.0 Server\bin\mysqld-nt\" --defaults-file=\"F:\MySQL 5.0 Server\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zdegpig]
"ImagePath"="\??\C:\WINDOWS\zdegpig.ini"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> F:\ATI Tray Tools\raphook.dll
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
F:\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Bluetooth\bin\btwdins.exe
F:\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\CVSNT\cvsservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\Apache Group\Apache2\bin\Apache.exe
F:\MySQL 5.0 Server\bin\mysqld-nt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
F:\ACTIVE~1\rapimgr.exe
F:\Ultramon\UltraMonTaskbar.exe
F:\Hewlett Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
F:\Hewlett Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2008-04-26 19:32:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-27 00:32:39

Pre-Run: 1,915,039,744 bytes free
Post-Run: 2,080,788,480 bytes free

243 --- E O F --- 2008-04-27 00:32:24
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Uninstall Ewido Anti-Spyware via the Add/Remove Programs panel.

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\zdegpig.ini
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"braviax"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"braviax"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zdegpig]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

I want you to upload this file (C:\WINDOWS\system32\atl71.dll) to http://virusscan.jotti.org and report back what it found.

Is that trojan still detected? If so, what is the name of the trojan and what file is infected now? Try not to restart/shutdown your computer...we'll see if we can remove the trojan before it changes the name again (usually due to a restart or shutdown and power up next time).
  • 0

#5
theterk

theterk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Malwarebytes' Anti-Malware 1.11
Database version: 688

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 538167
Time elapsed: 3 hour(s), 31 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.



ComboFix 08-04-26.1 - Jacob 2008-04-27 0:23:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.286 [GMT -5:00]
Running from: C:\Documents and Settings\Jacob\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jacob\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\zdegpig.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\zdegpig.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_zdegpig


((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-05-18 12:15 . 2008-05-18 12:15 89,600 --a------ C:\WINDOWS\system32\atl71.dll
2008-04-26 20:34 . 2008-04-26 20:34 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\Malwarebytes
2008-04-26 20:34 . 2008-04-26 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 22:46 . 2008-04-21 22:47 <DIR> d-------- C:\MCC18
2008-04-21 22:39 . 2008-04-21 22:39 <DIR> d-------- C:\Documents and Settings\digerati\Application Data\Realtime Soft
2008-04-21 22:39 . 2008-04-21 22:39 <DIR> d-------- C:\Documents and Settings\digerati\Application Data\Logitech
2008-04-21 22:38 . 2008-04-21 22:38 <DIR> d-------- C:\Documents and Settings\digerati
2008-04-21 22:38 . 2008-04-27 00:28 1,024 --ah----- C:\Documents and Settings\digerati\NTUSER.dat.LOG
2008-04-21 16:21 . 2008-04-21 16:24 <DIR> d-------- C:\Program Files\Panda Security
2008-04-21 16:17 . 2008-04-21 16:17 <DIR> d-------- C:\My Music
2008-04-21 16:09 . 2008-04-21 16:09 0 --a------ C:\WINDOWS\SMMVSplitter.INI
2008-04-10 19:06 . 2008-02-19 14:39 191,424 --a------ C:\WINDOWS\system32\drivers\windrvr6.sys
2008-04-10 19:05 . 2008-02-19 14:42 143,360 --a------ C:\WINDOWS\system32\wdapi920.dll
2008-04-10 19:05 . 2006-10-18 14:29 102,400 --a------ C:\WINDOWS\system32\wdapi811.dll
2008-04-10 19:04 . 2008-04-10 19:04 <DIR> d-------- C:\Program Files\Atmel
2008-04-05 15:18 . 2008-04-05 15:18 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft
2008-04-05 15:18 . 2008-04-05 15:18 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\Realtime Soft
2008-04-05 15:18 . 2008-04-05 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-04-04 22:57 . 2008-04-04 22:57 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\SUPERAntiSpyware.com
2008-04-04 22:57 . 2008-04-04 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-04 14:24 . 2008-04-04 14:27 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-04 14:17 . 2008-04-04 14:17 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-04 14:17 . 2008-04-04 14:17 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-04 14:11 . 2008-04-04 14:11 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-04-04 12:48 . 2008-04-04 16:09 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-04-04 12:47 . 2008-04-04 12:47 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-04-04 12:47 . 2008-04-04 12:47 <DIR> d-------- C:\Program Files\Microsoft Device Emulator
2008-04-04 12:28 . 2008-04-04 12:28 <DIR> d-------- C:\WINDOWS\Symbols
2008-04-04 12:28 . 2008-04-04 12:39 <DIR> d-------- C:\Program Files\HTML Help Workshop
2008-04-04 12:28 . 2008-04-04 12:38 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-04-04 12:28 . 2008-04-04 12:28 <DIR> d-------- C:\Program Files\CE Remote Tools
2008-04-04 12:28 . 2008-04-04 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-04-04 12:24 . 2008-04-04 12:24 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-04 12:24 . 2008-04-04 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-29 19:33 . 2008-03-29 19:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 22:39 --------- d-----w C:\Documents and Settings\Jacob\Application Data\uTorrent
2008-04-24 00:56 --------- d-----w C:\Documents and Settings\Jacob\Application Data\MySQL
2008-04-22 19:40 --------- d-----w C:\Documents and Settings\Jacob\Application Data\FileZilla
2008-04-22 03:32 --------- d-----w C:\Program Files\Microchip
2008-04-11 00:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 23:28 --------- d-----w C:\Program Files\ATI Technologies
2008-04-05 03:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 17:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-04 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 00:40 --------- d-----w C:\Documents and Settings\Jacob\Application Data\Lavasoft
2008-03-26 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-26 00:54 --------- d-----w C:\Program Files\Yahoo!
2008-03-24 17:40 --------- d--h--r C:\Documents and Settings\Jacob\Application Data\Microchip
2008-03-21 05:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-27 19:02 --------- d-----w C:\Documents and Settings\Jacob\Application Data\AdobeUM
2008-02-02 19:13 92,064 ----a-w C:\Documents and Settings\Jacob\mqdmmdm.sys
2008-02-02 19:13 9,232 ----a-w C:\Documents and Settings\Jacob\mqdmmdfl.sys
2008-02-02 19:13 79,328 ----a-w C:\Documents and Settings\Jacob\mqdmserd.sys
2008-02-02 19:13 66,656 ----a-w C:\Documents and Settings\Jacob\mqdmbus.sys
2008-02-02 19:13 6,208 ----a-w C:\Documents and Settings\Jacob\mqdmcmnt.sys
2008-02-02 19:13 5,936 ----a-w C:\Documents and Settings\Jacob\mqdmwhnt.sys
2008-02-02 19:13 4,048 ----a-w C:\Documents and Settings\Jacob\mqdmcr.sys
2008-02-02 19:13 25,600 ----a-w C:\Documents and Settings\Jacob\usbsermptxp.sys
2008-02-02 19:13 22,768 ----a-w C:\Documents and Settings\Jacob\usbsermpt.sys
.

((((((((((((((((((((((((((((( [email protected]_19.29.51.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 00:19:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 05:28:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-06-20 10:30:12 868,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\AEC.DLL
+ 2007-06-20 10:34:20 156,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\DWGCNV.DLL
+ 2007-06-20 10:30:30 2,098,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\DWGDP.DLL
+ 2007-06-20 10:29:44 484,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\MODELENG.DLL
+ 2007-06-20 10:30:18 1,001,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\ORGCHART.DLL
+ 2007-06-20 10:29:40 469,912 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\ORGCHWIZ.DLL
+ 2007-06-20 10:30:28 1,511,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\UML.DLL
+ 2007-06-20 10:29:52 554,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\UMLSYS.DLL
+ 2007-06-20 10:30:36 7,819,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\VISBRGR.DLL
+ 2007-06-20 10:34:38 190,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\VISIO.EXE
+ 2007-06-20 10:30:38 8,296,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\VISLIB.DLL
+ 2007-06-20 10:33:54 108,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040150900063D11C8EF10054038389C\11.0.8173\VISOCX.DLL
+ 2007-05-29 08:02:44 325,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\ATLCONV.DLL
+ 2007-05-29 06:48:24 354,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\MSWARP.DLL
+ 2007-05-29 08:02:44 951,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJ11OD11.DLL
+ 2007-05-29 06:48:18 280,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJ11TM11.DLL
+ 2006-01-17 20:48:06 146,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJMSGMGR.DLL
+ 2006-01-17 20:48:06 167,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJMSGSDR.DLL
+ 2007-05-29 06:48:30 4,323,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJOLEDB.DLL
+ 2007-05-29 06:48:20 304,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJRESC.DLL
+ 2007-05-29 06:48:14 223,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PJSPOOL.EXE
+ 2007-05-29 08:02:46 1,738,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\PRJRES.DLL
+ 2007-05-29 08:02:44 685,608 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\SERCONV.DLL
+ 2007-05-29 08:02:48 11,421,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.8173\WINPROJ.EXE
- 2008-03-20 08:03:43 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-27 01:05:15 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-03-20 08:03:43 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-27 01:05:15 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-20 08:03:43 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-27 01:05:15 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-03-20 08:03:43 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-27 01:05:15 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-20 08:03:44 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-27 01:05:15 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-20 08:03:44 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-27 01:05:15 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-20 08:03:44 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-27 01:05:15 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-20 08:03:44 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-27 01:05:15 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-20 08:03:43 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-27 01:05:15 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-03-20 08:03:43 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-27 01:05:15 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-03-20 08:03:44 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-27 01:05:16 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-20 08:03:43 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-27 01:05:15 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-20 08:03:43 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-27 01:05:15 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-04-04 21:17:45 135,168 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-27 01:05:43 135,168 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-04 21:17:45 4,096 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-27 01:05:43 4,096 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-04 21:17:45 147,456 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
+ 2008-04-27 01:05:43 147,456 ----a-r C:\WINDOWS\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\pj11icon.exe
- 2008-04-04 21:11:55 12,288 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-27 01:07:09 12,288 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-04 21:11:55 135,168 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-27 01:07:09 135,168 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-04 21:11:55 4,096 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-27 01:07:09 4,096 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-04 21:11:54 176,128 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe
+ 2008-04-27 01:07:08 176,128 ----a-r C:\WINDOWS\Installer\{90510409-6000-11D3-8CFE-0150048383C9}\visicon.exe
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-12-07 02:21:45 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-06-26 17:37:10 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-04 12:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-12-19 23:01:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:21:45 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-06 11:00:57 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:21:45 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:21:46 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-12-06 11:01:25 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-12-07 02:21:47 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-01 23:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-12-07 02:21:47 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:21:48 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:21:48 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:21:48 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:53:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:21:48 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:21:48 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:21:48 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-12-07 02:21:48 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 12:00:00 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-05 06:25:57 256,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-27 01:10:08 256,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 23:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Steam"="f:\valve\steam\steam.exe" [2008-03-28 15:52 1271032]
"AtiTrayTools"="F:\ATI Tray Tools\atitray.exe" [2007-05-22 04:04 521128]
"H/PC Connection Agent"="F:\ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"SpybotSD TeaTimer"="F:\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="F:\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"braviax"="C:\WINDOWS\system32\braviax.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-06-17 04:18 73728 C:\WINDOWS\system32\sstray.exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"P17Helper"="P17.dll" [2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll]
"MBM 5"="F:\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40 594944]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-02 01:07 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 14:07 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2006-01-06 14:07 348160]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-07 15:48 185784]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"DAEMON Tools"="F:\DAEMON Tools\daemon.exe" [2006-11-12 05:48 157592]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 07:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"WatchDog"="F:\mobile PhoneTools\WatchDog.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SmcService"="F:\Sygate\smc.exe" [2004-10-15 20:40 2577632]
"UltraMon"="F:\Ultramon\UltraMon.exe" [2006-10-12 21:27 304640]
"braviax"="C:\WINDOWS\system32\braviax.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="C:\WINDOWS\system32\advpack.dll" [2008-03-01 08:06 124928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 20:29 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Bluetooth.lnk - F:\Bluetooth\BTTray.exe [2006-06-07 18:05:38 553021]
Cisco Systems VPN Client.lnk - F:\Cisco Systems\VPN Client\vpngui.exe [2006-11-16 09:39:05 1528880]
hp psc 1000 series.lnk - F:\Hewlett Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 19:21:38 147456]
hpoddt01.exe.lnk - F:\Hewlett Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 19:11:12 28672]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-22 21:55:17 784912]
Microsoft Office OneNote 2003 Quick Launch.lnk - F:\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]
Monitor Apache Servers.lnk - F:\Apache Group\Apache2\bin\ApacheMonitor.exe [2008-01-17 23:59:58 41042]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 F:\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 setuid

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\AIM95\\aim.exe"=
"F:\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"F:\\mIRC\\mirc.exe"=
"F:\\Trillian\\trillian.exe"=
"F:\\MySQL 5.0 GUI\\MySQLQueryBrowser.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"F:\ActiveSync\rapimgr.exe"= F:\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"F:\ActiveSync\wcescomm.exe"= F:\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"F:\ActiveSync\WCESMgr.exe"= F:\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"F:\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Yahoo!\\Messenger\\YServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:Cisco VPN Service
"44616:TCP"= 44616:TCP:utorrent
"3306:TCP"= 3306:TCP:MySQL
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys [2006-01-12 12:56]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2004-11-01 12:21]
R1 atitray;atitray;F:\ATI Tray Tools\atitray.sys [2007-05-22 04:04]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2005-03-30 11:22]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2005-03-30 11:22]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2005-03-30 11:22]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
S2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);C:\WINDOWS\system32\Drivers\icd2w2k.sys [2004-03-22 02:43]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;C:\WINDOWS\system32\drivers\libusb0.sys [2007-03-20 11:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e184580c-a1b7-11dc-9a5b-00508de39a8e}]
\Shell\AutoRun\command - E:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 20:17:50 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1200946479.job"
- F:\Hewlett Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-04-27 05:31:47 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 00:29:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"F:\MySQL 5.0 Server\bin\mysqld-nt\" --defaults-file=\"F:\MySQL 5.0 Server\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> F:\ATI Tray Tools\raphook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
F:\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Bluetooth\bin\btwdins.exe
F:\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\CVSNT\cvsservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\Apache Group\Apache2\bin\Apache.exe
F:\MySQL 5.0 Server\bin\mysqld-nt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
F:\Ultramon\UltraMonTaskbar.exe
F:\ACTIVE~1\rapimgr.exe
F:\Hewlett Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
F:\Hewlett Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2008-04-27 0:35:13 - machine was rebooted [Jacob]
ComboFix-quarantined-files.txt 2008-04-27 05:34:58
ComboFix2.txt 2008-04-27 00:32:50

Pre-Run: 1,836,728,320 bytes free
Post-Run: 1,828,978,688 bytes free

487 --- E O F --- 2008-04-27 01:41:36

When uploading the file to the website, nothing was detected. I noticed whenever the ComboFix.exe was running several viruses popped up. Sorry for the late reply, it took a while to do that first scan.
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
What kind of viruses? Where were they located?

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\braviax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\braviax

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Run combofix again and post the log here.
  • 0

#7
theterk

theterk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\braviax >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\braviax deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\braviax >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\braviax deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04272008_171701


ComboFix 08-04-26.1 - Jacob 2008-04-27 17:19:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.214 [GMT -5:00]
Running from: C:\Documents and Settings\Jacob\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-05-18 12:15 . 2008-05-18 12:15 89,600 --a------ C:\WINDOWS\system32\atl71.dll
2008-04-27 17:17 . 2008-04-27 17:17 <DIR> d-------- C:\_OTMoveIt
2008-04-26 20:34 . 2008-04-26 20:34 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\Malwarebytes
2008-04-26 20:34 . 2008-04-26 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 22:46 . 2008-04-21 22:47 <DIR> d-------- C:\MCC18
2008-04-21 22:39 . 2008-04-21 22:39 <DIR> d-------- C:\Documents and Settings\digerati\Application Data\Realtime Soft
2008-04-21 22:39 . 2008-04-21 22:39 <DIR> d-------- C:\Documents and Settings\digerati\Application Data\Logitech
2008-04-21 22:38 . 2008-04-21 22:38 <DIR> d-------- C:\Documents and Settings\digerati
2008-04-21 22:38 . 2008-04-27 17:23 1,024 --ah----- C:\Documents and Settings\digerati\NTUSER.dat.LOG
2008-04-21 16:21 . 2008-04-21 16:24 <DIR> d-------- C:\Program Files\Panda Security
2008-04-21 16:17 . 2008-04-21 16:17 <DIR> d-------- C:\My Music
2008-04-21 16:09 . 2008-04-21 16:09 0 --a------ C:\WINDOWS\SMMVSplitter.INI
2008-04-10 19:06 . 2008-02-19 14:39 191,424 --a------ C:\WINDOWS\system32\drivers\windrvr6.sys
2008-04-10 19:05 . 2008-02-19 14:42 143,360 --a------ C:\WINDOWS\system32\wdapi920.dll
2008-04-10 19:05 . 2006-10-18 14:29 102,400 --a------ C:\WINDOWS\system32\wdapi811.dll
2008-04-10 19:04 . 2008-04-10 19:04 <DIR> d-------- C:\Program Files\Atmel
2008-04-05 15:18 . 2008-04-05 15:18 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft
2008-04-05 15:18 . 2008-04-05 15:18 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\Realtime Soft
2008-04-05 15:18 . 2008-04-05 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-04-04 22:57 . 2008-04-04 22:57 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\SUPERAntiSpyware.com
2008-04-04 22:57 . 2008-04-04 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-04 14:24 . 2008-04-04 14:27 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-04 14:17 . 2008-04-04 14:17 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-04-04 14:17 . 2008-04-04 14:17 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-04 14:11 . 2008-04-04 14:11 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-04-04 12:48 . 2008-04-04 16:09 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-04-04 12:47 . 2008-04-04 12:47 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-04-04 12:47 . 2008-04-04 12:47 <DIR> d-------- C:\Program Files\Microsoft Device Emulator
2008-04-04 12:28 . 2008-04-04 12:28 <DIR> d-------- C:\WINDOWS\Symbols
2008-04-04 12:28 . 2008-04-04 12:39 <DIR> d-------- C:\Program Files\HTML Help Workshop
2008-04-04 12:28 . 2008-04-04 12:38 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-04-04 12:28 . 2008-04-04 12:28 <DIR> d-------- C:\Program Files\CE Remote Tools
2008-04-04 12:28 . 2008-04-04 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-04-04 12:24 . 2008-04-04 12:24 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-04 12:24 . 2008-04-04 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-29 19:33 . 2008-03-29 19:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 22:39 --------- d-----w C:\Documents and Settings\Jacob\Application Data\uTorrent
2008-04-24 00:56 --------- d-----w C:\Documents and Settings\Jacob\Application Data\MySQL
2008-04-22 19:40 --------- d-----w C:\Documents and Settings\Jacob\Application Data\FileZilla
2008-04-22 03:32 --------- d-----w C:\Program Files\Microchip
2008-04-11 00:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 23:28 --------- d-----w C:\Program Files\ATI Technologies
2008-04-05 03:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 17:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-04 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 00:40 --------- d-----w C:\Documents and Settings\Jacob\Application Data\Lavasoft
2008-03-26 00:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-26 00:54 --------- d-----w C:\Program Files\Yahoo!
2008-03-24 17:40 --------- d--h--r C:\Documents and Settings\Jacob\Application Data\Microchip
2008-03-21 05:34 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-27 19:02 --------- d-----w C:\Documents and Settings\Jacob\Application Data\AdobeUM
2008-02-02 19:13 92,064 ----a-w C:\Documents and Settings\Jacob\mqdmmdm.sys
2008-02-02 19:13 9,232 ----a-w C:\Documents and Settings\Jacob\mqdmmdfl.sys
2008-02-02 19:13 79,328 ----a-w C:\Documents and Settings\Jacob\mqdmserd.sys
2008-02-02 19:13 66,656 ----a-w C:\Documents and Settings\Jacob\mqdmbus.sys
2008-02-02 19:13 6,208 ----a-w C:\Documents and Settings\Jacob\mqdmcmnt.sys
2008-02-02 19:13 5,936 ----a-w C:\Documents and Settings\Jacob\mqdmwhnt.sys
2008-02-02 19:13 4,048 ----a-w C:\Documents and Settings\Jacob\mqdmcr.sys
2008-02-02 19:13 25,600 ----a-w C:\Documents and Settings\Jacob\usbsermptxp.sys
2008-02-02 19:13 22,768 ----a-w C:\Documents and Settings\Jacob\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot_2008-04-27_ 0.34.40.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 05:28:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 22:23:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Steam"="f:\valve\steam\steam.exe" [2008-03-28 15:52 1271032]
"AtiTrayTools"="F:\ATI Tray Tools\atitray.exe" [2007-05-22 04:04 521128]
"H/PC Connection Agent"="F:\ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"SpybotSD TeaTimer"="F:\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="F:\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"braviax"="C:\WINDOWS\system32\braviax.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-06-17 04:18 73728 C:\WINDOWS\system32\sstray.exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"P17Helper"="P17.dll" [2005-05-03 19:38 64512 C:\WINDOWS\system32\P17.dll]
"MBM 5"="F:\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40 594944]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-02 01:07 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 14:07 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2006-01-06 14:07 348160]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-07 15:48 185784]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"DAEMON Tools"="F:\DAEMON Tools\daemon.exe" [2006-11-12 05:48 157592]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 07:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"WatchDog"="F:\mobile PhoneTools\WatchDog.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SmcService"="F:\Sygate\smc.exe" [2004-10-15 20:40 2577632]
"UltraMon"="F:\Ultramon\UltraMon.exe" [2006-10-12 21:27 304640]
"braviax"="C:\WINDOWS\system32\braviax.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="C:\WINDOWS\system32\advpack.dll" [2008-03-01 08:06 124928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 20:29 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Bluetooth.lnk - F:\Bluetooth\BTTray.exe [2006-06-07 18:05:38 553021]
Cisco Systems VPN Client.lnk - F:\Cisco Systems\VPN Client\vpngui.exe [2006-11-16 09:39:05 1528880]
hp psc 1000 series.lnk - F:\Hewlett Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-09 19:21:38 147456]
hpoddt01.exe.lnk - F:\Hewlett Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 19:11:12 28672]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-22 21:55:17 784912]
Microsoft Office OneNote 2003 Quick Launch.lnk - F:\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]
Monitor Apache Servers.lnk - F:\Apache Group\Apache2\bin\ApacheMonitor.exe [2008-01-17 23:59:58 41042]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 F:\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 setuid

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\AIM95\\aim.exe"=
"F:\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"F:\\mIRC\\mirc.exe"=
"F:\\Trillian\\trillian.exe"=
"F:\\MySQL 5.0 GUI\\MySQLQueryBrowser.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"F:\ActiveSync\rapimgr.exe"= F:\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"F:\ActiveSync\wcescomm.exe"= F:\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"F:\ActiveSync\WCESMgr.exe"= F:\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"F:\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Yahoo!\\Messenger\\YServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:Cisco VPN Service
"44616:TCP"= 44616:TCP:utorrent
"3306:TCP"= 3306:TCP:MySQL
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys [2006-01-12 12:56]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2004-11-01 12:21]
R1 atitray;atitray;F:\ATI Tray Tools\atitray.sys [2007-05-22 04:04]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2005-03-30 11:22]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2005-03-30 11:22]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2005-03-30 11:22]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
S2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS);C:\WINDOWS\system32\Drivers\icd2w2k.sys [2004-03-22 02:43]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;C:\WINDOWS\system32\drivers\libusb0.sys [2007-03-20 11:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e184580c-a1b7-11dc-9a5b-00508de39a8e}]
\Shell\AutoRun\command - E:\LaunchU3.exe

*Newly Created Service* - ENTDRV51

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 20:17:50 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1200946479.job"
- F:\Hewlett Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-04-27 22:26:28 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 17:24:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"F:\MySQL 5.0 Server\bin\mysqld-nt\" --defaults-file=\"F:\MySQL 5.0 Server\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> F:\ATI Tray Tools\raphook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
F:\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\Bluetooth\bin\btwdins.exe
F:\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\CVSNT\cvslock.exe
C:\Program Files\CVSNT\cvsservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\MySQL 5.0 Server\bin\mysqld-nt.exe
F:\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
F:\Ultramon\UltraMonTaskbar.exe
F:\ACTIVE~1\rapimgr.exe
F:\Hewlett Packard\Digital Imaging\bin\hpoevm08.exe
F:\Hewlett Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-04-27 17:30:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-27 22:29:45
ComboFix2.txt 2008-04-27 05:35:14
ComboFix3.txt 2008-04-27 00:32:50

Pre-Run: 1,825,071,104 bytes free
Post-Run: 1,814,536,192 bytes free

250 --- E O F --- 2008-04-27 08:04:26


This time when running combo only this virus popped up,
Name Detected As:
Av-test.txt EICAR test file.

Do I need to uninstall Spybot S&D? it constantly asks me to allow changes to the registry, which could be the programs or the trojan? let me know
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Allow the changes....we need to fix something using the CFScript and Spybot keeps blocking it. Either allow it or disable the TeaTimer feature.

Let it remove the bad registry values. Then see if anything is still being detected by your antivirus/antispyware programs.
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP