Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vundo need help please [RESOLVED]

Started by WeeBubba , May 03 2008 06:23 PM

  • This topic is locked This topic is locked

#1
WeeBubba
Posted 03 May 2008 - 06:23 PM

WeeBubba

    New Member

  • Member
  • Pip
  • 6 posts
hi there. and thanks for help with this. i ran vundo fix but my AV is still saying i am infected. i am posting my vundo and hijackthis logs below in the hope that you will help me remove this pesky virus. many thanks.

HijackThis log (after removing vundo fix and rebooting)
----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:50, on 4/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\EditPlus 2\editplus.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1180857983625
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/...rp.cab56961.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C203F1A-9D7F-45ED-B753-033C65261541}: NameServer = 61.9.194.49,61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBE47EE6-B36F-42CB-A9A8-F2F5B852BA3D}: NameServer = 61.9.194.49,61.9.195.193
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C203F1A-9D7F-45ED-B753-033C65261541}: NameServer = 61.9.194.49,61.9.195.193
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C203F1A-9D7F-45ED-B753-033C65261541}: NameServer = 61.9.194.49,61.9.195.193
O17 - HKLM\System\CS3\Services\Tcpip\..\{1C203F1A-9D7F-45ED-B753-033C65261541}: NameServer = 61.9.194.49,61.9.195.193
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBExpertBackupRestore - HK-Software - C:\Program Files\HK-Software\IBExpertBackupRestore\hkIBRS.exe
O23 - Service: IBExpertJobScheduler - HK-Software - C:\Program Files\HK-Software\IBExpertJobScheduler\hkJS.exe
O23 - Service: IBExpertSQLMonitor - HK-Software - C:\Program Files\HK-Software\IBExpertSQLMonitor\hkProxy.exe
O23 - Service: IBExpertSQLMonitorDB - HK-Software - C:\Program Files\HK-Software\IBExpertSQLMonitor\StatToDB.exe
O23 - Service: IBExpertSQLMonitorHtmlMaker - HK-Software - C:\Program Files\HK-Software\IBExpertSQLMonitor\StatToHtml.exe
O23 - Service: IBExpertTransactionMonitor - Unknown owner - C:\Program Files\HK-Software\IBExpertTransactionMonitor\hkTRmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12881 bytes


------------------------------------------------------

Vundo fix log
------------------------------------------------------


VundoFix V7.0.3

Scan started at 09:41:17 4/05/2008

Listing files found while scanning....

C:\Program Files\PowerISO\PWRISOSH.DLL

Beginning removal...

Attempting to delete C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V7.0.3

Scan started at 10:08:03 4/05/2008

Listing files found while scanning....
  • 0

Advertisements

#2
greyknight17
Posted 03 May 2008 - 07:09 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
WeeBubba
Posted 03 May 2008 - 07:31 PM

WeeBubba

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hi greyknight. thanks for the help with this. i did as you instructed and here is the log...



ComboFix 08-05-01.3 - Martin 2008-05-04 11:17:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1266 [GMT 10:00]
Running from: C:\Documents and Settings\Martin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\khfFwxyX.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-04 11:17 . 2008-05-04 11:17 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-04 10:22 . 2008-05-04 10:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-04 09:41 . 2008-05-04 10:06 <DIR> d-------- C:\VundoFix Backups
2008-05-03 19:30 . 2008-05-03 19:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 19:30 . 2008-05-03 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-03 10:56 . 2008-04-14 05:42 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-05-03 10:56 . 2008-04-14 05:41 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2008-05-03 10:56 . 2008-04-14 05:41 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2008-05-03 10:56 . 2008-04-14 05:41 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-05-03 10:56 . 2008-04-13 22:57 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-05-03 10:56 . 2008-04-14 00:13 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-05-03 10:53 . 2008-05-03 10:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-03 10:53 . 2008-04-14 05:39 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-03 10:49 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003241_.tmp
2008-05-03 09:45 . 2008-05-03 09:45 <DIR> d-------- C:\Program Files\Microsoft File Transfer Manager
2008-04-25 12:56 . 2008-04-25 13:03 <DIR> d-------- C:\Program Files\Eraser
2008-04-25 12:56 . 2006-12-26 10:22 618,496 --a------ C:\WINDOWS\system32\Eraser.dll
2008-04-25 12:56 . 2006-12-26 10:22 286,720 --a------ C:\WINDOWS\system32\erasext.dll
2008-04-25 12:56 . 2006-12-26 10:22 241,664 --a------ C:\WINDOWS\system32\eraserl.exe
2008-04-25 12:33 . 2008-04-25 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-04-25 12:31 . 2008-04-25 12:31 <DIR> d-------- C:\Program Files\SlySoft
2008-04-25 12:21 . 2008-04-25 12:21 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2008-04-25 12:21 . 2008-04-25 12:21 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\Systweak
2008-04-25 11:59 . 2008-04-25 11:59 <DIR> d-------- C:\Program Files\Total Uninstall 4
2008-04-25 11:59 . 2008-04-25 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Martau
2008-04-25 11:56 . 2008-04-25 11:56 42 --a------ C:\WINDOWS\system32\RegistryGenius.lie
2008-04-25 11:55 . 2008-04-25 12:19 <DIR> d-------- C:\Program Files\Registry Genius
2008-04-17 09:53 . 2008-04-17 09:53 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\Microsoft FxCop
2008-04-17 09:51 . 2008-04-17 09:51 <DIR> d-------- C:\Program Files\SharpDevelop
2008-04-17 09:51 . 2008-04-17 09:51 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\ICSharpCode
2008-04-17 09:42 . 2008-04-17 09:42 <DIR> d-------- C:\Program Files\NCover
2008-04-15 16:22 . 2008-04-09 15:02 147,704 --a------ C:\WINDOWS\system32\DevExpress.XtraGrid.Appearances.xml
2008-04-15 16:22 . 2008-04-09 15:02 93,406 --a------ C:\WINDOWS\system32\DevExpress.XtraTreeList.Appearances.xml
2008-04-15 16:22 . 2008-04-09 15:02 70,736 --a------ C:\WINDOWS\system32\DevExpress.XtraVerticalGrid.Appearances.xml
2008-04-14 21:01 . 2008-04-14 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-14 20:26 . 1996-11-11 08:00 51,472 -ra------ C:\WINDOWS\system32\dllcache\IMAGECFG.EXE
2008-04-14 20:24 . 1996-11-11 08:00 51,472 -ra------ C:\WINDOWS\system32\IMAGECFG.EXE
2008-04-14 18:10 . 2008-04-14 19:56 <DIR> d-------- C:\Program Files\LucasArts
2008-04-14 18:10 . 1997-01-18 10:40 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-14 05:42 . 2008-04-14 05:42 20,992 --------- C:\WINDOWS\system32\spupdwxp.exe
2008-04-14 05:42 . 2008-04-14 05:42 20,992 --------- C:\WINDOWS\system32\faxpatch.exe
2008-04-14 05:42 . 2008-04-14 05:42 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-04-13 20:53 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-04-13 20:53 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-04-12 13:30 . 2008-04-12 13:30 <DIR> d-------- C:\Program Files\OpenAL
2008-04-12 13:30 . 2008-04-12 13:30 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-04-12 13:30 . 2008-04-12 13:30 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-04-10 23:19 . 2008-04-10 23:19 97,728 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-04-06 07:12 . 2008-04-06 07:12 244 --ah----- C:\sqmnoopt13.sqm
2008-04-06 07:12 . 2008-04-06 07:12 232 --ah----- C:\sqmdata13.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 00:00 --------- d-----w C:\Program Files\PowerISO
2008-05-03 00:34 --------- d-----w C:\Documents and Settings\Martin\Application Data\Skype
2008-04-27 09:48 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-26 23:29 --------- d-----w C:\Documents and Settings\Martin\Application Data\ZoomBrowser EX
2008-04-26 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-04-25 02:57 3,209,216 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-04-23 07:04 --------- d-----w C:\Program Files\EditPlus 2
2008-04-22 06:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-19 11:36 3,015,168 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-04-18 11:52 526,336 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-04-15 06:19 --------- d-----w C:\Program Files\Developer Express .NET v8.1
2008-04-14 21:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-14 12:22 2,636,800 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-04-14 11:15 4,404,736 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-04-14 11:15 2,651,648 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-04-14 01:53 --------- d-----w C:\Program Files\BitComet
2008-04-13 19:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-13 19:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-13 19:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-13 19:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-13 19:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-13 19:43 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-13 19:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-13 19:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-13 19:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-13 19:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-13 19:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-13 19:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-13 19:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-13 19:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 15:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 14:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 14:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 14:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 14:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 14:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 14:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 14:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 14:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 14:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 14:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 14:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 14:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 14:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 14:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 14:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 14:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 14:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 14:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 14:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 14:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 14:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 14:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 14:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 14:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 14:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 14:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 14:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 14:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 14:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 14:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 14:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 14:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 14:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 14:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 14:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 14:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 14:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 14:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 14:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 14:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 14:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 14:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 14:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 14:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 14:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 14:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 14:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 14:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 14:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 14:21 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 14:15 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-13 14:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 14:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 14:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 14:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 14:13 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 14:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 14:13 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 14:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 14:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
2008-04-13 14:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 14:09 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 14:09 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys
2008-04-13 14:09 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 14:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 14:09 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 14:09 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2008-04-13 14:09 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys
2008-04-13 14:09 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:42 1695232]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 20:02 786521]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 22:22 110592]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 07:22 3739648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 20:33 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 12:35 319488]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-20 17:05 8491008]
"nwiz"="nwiz.exe" [2007-09-20 17:05 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-20 17:05 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 08:32 262401]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 05:42 143360]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [1999-10-11 03:00 41984]
"CmUsbAudio"="cmcnfg2.cpl" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/1/2007 3:38:57 PM 113664]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [5/16/2006 11:42:52 AM 1777664]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/27/2007 5:24:41 PM 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\Copy of RelicCOH.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7223:TCP"= 7223:TCP:BitComet 7223 TCP
"7223:UDP"= 7223:UDP:BitComet 7223 UDP
"50002:TCP"= 50002:TCP:BitComet 50002 TCP
"50002:UDP"= 50002:UDP:BitComet 50002 UDP

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [2007-09-03 16:13]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-09-03 16:13]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);C:\WINDOWS\system32\drivers\averhbtv.sys [2006-10-19 20:23]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-03-22 14:53]
S3 cmuda2;C-Media USB Audio Interface;C:\WINDOWS\system32\drivers\cmuda2.sys [2004-01-06 14:21]
S3 IBExpertBackupRestore;IBExpertBackupRestore;C:\Program Files\HK-Software\IBExpertBackupRestore\hkIBRS.exe [2007-12-08 11:04]
S3 IBExpertJobScheduler;IBExpertJobScheduler;C:\Program Files\HK-Software\IBExpertJobScheduler\hkJS.exe [2007-12-08 11:04]
S3 IBExpertSQLMonitor;IBExpertSQLMonitor;C:\Program Files\HK-Software\IBExpertSQLMonitor\hkProxy.exe [2007-12-08 11:05]
S3 IBExpertSQLMonitorDB;IBExpertSQLMonitorDB;C:\Program Files\HK-Software\IBExpertSQLMonitor\StatToDB.exe [2007-12-08 11:05]
S3 IBExpertSQLMonitorHtmlMaker;IBExpertSQLMonitorHtmlMaker;C:\Program Files\HK-Software\IBExpertSQLMonitor\StatToHtml.exe [2007-12-08 11:05]
S3 IBExpertTransactionMonitor;IBExpertTransactionMonitor;C:\Program Files\HK-Software\IBExpertTransactionMonitor\hkTRmon.exe [2007-12-08 11:04]
S3 SinoTPM;Driver For SINOSUN Trusted Platform Module;C:\WINDOWS\system32\DRIVERS\SinoTpm.sys [2006-06-12 17:21]
S3 uisp;Motorola USB ICP driver;C:\WINDOWS\system32\Drivers\usbicp.sys []
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
S4 TimeTRACER - Service Manager;TimeTRACER - Service Manager;C:\Program Files\TimeTRACER\TTServices.exe []

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 11:25:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
Completion time: 2008-05-04 11:28:43
ComboFix-quarantined-files.txt 2008-05-04 01:26:55

Pre-Run: 46,336,081,920 bytes free
Post-Run: 46,586,023,936 bytes free

289 --- E O F --- 2008-04-10 22:07:02
  • 0

#4
WeeBubba
Posted 04 May 2008 - 01:33 AM

WeeBubba

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hi can anybody help please ive been waiting by the computer for a reply

thanks
  • 0

#5
greyknight17
Posted 04 May 2008 - 12:24 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please be patient. We are all volunteers here and can't be on the computer 24/7. Give up to 3 days for a reply. Most of us should be able to reply back within a day's time though. As you can see, some of these logs are long also and will take some time to look at.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
C:\WINDOWS\003241_.tmp
C:\WINDOWS\Internet Logs\xDB11.tmp
C:\WINDOWS\Internet Logs\xDB10.tmp
C:\WINDOWS\Internet Logs\xDBF.tmp
C:\WINDOWS\Internet Logs\xDBE.tmp
C:\WINDOWS\Internet Logs\xDBC.tmp
C:\WINDOWS\Internet Logs\xDBD.tmp

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

#6
WeeBubba
Posted 04 May 2008 - 04:34 PM

WeeBubba

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hi. sorry for double posting before. and thankyou for YOUR patience with me. :) here is log. AV still showing infected on my PC last time PC was on...


ComboFix 08-05-01.3 - Martin 2008-05-05 8:20:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1417 [GMT 10:00]
Running from: C:\Resources\Temp\ComboFix.exe
Command switches used :: C:\Resources\Temp\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-04 11:17 . 2008-05-05 08:19 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-04 10:22 . 2008-05-04 10:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-03 19:30 . 2008-05-03 19:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 19:30 . 2008-05-03 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-03 10:56 . 2008-04-14 05:42 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-05-03 10:56 . 2008-04-14 05:41 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2008-05-03 10:56 . 2008-04-14 05:41 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2008-05-03 10:56 . 2008-04-14 05:41 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-05-03 10:56 . 2008-04-13 22:57 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-05-03 10:56 . 2008-04-14 00:13 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-05-03 10:53 . 2008-05-03 10:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-03 10:53 . 2008-04-14 05:39 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-03 10:49 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003241_.tmp
2008-05-03 09:45 . 2008-05-03 09:45 <DIR> d-------- C:\Program Files\Microsoft File Transfer Manager
2008-04-25 12:56 . 2008-04-25 13:03 <DIR> d-------- C:\Program Files\Eraser
2008-04-25 12:56 . 2006-12-26 10:22 618,496 --a------ C:\WINDOWS\system32\Eraser.dll
2008-04-25 12:56 . 2006-12-26 10:22 286,720 --a------ C:\WINDOWS\system32\erasext.dll
2008-04-25 12:56 . 2006-12-26 10:22 241,664 --a------ C:\WINDOWS\system32\eraserl.exe
2008-04-25 12:33 . 2008-04-25 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-04-25 12:31 . 2008-04-25 12:31 <DIR> d-------- C:\Program Files\SlySoft
2008-04-25 12:21 . 2008-04-25 12:21 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2008-04-25 12:21 . 2008-04-25 12:21 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\Systweak
2008-04-25 11:59 . 2008-04-25 11:59 <DIR> d-------- C:\Program Files\Total Uninstall 4
2008-04-25 11:59 . 2008-04-25 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Martau
2008-04-25 11:56 . 2008-04-25 11:56 42 --a------ C:\WINDOWS\system32\RegistryGenius.lie
2008-04-25 11:55 . 2008-04-25 12:19 <DIR> d-------- C:\Program Files\Registry Genius
2008-04-17 09:53 . 2008-04-17 09:53 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\Microsoft FxCop
2008-04-17 09:51 . 2008-04-17 09:51 <DIR> d-------- C:\Program Files\SharpDevelop
2008-04-17 09:51 . 2008-04-17 09:51 <DIR> d-------- C:\Documents and Settings\Martin\Application Data\ICSharpCode
2008-04-17 09:42 . 2008-04-17 09:42 <DIR> d-------- C:\Program Files\NCover
2008-04-15 16:22 . 2008-04-09 15:02 147,704 --a------ C:\WINDOWS\system32\DevExpress.XtraGrid.Appearances.xml
2008-04-15 16:22 . 2008-04-09 15:02 93,406 --a------ C:\WINDOWS\system32\DevExpress.XtraTreeList.Appearances.xml
2008-04-15 16:22 . 2008-04-09 15:02 70,736 --a------ C:\WINDOWS\system32\DevExpress.XtraVerticalGrid.Appearances.xml
2008-04-14 21:01 . 2008-04-14 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-14 20:26 . 1996-11-11 08:00 51,472 -ra------ C:\WINDOWS\system32\dllcache\IMAGECFG.EXE
2008-04-14 20:24 . 1996-11-11 08:00 51,472 -ra------ C:\WINDOWS\system32\IMAGECFG.EXE
2008-04-14 18:10 . 2008-04-14 19:56 <DIR> d-------- C:\Program Files\LucasArts
2008-04-14 18:10 . 1997-01-18 10:40 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-14 05:42 . 2008-04-14 05:42 20,992 --------- C:\WINDOWS\system32\spupdwxp.exe
2008-04-14 05:42 . 2008-04-14 05:42 20,992 --------- C:\WINDOWS\system32\faxpatch.exe
2008-04-14 05:42 . 2008-04-14 05:42 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-04-13 20:53 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-04-13 20:53 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-04-12 13:30 . 2008-04-12 13:30 <DIR> d-------- C:\Program Files\OpenAL
2008-04-12 13:30 . 2008-04-12 13:30 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-04-12 13:30 . 2008-04-12 13:30 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-04-10 23:19 . 2008-04-10 23:19 97,728 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-04-06 07:12 . 2008-04-06 07:12 244 --ah----- C:\sqmnoopt13.sqm
2008-04-06 07:12 . 2008-04-06 07:12 232 --ah----- C:\sqmdata13.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 22:09 12,485,946 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-04 00:00 --------- d-----w C:\Program Files\PowerISO
2008-05-03 00:34 --------- d-----w C:\Documents and Settings\Martin\Application Data\Skype
2008-04-27 09:48 --------- d-----w C:\Program Files\PeerGuardian2
2008-04-26 23:29 --------- d-----w C:\Documents and Settings\Martin\Application Data\ZoomBrowser EX
2008-04-26 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-04-25 02:57 3,209,216 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-04-23 07:04 --------- d-----w C:\Program Files\EditPlus 2
2008-04-22 06:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-19 11:36 3,015,168 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-04-18 11:52 526,336 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-04-15 06:19 --------- d-----w C:\Program Files\Developer Express .NET v8.1
2008-04-14 21:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-14 12:22 2,636,800 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-04-14 11:15 4,404,736 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-04-14 11:15 2,651,648 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-04-14 01:53 --------- d-----w C:\Program Files\BitComet
2008-04-13 19:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-13 19:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-13 19:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-13 19:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-13 19:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-13 19:43 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-13 19:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-13 19:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-13 19:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-13 19:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-13 19:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-13 19:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-13 19:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-13 19:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 15:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 14:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 14:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 14:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 14:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 14:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 14:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 14:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 14:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 14:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 14:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 14:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 14:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 14:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 14:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 14:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 14:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 14:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 14:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 14:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 14:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 14:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 14:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 14:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 14:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 14:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 14:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 14:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 14:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 14:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 14:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 14:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 14:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 14:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 14:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 14:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 14:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 14:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 14:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 14:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 14:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 14:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 14:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 14:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 14:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 14:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 14:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 14:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 14:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 14:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 14:21 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 14:15 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-13 14:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 14:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 14:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 14:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 14:13 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 14:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 14:13 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 14:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 14:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
2008-04-13 14:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 14:09 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 14:09 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys
2008-04-13 14:09 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-13 14:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-13 14:09 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-13 14:09 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2008-04-13 14:09 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:42 1695232]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 20:02 786521]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 22:22 110592]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 07:22 3739648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 20:33 53248]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 12:35 319488]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-20 17:05 8491008]
"nwiz"="nwiz.exe" [2007-09-20 17:05 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-20 17:05 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 08:32 262401]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 05:42 143360]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [1999-10-11 03:00 41984]
"CmUsbAudio"="cmcnfg2.cpl" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/1/2007 3:38:57 PM 113664]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [5/16/2006 11:42:52 AM 1777664]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/27/2007 5:24:41 PM 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\Copy of RelicCOH.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7223:TCP"= 7223:TCP:BitComet 7223 TCP
"7223:UDP"= 7223:UDP:BitComet 7223 UDP
"50002:TCP"= 50002:TCP:BitComet 50002 TCP
"50002:UDP"= 50002:UDP:BitComet 50002 UDP

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [2007-09-03 16:13]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-09-03 16:13]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);C:\WINDOWS\system32\drivers\averhbtv.sys [2006-10-19 20:23]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-03-22 14:53]
S3 cmuda2;C-Media USB Audio Interface;C:\WINDOWS\system32\drivers\cmuda2.sys [2004-01-06 14:21]
S3 IBExpertBackupRestore;IBExpertBackupRestore;C:\Program Files\HK-Software\IBExpertBackupRestore\hkIBRS.exe [2007-12-08 11:04]
S3 IBExpertJobScheduler;IBExpertJobScheduler;C:\Program Files\HK-Software\IBExpertJobScheduler\hkJS.exe [2007-12-08 11:04]
S3 IBExpertSQLMonitor;IBExpertSQLMonitor;C:\Program Files\HK-Software\IBExpertSQLMonitor\hkProxy.exe [2007-12-08 11:05]
S3 IBExpertSQLMonitorDB;IBExpertSQLMonitorDB;C:\Program Files\HK-Software\IBExpertSQLMonitor\StatToDB.exe [2007-12-08 11:05]
S3 IBExpertSQLMonitorHtmlMaker;IBExpertSQLMonitorHtmlMaker;C:\Program Files\HK-Software\IBExpertSQLMonitor\StatToHtml.exe [2007-12-08 11:05]
S3 IBExpertTransactionMonitor;IBExpertTransactionMonitor;C:\Program Files\HK-Software\IBExpertTransactionMonitor\hkTRmon.exe [2007-12-08 11:04]
S3 SinoTPM;Driver For SINOSUN Trusted Platform Module;C:\WINDOWS\system32\DRIVERS\SinoTpm.sys [2006-06-12 17:21]
S3 uisp;Motorola USB ICP driver;C:\WINDOWS\system32\Drivers\usbicp.sys []
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
S4 TimeTRACER - Service Manager;TimeTRACER - Service Manager;C:\Program Files\TimeTRACER\TTServices.exe []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 08:25:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
-> C:\Program Files\TortoiseSVN\iconv\windows-1252.so
-> C:\Program Files\TortoiseSVN\iconv\utf-8.so
.
Completion time: 2008-05-05 8:27:57
ComboFix-quarantined-files.txt 2008-05-04 22:26:52

Pre-Run: 46,642,106,368 bytes free
Post-Run: 46,603,100,160 bytes free

289 --- E O F --- 2008-04-10 22:07:02
  • 0

#7
greyknight17
Posted 04 May 2008 - 05:20 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Can you tell us where the infected files are detected by your AV software?
  • 0

#8
WeeBubba
Posted 04 May 2008 - 06:31 PM

WeeBubba

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hi

it found one in c:\system volume information
  • 0

#9
greyknight17
Posted 04 May 2008 - 08:22 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
That's all we needed to know :)

Go to Start->Run, copy/paste in combofix /u and hit OK to remove it. This will also clear your system restore points which fixes the "issue" you have there.

Any problems now?
  • 0

#10
WeeBubba
Posted 04 May 2008 - 11:37 PM

WeeBubba

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
i just did a second virus scan and now it's showing clean.

great job - i hope you guys are getting rich from this service - you sure deserve to!
  • 0

#11
greyknight17
Posted 05 May 2008 - 06:59 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Yep, should have asked you where it was being found in the first place :)

Get rich? LOL....we're all volunteers here :)

Glad your issue is resolved.
  • 0

#12
greyknight17
Posted 05 May 2008 - 06:59 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP