Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Concerned about possible keylogger? [CLOSED]

Started by Magneto , Jun 27 2008 01:21 AM

  • This topic is locked This topic is locked

#1
Magneto
Posted 27 June 2008 - 01:21 AM

Magneto

    New Member

  • Member
  • Pip
  • 4 posts
I want to make sure that there is no keylogger installed on my system.I know that hotkey sequences are used to enter passwords to keyloggers.This is one I found which concerned me.

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

here is my HJT log. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:37 AM, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
O:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rutexllvp...vENpwpr738.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.c...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: HTML Exploits Prevent - {245463AB-6F21-456A-9EB4-FAB802DB8062} - C:\WINDOWS\System32\nsw15.dll (file missing)
O2 - BHO: trafficninja.biz extension - {266A3562-AB67-480E-9F09-D54604FD817B} - C:\WINDOWS\System32\ninjaext.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Anti-keylogger] C:\Program Files\Anti-keylogger\Anti-keylogger.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\System32\mstask.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GB-PVR Recording Service - - C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


--
End of file - 12598 bytes
  • 0

Advertisements

#2
sage5
Posted 27 June 2008 - 07:22 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Magneto,

Welcome to Geeks to Go!
I am sage5, and I will be helping you with this problem.

You do not need to worry about that entry, it is a harmless bit of software that is installed to support Intel hardware, like on-board graphics.

Please download the following & save to your Desktop:
ComboFix
Malwarebytes' Anti-Malware from Here or Here


The real time protection used by programs like Windows Defender can interfere with malware cleaning procedures.
Please follow the steps below to temporarily disable Windows Defender
  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • After you uncheck this, click on the Save button
  • Close Windows Defender
Once your system has been deemed free from malware, you can re-enable Windows Defender's Real Time Protection.


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rutexllvp...vENpwpr738.html
O2 - BHO: HTML Exploits Prevent - {245463AB-6F21-456A-9EB4-FAB802DB8062} - C:\WINDOWS\System32\nsw15.dll (file missing)
O2 - BHO: trafficninja.biz extension - {266A3562-AB67-480E-9F09-D54604FD817B} - C:\WINDOWS\System32\ninjaext.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Run ComboFix:
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Save the entire report as C:\mbam.txt
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Please post the text from C:\Combofix.txt & C:\mbam.txt as your next reply.
The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5
  • 0

#3
Magneto
Posted 27 June 2008 - 09:29 AM

Magneto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
ComboFix 08-06-20.4 - Owner 2008-06-27 11:14:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2040 [GMT -4:00]
Running from: C:\MyDownloads\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\WINDOWS\system32\ninjaext-uninstall.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 09:04 . 2008-06-27 09:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-27 09:04 . 2008-06-27 09:04 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-27 09:04 . 2008-06-27 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-27 09:03 . 2008-06-27 09:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 04:34 . 2007-11-21 18:12 4,286 --a------ C:\WINDOWS\system32\sentrylite.ico
2008-06-27 04:34 . 2008-06-27 05:07 52 --a------ C:\WINDOWS\system32\suntfs.nfx
2008-06-27 04:33 . 2008-06-27 04:34 10,176 --a------ C:\WINDOWS\system32\spnetrm.nfx
2008-06-27 04:33 . 2008-06-27 04:34 10,176 --a------ C:\WINDOWS\system32\sbnetkey.sys
2008-06-26 20:41 . 2008-06-26 20:41 <DIR> d-------- C:\Deckard
2008-06-26 19:49 . 2008-06-26 19:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-26 05:41 . 2008-06-27 10:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-26 05:41 . 2008-06-26 05:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-26 00:49 . 2004-05-12 07:29 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-26 00:49 . 2004-05-13 01:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-26 00:49 . 2004-05-12 08:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-26 00:49 . 2008-06-26 00:49 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-22 01:02 . 2008-06-22 01:02 <DIR> d-------- C:\Program Files\WinPcap
2008-06-22 00:43 . 2007-01-25 13:31 88,952 --a------ C:\WINDOWS\system32\_packet.dlluninstall
2008-06-21 23:52 . 2008-06-22 00:27 <DIR> d-------- C:\Program Files\MSN Track Monitor
2008-06-21 22:37 . 2008-06-25 05:10 39,424 --a------ C:\WINDOWS\zipinst.exe
2008-06-16 04:22 . 2005-02-12 18:00 186,880 -r-hs---- C:\WINDOWS\system32\RLOgg.ax
2008-06-16 04:22 . 2006-03-10 16:48 169,472 -r-hs---- C:\WINDOWS\system32\MatroskaDX.ax
2008-06-16 04:22 . 2005-11-25 15:46 161,792 -r-hs---- C:\WINDOWS\system32\RealMediaDX.ax
2008-06-16 04:22 . 2005-02-05 18:00 92,672 -r-hs---- C:\WINDOWS\system32\RLVorbisDec.ax
2008-06-16 04:22 . 2005-02-12 18:00 67,584 -r-hs---- C:\WINDOWS\system32\RLTheoraDec.ax
2008-06-16 04:22 . 2003-11-20 18:00 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2008-06-16 04:22 . 2005-02-12 18:00 51,712 -r-hs---- C:\WINDOWS\system32\RLSpeexDec.ax
2008-06-16 04:22 . 2004-04-26 18:00 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2008-06-16 04:22 . 2007-02-21 06:47 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2008-06-16 04:22 . 2007-12-17 08:43 27,648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-06-16 04:21 . 2006-09-12 06:46 227,328 -r-hs---- C:\WINDOWS\system32\ac3DX.ax
2008-06-16 04:21 . 2005-01-17 18:26 179,200 -r-hs---- C:\WINDOWS\system32\DiracSplitter.ax
2008-06-16 04:21 . 2006-08-16 09:53 175,104 -r-hs---- C:\WINDOWS\system32\CoreAAC.ax
2008-06-16 04:21 . 2006-05-03 05:06 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2008-06-16 04:21 . 2006-01-12 18:23 123,904 -r-hs---- C:\WINDOWS\system32\AVCDX.ax
2008-06-16 04:21 . 2005-02-22 11:55 81,920 -r-hs---- C:\WINDOWS\system32\aac_parser.ax
2008-06-16 04:19 . 2008-06-16 04:19 <DIR> d-------- C:\Program Files\eRightSoft
2008-06-13 23:35 . 2008-06-16 03:47 <DIR> d-------- C:\Documents and Settings\Owner\dwhelper
2008-06-12 23:18 . 2008-06-12 23:18 12 --a------ C:\WINDOWS\clocked.ini
2008-06-12 23:14 . 2008-06-27 07:36 <DIR> d-------- C:\Program Files\SmartScan
2008-06-12 23:14 . 2000-05-22 00:00 203,976 --a------ C:\WINDOWS\system32\richtx32.ocx
2008-06-12 23:14 . 2008-06-27 07:36 69 --a------ C:\WINDOWS\RunSC.bat
2008-06-12 01:14 . 2008-06-12 01:14 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-06-12 01:13 . 2008-06-12 01:13 <DIR> d-------- C:\Program Files\DNA
2008-06-12 01:13 . 2008-06-27 11:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-06-11 04:31 . 2008-06-11 04:31 <DIR> d-------- C:\Program Files\ESET
2008-06-11 04:31 . 2008-06-11 04:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-11 04:21 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 04:17 . 2008-06-11 04:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-11 00:58 . 2008-06-11 00:58 <DIR> d-------- C:\Program Files\Ace WINScreen
2008-06-11 00:58 . 2000-09-15 15:51 372,736 --a------ C:\WINDOWS\system32\ijl15.dll
2008-06-11 00:58 . 2005-02-01 18:57 208,896 --a------ C:\WINDOWS\system32\tb.dll
2008-06-11 00:58 . 2004-03-26 12:56 122,880 --a------ C:\WINDOWS\system32\PageSlide.ocx
2008-06-11 00:58 . 2004-03-25 13:52 98,304 --a------ C:\WINDOWS\system32\MainView.ocx
2008-06-11 00:58 . 2004-04-01 10:48 77,824 --a------ C:\WINDOWS\system32\IconTy.ocx
2008-06-11 00:58 . 2005-02-01 21:18 40,960 --a------ C:\WINDOWS\system32\ttb.dll
2008-06-10 23:47 . 2008-06-12 01:06 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-10 23:24 . 2008-06-10 23:41 <DIR> d-------- C:\Program Files\Exterminate It!
2008-06-06 16:43 . 2008-06-06 16:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\mirkes.de
2008-06-06 16:42 . 2008-06-06 16:42 <DIR> d-------- C:\Program Files\mirkes.de
2008-06-06 16:42 . 2008-06-06 16:42 <DIR> d-------- C:\Program Files\Common Files\mirkes.de
2008-06-06 02:04 . 2008-06-06 02:04 <DIR> d-------- C:\Program Files\AVG
2008-06-06 00:06 . 2004-05-12 07:29 <DIR> d-------- C:\Documents and Settings\Rose\WINDOWS
2008-06-06 00:06 . 2004-05-13 01:57 <DIR> d-------- C:\Documents and Settings\Rose\Application Data\Symantec
2008-06-06 00:06 . 2004-05-12 08:05 <DIR> d-------- C:\Documents and Settings\Rose\Application Data\SampleView
2008-06-06 00:06 . 2008-06-25 07:21 <DIR> d-------- C:\Documents and Settings\Rose
2008-06-02 05:15 . 2004-05-12 07:29 <DIR> d-------- C:\Documents and Settings\paul\WINDOWS
2008-06-02 05:15 . 2004-05-13 01:57 <DIR> d-------- C:\Documents and Settings\paul\Application Data\Symantec
2008-06-02 05:15 . 2004-05-12 08:05 <DIR> d-------- C:\Documents and Settings\paul\Application Data\SampleView
2008-06-02 05:15 . 2008-06-11 04:16 <DIR> d-------- C:\Documents and Settings\paul
2008-06-02 02:10 . 2008-06-07 04:41 <DIR> d-------- C:\DPsBase
2008-05-30 18:37 . 2008-06-27 07:09 <DIR> d-------- C:\pebuilder3110a
2008-05-30 15:19 . 2008-06-27 07:04 <DIR> d-------- C:\stools
2008-05-29 02:27 . 2008-05-29 02:27 77 --a------ C:\boot666s.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 14:34 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-27 13:47 5,632 --sha-w C:\Program Files\Thumbs.db
2008-06-27 11:16 --------- d-----w C:\Program Files\WMR11
2008-06-27 11:16 --------- d-----w C:\Program Files\StreamDown
2008-06-27 11:16 --------- d-----w C:\Program Files\SendYourFilesClient
2008-06-27 11:15 --------- d-----w C:\Program Files\Safari
2008-06-27 11:15 --------- d-----w C:\Program Files\ophcrack
2008-06-27 11:15 --------- d-----w C:\Program Files\Opera
2008-06-27 11:14 --------- d-----w C:\Program Files\MP3 WAV Converter
2008-06-27 11:14 --------- d-----w C:\Program Files\Microsoft Works
2008-06-27 11:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-27 11:12 --------- d-----w C:\Program Files\DVDFab Platinum 3
2008-06-27 11:12 --------- d-----w C:\Program Files\DVD Photo Slideshow Professional
2008-06-27 11:12 --------- d-----w C:\Program Files\DiscWizard for Windows
2008-06-27 11:10 --------- d-----w C:\Program Files\Cain
2008-06-27 11:10 --------- d-----w C:\Program Files\AoA DVD Ripper
2008-06-27 11:10 --------- d-----w C:\Program Files\Alt MP3 Bitrate Converter
2008-06-27 11:10 --------- d-----w C:\Program Files\ALLCapture Trial
2008-06-27 11:03 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-06-27 11:03 --------- d-----w C:\Program Files\WinTV
2008-06-27 11:03 --------- d-----w C:\Program Files\Twinz
2008-06-27 11:03 --------- d-----w C:\Program Files\SureThing CD Labeler 5
2008-06-27 11:03 --------- d-----w C:\Program Files\RipIt4Me
2008-06-27 11:03 --------- d-----w C:\Program Files\Personal Antispy
2008-06-27 11:03 --------- d-----w C:\Program Files\PC-Doctor for Windows
2008-06-27 11:02 --------- d-----w C:\Program Files\MP3 Ringtone Maker
2008-06-27 11:02 --------- d-----w C:\Program Files\InterMute
2008-06-27 11:02 --------- d-----w C:\Program Files\HP Instant Support
2008-06-27 11:02 --------- d-----w C:\Program Files\EzPhone Recorder 1.1
2008-06-27 11:01 --------- d-----w C:\Program Files\DVD Decrypter
2008-06-27 11:01 --------- d-----w C:\Program Files\7-Zip
2008-06-27 09:25 --------- d-----w C:\Program Files\Java
2008-06-26 07:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\rtgen_guiclient
2008-06-21 00:02 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-18 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 03:26 0 ----a-w C:\WINDOWS\system32\drivers\lvuvcflt.sys
2008-06-13 03:26 0 ----a-w C:\WINDOWS\system32\drivers\lvpopflt.sys
2008-06-13 03:26 0 ----a-w C:\WINDOWS\system32\drivers\lvckap.sys
2008-06-11 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-06 05:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-06 05:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 04:33 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-23 08:22 --------- d-----w C:\Program Files\ElcomSoft
2008-05-22 05:45 --------- d-----w C:\Program Files\freerainbowtables.com
2008-05-21 15:41 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-21 15:41 --------- d-----w C:\Program Files\MSBuild
2008-05-21 15:32 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-14 12:39 --------- d-----w C:\Program Files\ArcSoft
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 00:50 --------- d-----w C:\Program Files\Common Files\Logitech
2008-05-08 00:50 --------- d-----w C:\Program Files\Acoustica MP3 To Wave Converter PLUS
2008-05-07 12:08 --------- d-----w C:\Program Files\CyberLink DVD Solution
2008-05-07 12:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 11:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\Corel
2008-05-07 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-05-07 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Borland
2008-05-07 10:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-07 09:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-07 07:03 --------- d-----w C:\Program Files\Microsoft Money
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 12:37 --------- d-----w C:\Program Files\WildTangent
2008-04-29 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2007-06-08 15:15 372 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
2007-06-08 13:21 194 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
2007-06-08 13:21 18,432 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2007-01-11 14:03 87,608 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe
2007-01-11 14:03 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2005-07-14 16:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2007-09-20 10:39 88 --sh--r C:\WINDOWS\system32\CCCF87DD11.sys
2005-06-26 19:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 02:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-10-05 03:56 56 --sh--r C:\WINDOWS\system32\E169C505C0.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2004-01-25 04:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-09-20 10:39 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2005-02-28 17:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 04:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{245463AB-6F21-456A-9EB4-FAB802DB8062}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"TransferAgent"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"SoundMan"="SOUNDMAN.EXE" [2004-05-03 14:21 67584 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 16:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"OESYFplugin"="" []
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [ ]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 16:55 155648]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 06:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 06:15 483328]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 16:51 118784]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-16 21:20 398944]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [ ]
"AlcWzrd"="ALCWZRD.EXE" [2004-05-03 16:23 2533888 C:\WINDOWS\ALCWZRD.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-28 04:07 88364 C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-25 22:52 185896]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 15:21 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Anti-keylogger"="C:\Program Files\Anti-keylogger\Anti-keylogger.exe" [ ]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SchedulingAgent"="C:\WINDOWS\System32\mstask.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 19:22:58 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PlexTools Professional.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PlexTools Professional.lnk
backup=C:\WINDOWS\pss\PlexTools Professional.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^FriendFinder Messenger.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\FriendFinder Messenger.lnk
backup=C:\WINDOWS\pss\FriendFinder Messenger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GBPVRTray.exe.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\GBPVRTray.exe.lnk
backup=C:\WINDOWS\pss\GBPVRTray.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=C:\WINDOWS\pss\HP Organize.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=C:\WINDOWS\pss\IMStart.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyAdultExplorer.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyAdultExplorer.lnk
backup=C:\WINDOWS\pss\MyAdultExplorer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-12-22 07:29 67752 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
C:\WINDOWS\System32\cpmrotate.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
--a------ 2006-04-14 23:05 98192 C:\Program Files\mozilla.org\Mozilla\Mozilla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\nbj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
-ra------ 2003-07-07 10:29 729088 C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 12:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\track monitor]
--a------ 2006-03-30 16:21 241664 C:\Program Files\MSN Track Monitor\msntrack.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\KAV\\kis\\setup.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"M:\\Program Files\\Bit Torrent\\bittorrent.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 10:05]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 16:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c3088d2-e852-11db-976c-00112f31b71c}]
\Shell\AutoRun\command - O:\EBSETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64cec8fd-338e-11dd-957f-00112f31b71c}]
\Shell\AutoRun\command - L:\Programs\nu2menu\nu2menu.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 14:34:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 11:19:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????A~??????????????A~l?@?l?@????? ???????????W?D~??A~??????A~K?A~x???????[?A~???????? ??????????????|x???0???????????? st??A~?????????????????4??????T???????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-27 11:21:06
ComboFix-quarantined-files.txt 2008-06-27 15:20:14

Pre-Run: 90,703,527,936 bytes free
Post-Run: 92,309,516,288 bytes free

372 --- E O F --- 2008-06-25 23:56:57


HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:31 AM, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.c...earch.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {245463AB-6F21-456A-9EB4-FAB802DB8062} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Anti-keylogger] C:\Program Files\Anti-keylogger\Anti-keylogger.exe /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\System32\mstask.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GB-PVR Recording Service - - C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Owner/My%20Documents/My%20Pictures/WINDVD%20Capture/Schlong%20Pics/wannatryth3b1g.Snakejackin.1132381230

--
End of file - 12282 bytes
  • 0

#4
Magneto
Posted 27 June 2008 - 09:54 AM

Magneto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Malwarebytes' Anti-Malware 1.18 C:\mbam.txt
Database version: 895

11:36:46 AM 27/06/2008
mbam-log-6-27-2008 (11-36-46).txt

Scan type: Quick Scan
Objects scanned: 48481
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


C:\Combofix.txt Once Again.


ComboFix 08-06-20.4 - Owner 2008-06-27 11:14:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2040 [GMT -4:00]
Running from: C:\MyDownloads\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\WINDOWS\system32\ninjaext-uninstall.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 09:04 . 2008-06-27 09:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-27 09:04 . 2008-06-27 09:04 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-06-27 09:04 . 2008-06-27 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-27 09:03 . 2008-06-27 09:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 04:34 . 2007-11-21 18:12 4,286 --a------ C:\WINDOWS\system32\sentrylite.ico
2008-06-27 04:34 . 2008-06-27 05:07 52 --a------ C:\WINDOWS\system32\suntfs.nfx
2008-06-27 04:33 . 2008-06-27 04:34 10,176 --a------ C:\WINDOWS\system32\spnetrm.nfx
2008-06-27 04:33 . 2008-06-27 04:34 10,176 --a------ C:\WINDOWS\system32\sbnetkey.sys
2008-06-26 20:41 . 2008-06-26 20:41 <DIR> d-------- C:\Deckard
2008-06-26 19:49 . 2008-06-26 19:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-26 05:41 . 2008-06-27 10:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-26 05:41 . 2008-06-26 05:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-26 00:49 . 2004-05-12 07:29 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-26 00:49 . 2004-05-13 01:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-26 00:49 . 2004-05-12 08:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-26 00:49 . 2008-06-26 00:49 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-22 01:02 . 2008-06-22 01:02 <DIR> d-------- C:\Program Files\WinPcap
2008-06-22 00:43 . 2007-01-25 13:31 88,952 --a------ C:\WINDOWS\system32\_packet.dlluninstall
2008-06-21 23:52 . 2008-06-22 00:27 <DIR> d-------- C:\Program Files\MSN Track Monitor
2008-06-21 22:37 . 2008-06-25 05:10 39,424 --a------ C:\WINDOWS\zipinst.exe
2008-06-16 04:22 . 2005-02-12 18:00 186,880 -r-hs---- C:\WINDOWS\system32\RLOgg.ax
2008-06-16 04:22 . 2006-03-10 16:48 169,472 -r-hs---- C:\WINDOWS\system32\MatroskaDX.ax
2008-06-16 04:22 . 2005-11-25 15:46 161,792 -r-hs---- C:\WINDOWS\system32\RealMediaDX.ax
2008-06-16 04:22 . 2005-02-05 18:00 92,672 -r-hs---- C:\WINDOWS\system32\RLVorbisDec.ax
2008-06-16 04:22 . 2005-02-12 18:00 67,584 -r-hs---- C:\WINDOWS\system32\RLTheoraDec.ax
2008-06-16 04:22 . 2003-11-20 18:00 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2008-06-16 04:22 . 2005-02-12 18:00 51,712 -r-hs---- C:\WINDOWS\system32\RLSpeexDec.ax
2008-06-16 04:22 . 2004-04-26 18:00 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2008-06-16 04:22 . 2007-02-21 06:47 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2008-06-16 04:22 . 2007-12-17 08:43 27,648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-06-16 04:21 . 2006-09-12 06:46 227,328 -r-hs---- C:\WINDOWS\system32\ac3DX.ax
2008-06-16 04:21 . 2005-01-17 18:26 179,200 -r-hs---- C:\WINDOWS\system32\DiracSplitter.ax
2008-06-16 04:21 . 2006-08-16 09:53 175,104 -r-hs---- C:\WINDOWS\system32\CoreAAC.ax
2008-06-16 04:21 . 2006-05-03 05:06 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2008-06-16 04:21 . 2006-01-12 18:23 123,904 -r-hs---- C:\WINDOWS\system32\AVCDX.ax
2008-06-16 04:21 . 2005-02-22 11:55 81,920 -r-hs---- C:\WINDOWS\system32\aac_parser.ax
2008-06-16 04:19 . 2008-06-16 04:19 <DIR> d-------- C:\Program Files\eRightSoft
2008-06-13 23:35 . 2008-06-16 03:47 <DIR> d-------- C:\Documents and Settings\Owner\dwhelper
2008-06-12 23:18 . 2008-06-12 23:18 12 --a------ C:\WINDOWS\clocked.ini
2008-06-12 23:14 . 2008-06-27 07:36 <DIR> d-------- C:\Program Files\SmartScan
2008-06-12 23:14 . 2000-05-22 00:00 203,976 --a------ C:\WINDOWS\system32\richtx32.ocx
2008-06-12 23:14 . 2008-06-27 07:36 69 --a------ C:\WINDOWS\RunSC.bat
2008-06-12 01:14 . 2008-06-12 01:14 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-06-12 01:13 . 2008-06-12 01:13 <DIR> d-------- C:\Program Files\DNA
2008-06-12 01:13 . 2008-06-27 11:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-06-11 04:31 . 2008-06-11 04:31 <DIR> d-------- C:\Program Files\ESET
2008-06-11 04:31 . 2008-06-11 04:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-11 04:21 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 04:17 . 2008-06-11 04:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-11 00:58 . 2008-06-11 00:58 <DIR> d-------- C:\Program Files\Ace WINScreen
2008-06-11 00:58 . 2000-09-15 15:51 372,736 --a------ C:\WINDOWS\system32\ijl15.dll
2008-06-11 00:58 . 2005-02-01 18:57 208,896 --a------ C:\WINDOWS\system32\tb.dll
2008-06-11 00:58 . 2004-03-26 12:56 122,880 --a------ C:\WINDOWS\system32\PageSlide.ocx
2008-06-11 00:58 . 2004-03-25 13:52 98,304 --a------ C:\WINDOWS\system32\MainView.ocx
2008-06-11 00:58 . 2004-04-01 10:48 77,824 --a------ C:\WINDOWS\system32\IconTy.ocx
2008-06-11 00:58 . 2005-02-01 21:18 40,960 --a------ C:\WINDOWS\system32\ttb.dll
2008-06-10 23:47 . 2008-06-12 01:06 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-10 23:24 . 2008-06-10 23:41 <DIR> d-------- C:\Program Files\Exterminate It!
2008-06-06 16:43 . 2008-06-06 16:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\mirkes.de
2008-06-06 16:42 . 2008-06-06 16:42 <DIR> d-------- C:\Program Files\mirkes.de
2008-06-06 16:42 . 2008-06-06 16:42 <DIR> d-------- C:\Program Files\Common Files\mirkes.de
2008-06-06 02:04 . 2008-06-06 02:04 <DIR> d-------- C:\Program Files\AVG
2008-06-06 00:06 . 2004-05-12 07:29 <DIR> d-------- C:\Documents and Settings\Rose\WINDOWS
2008-06-06 00:06 . 2004-05-13 01:57 <DIR> d-------- C:\Documents and Settings\Rose\Application Data\Symantec
2008-06-06 00:06 . 2004-05-12 08:05 <DIR> d-------- C:\Documents and Settings\Rose\Application Data\SampleView
2008-06-06 00:06 . 2008-06-25 07:21 <DIR> d-------- C:\Documents and Settings\Rose
2008-06-02 05:15 . 2004-05-12 07:29 <DIR> d-------- C:\Documents and Settings\paul\WINDOWS
2008-06-02 05:15 . 2004-05-13 01:57 <DIR> d-------- C:\Documents and Settings\paul\Application Data\Symantec
2008-06-02 05:15 . 2004-05-12 08:05 <DIR> d-------- C:\Documents and Settings\paul\Application Data\SampleView
2008-06-02 05:15 . 2008-06-11 04:16 <DIR> d-------- C:\Documents and Settings\paul
2008-06-02 02:10 . 2008-06-07 04:41 <DIR> d-------- C:\DPsBase
2008-05-30 18:37 . 2008-06-27 07:09 <DIR> d-------- C:\pebuilder3110a
2008-05-30 15:19 . 2008-06-27 07:04 <DIR> d-------- C:\stools
2008-05-29 02:27 . 2008-05-29 02:27 77 --a------ C:\boot666s.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 14:34 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-06-27 13:47 5,632 --sha-w C:\Program Files\Thumbs.db
2008-06-27 11:16 --------- d-----w C:\Program Files\WMR11
2008-06-27 11:16 --------- d-----w C:\Program Files\StreamDown
2008-06-27 11:16 --------- d-----w C:\Program Files\SendYourFilesClient
2008-06-27 11:15 --------- d-----w C:\Program Files\Safari
2008-06-27 11:15 --------- d-----w C:\Program Files\ophcrack
2008-06-27 11:15 --------- d-----w C:\Program Files\Opera
2008-06-27 11:14 --------- d-----w C:\Program Files\MP3 WAV Converter
2008-06-27 11:14 --------- d-----w C:\Program Files\Microsoft Works
2008-06-27 11:13 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-27 11:12 --------- d-----w C:\Program Files\DVDFab Platinum 3
2008-06-27 11:12 --------- d-----w C:\Program Files\DVD Photo Slideshow Professional
2008-06-27 11:12 --------- d-----w C:\Program Files\DiscWizard for Windows
2008-06-27 11:10 --------- d-----w C:\Program Files\Cain
2008-06-27 11:10 --------- d-----w C:\Program Files\AoA DVD Ripper
2008-06-27 11:10 --------- d-----w C:\Program Files\Alt MP3 Bitrate Converter
2008-06-27 11:10 --------- d-----w C:\Program Files\ALLCapture Trial
2008-06-27 11:03 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-06-27 11:03 --------- d-----w C:\Program Files\WinTV
2008-06-27 11:03 --------- d-----w C:\Program Files\Twinz
2008-06-27 11:03 --------- d-----w C:\Program Files\SureThing CD Labeler 5
2008-06-27 11:03 --------- d-----w C:\Program Files\RipIt4Me
2008-06-27 11:03 --------- d-----w C:\Program Files\Personal Antispy
2008-06-27 11:03 --------- d-----w C:\Program Files\PC-Doctor for Windows
2008-06-27 11:02 --------- d-----w C:\Program Files\MP3 Ringtone Maker
2008-06-27 11:02 --------- d-----w C:\Program Files\InterMute
2008-06-27 11:02 --------- d-----w C:\Program Files\HP Instant Support
2008-06-27 11:02 --------- d-----w C:\Program Files\EzPhone Recorder 1.1
2008-06-27 11:01 --------- d-----w C:\Program Files\DVD Decrypter
2008-06-27 11:01 --------- d-----w C:\Program Files\7-Zip
2008-06-27 09:25 --------- d-----w C:\Program Files\Java
2008-06-26 07:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\rtgen_guiclient
2008-06-21 00:02 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-18 00:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 03:26 0 ----a-w C:\WINDOWS\system32\drivers\lvuvcflt.sys
2008-06-13 03:26 0 ----a-w C:\WINDOWS\system32\drivers\lvpopflt.sys
2008-06-13 03:26 0 ----a-w C:\WINDOWS\system32\drivers\lvckap.sys
2008-06-11 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-06 05:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-06 05:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 04:33 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-23 08:22 --------- d-----w C:\Program Files\ElcomSoft
2008-05-22 05:45 --------- d-----w C:\Program Files\freerainbowtables.com
2008-05-21 15:41 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-21 15:41 --------- d-----w C:\Program Files\MSBuild
2008-05-21 15:32 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-14 12:39 --------- d-----w C:\Program Files\ArcSoft
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 00:50 --------- d-----w C:\Program Files\Common Files\Logitech
2008-05-08 00:50 --------- d-----w C:\Program Files\Acoustica MP3 To Wave Converter PLUS
2008-05-07 12:08 --------- d-----w C:\Program Files\CyberLink DVD Solution
2008-05-07 12:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 11:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\Corel
2008-05-07 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-05-07 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Borland
2008-05-07 10:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-07 09:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-07 07:03 --------- d-----w C:\Program Files\Microsoft Money
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 12:37 --------- d-----w C:\Program Files\WildTangent
2008-04-29 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2007-06-08 15:15 372 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
2007-06-08 13:21 194 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
2007-06-08 13:21 18,432 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2007-01-11 14:03 87,608 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe
2007-01-11 14:03 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2005-07-14 16:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2007-09-20 10:39 88 --sh--r C:\WINDOWS\system32\CCCF87DD11.sys
2005-06-26 19:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 02:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-10-05 03:56 56 --sh--r C:\WINDOWS\system32\E169C505C0.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2004-01-25 04:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-09-20 10:39 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2005-02-28 17:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 04:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{245463AB-6F21-456A-9EB4-FAB802DB8062}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"TransferAgent"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"SoundMan"="SOUNDMAN.EXE" [2004-05-03 14:21 67584 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 16:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"OESYFplugin"="" []
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [ ]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 16:55 155648]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 06:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 06:15 483328]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 16:51 118784]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-16 21:20 398944]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [ ]
"AlcWzrd"="ALCWZRD.EXE" [2004-05-03 16:23 2533888 C:\WINDOWS\ALCWZRD.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-28 04:07 88364 C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-25 22:52 185896]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 15:21 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Anti-keylogger"="C:\Program Files\Anti-keylogger\Anti-keylogger.exe" [ ]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SchedulingAgent"="C:\WINDOWS\System32\mstask.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2004-06-16 19:22:58 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PlexTools Professional.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PlexTools Professional.lnk
backup=C:\WINDOWS\pss\PlexTools Professional.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^FriendFinder Messenger.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\FriendFinder Messenger.lnk
backup=C:\WINDOWS\pss\FriendFinder Messenger.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GBPVRTray.exe.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\GBPVRTray.exe.lnk
backup=C:\WINDOWS\pss\GBPVRTray.exe.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=C:\WINDOWS\pss\HP Organize.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=C:\WINDOWS\pss\IMStart.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyAdultExplorer.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyAdultExplorer.lnk
backup=C:\WINDOWS\pss\MyAdultExplorer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-12-22 07:29 67752 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
C:\WINDOWS\System32\cpmrotate.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
--a------ 2006-04-14 23:05 98192 C:\Program Files\mozilla.org\Mozilla\Mozilla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\nbj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
-ra------ 2003-07-07 10:29 729088 C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 12:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2004-04-14 14:46 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\track monitor]
--a------ 2006-03-30 16:21 241664 C:\Program Files\MSN Track Monitor\msntrack.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\KAV\\kis\\setup.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"M:\\Program Files\\Bit Torrent\\bittorrent.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 10:05]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 16:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c3088d2-e852-11db-976c-00112f31b71c}]
\Shell\AutoRun\command - O:\EBSETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64cec8fd-338e-11dd-957f-00112f31b71c}]
\Shell\AutoRun\command - L:\Programs\nu2menu\nu2menu.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 14:34:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 11:19:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????A~??????????????A~l?@?l?@????? ???????????W?D~??A~??????A~K?A~x???????[?A~???????? ??????????????|x???0???????????? st??A~?????????????????4??????T???????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-27 11:21:06
ComboFix-quarantined-files.txt 2008-06-27 15:20:14

Pre-Run: 90,703,527,936 bytes free
Post-Run: 92,309,516,288 bytes free

372 --- E O F --- 2008-06-25 23:56:57


Thanks so much for your guidance and assistance Sage 5

I was perplexed as to how no antispyware detected Sentry Lite parental monitoring. I tried NOD 32,Spycop and Hijackthis. I removed it through it's normal installation/uninstall directions. I'm wondering if this triple-combo threat would kick it to th e curb LOL.

Can you please try to link me of success rates as of late for detecting Eblaster by Spectorsoft and WebWatcher by awareness technologies? Thank you for any and all information/advice :)
  • 0

#5
Magneto
Posted 27 June 2008 - 10:49 AM

Magneto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Oh BTW, I almost forgot to submit my SuperAnti-spyware proffesional log.I had some trojans in the beginning.these have been identified and removed..I hope! :) lol.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/27/2008 at 10:06 AM

Application Version : 4.15.1000

Core Rules Database Version : 3492
Trace Rules Database Version: 1483

Scan type : Complete Scan
Total Scan Time : 00:57:55

Memory items scanned : 474
Memory threats detected : 0
Registry items scanned : 8453
Registry threats detected : 43
File items scanned : 45757
File threats detected : 42

Trojan.TrafficNinjaBiz
HKLM\Software\Classes\CLSID\{266A3562-AB67-480E-9F09-D54604FD817B}
HKCR\CLSID\{266A3562-AB67-480E-9F09-D54604FD817B}
HKCR\CLSID\{266A3562-AB67-480E-9F09-D54604FD817B}
HKCR\CLSID\{266A3562-AB67-480E-9F09-D54604FD817B}#AppID
HKCR\CLSID\{266A3562-AB67-480E-9F09-D54604FD817B}\InprocServer32
HKCR\CLSID\{266A3562-AB67-480E-9F09-D54604FD817B}\InprocServer32#ThreadingModel
HKCR\CLSID\{266A3562-AB67-480E-9F09-D54604FD817B}\ProgID
HKCR\CLSID\{266A3562-AB67-480E-9F09-D54604FD817B}\Programmable
HKCR\CLSID\{266A3562-AB67-480E-9F09-D54604FD817B}\TypeLib
HKCR\CLSID\{266A3562-AB67-480E-9F09-D54604FD817B}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\NINJAEXT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{266A3562-AB67-480E-9F09-D54604FD817B}

Browser Hijacker.Internet Explorer Zone Hijack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#http
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#http
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#http
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@windowsmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adcentriconline[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@accounts[2].txt

Trojan.Downloader-Gen/NX
HKCR\CLSID\{245463AB-6F21-456A-9EB4-FAB802DB8062}
HKCR\CLSID\{245463AB-6F21-456A-9EB4-FAB802DB8062}\InprocServer32
HKCR\CLSID\{245463AB-6F21-456A-9EB4-FAB802DB8062}\InprocServer32#ThreadingModel
HKCR\CLSID\{245463AB-6F21-456A-9EB4-FAB802DB8062}\ProgID
HKCR\CLSID\{245463AB-6F21-456A-9EB4-FAB802DB8062}\Programmable
HKCR\CLSID\{245463AB-6F21-456A-9EB4-FAB802DB8062}\TypeLib
HKCR\CLSID\{245463AB-6F21-456A-9EB4-FAB802DB8062}\VersionIndependentProgID

Adware.Mirar/NetNucleus
C:\WINDOWS\Downloaded Program Files\WinATS.inf

Adware.AdRotator
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdRotator
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdRotator#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdRotator#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdRotator#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdRotator#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdRotator#DisplayVersion

Adware.UpMedia/SearchTool
HKCR\fis.amo.1
HKCR\fis.amo.1\CLSID
HKCR\fis.momo.1
HKCR\fis.momo.1\CLSID
HKCR\fis.ohb.1
HKCR\fis.ohb.1\CLSID
HKU\S-1-5-21-3427252914-3228000137-3595544837-1003\Software\UpMedia
HKU\S-1-5-21-3427252914-3228000137-3595544837-1003\Software\UptownInstaller

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\DPNHUPNPQ.DLL


Thanks once again
  • 0

#6
sage5
Posted 28 June 2008 - 01:46 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Magneto,

My apologies, I didn't need you to post the ComboFix log twice, that was an oversight on my behalf.

Create a CombFix Script:
  • Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
  • Now copy/paste the entire content of the codebox below into the Notepad window:
File::
C:\WINDOWS\System32\cpmrotate.dll
C:\WINDOWS\system32\sentrylite.ico
C:\WINDOWS\system32\suntfs.nfx
C:\WINDOWS\system32\spnetrm.nfx
C:\WINDOWS\system32\sbnetkey.sys

Folder::
C:\Documents and Settings\Owner\Application Data\BitTorrent
C:\Program Files\DNA
C:\Documents and Settings\Owner\Application Data\DNA

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{245463AB-6F21-456A-9EB4-FAB802DB8062}]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{245463AB-6F21-456A-9EB4-FAB802DB8062}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=-
"TransferAgent"=-
"OESYFplugin"=-
"LGODDFU"=-
"InCD"=-
"AutoTBar"=-
"Anti-keylogger"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\DNA\\btdna.exe"=-
"M:\\Program Files\\Bit Torrent\\bittorrent.exe"=
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c3088d2-e852-11db-976c-00112f31b71c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64cec8fd-338e-11dd-957f-00112f31b71c}]

  • Save the above as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
    Posted Image
  • After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
sage5
Posted 27 July 2008 - 03:14 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP