Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please check my log


  • This topic is locked This topic is locked
20 replies to this topic

#1 muzz66

muzz66

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 28 February 2009 - 06:04 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:31 PM, on 3/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Shane Murray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shane Murray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Shane Murray\My Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {a057a204-bacc-4d26-9990-79a187e2698e} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS4\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CS5\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7361 bytes

BC AdBot (Login to Remove)

 


#2 muzz66

muzz66
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 28 February 2009 - 06:06 PM

Footnote:
Windows firewall turns of on start up.
Thanx in advance guys

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 11 March 2009 - 02:21 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Download and Run DDS
If you already have a copy of DDS, there is no need to download a new one.

DDS is a tool that gives us a general overview of the condition of your machine.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please post back with:
-the DDS logs
-the F-Secure scan log

Please give me an update on the symptoms. Also tell me of any changes you have made to this computer.

With Regards,
The Panda

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:19 AM

Posted 11 March 2009 - 02:21 PM

Sorry, Panda got here as I was posting, so I will bow out.

Edited by Hoov, 11 March 2009 - 02:22 PM.

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 11 March 2009 - 03:19 PM

No problem Hoov.

#6 muzz66

muzz66
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 13 March 2009 - 04:57 PM

DDS (Ver_09-02-01.01) - NTFSx86 NETWORK
Run by Shane Murray at 1:54:03.96 on Sun 03/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.618 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Shane Murray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shane Murray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shane Murray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shane Murray\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = google.com.au
uInternet Settings,ProxyOverride = *.local
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} -
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Creative MediaSource Go] c:\program files\creative\mediasource\go\CTCMSGo.exe /SCB
mRun: [CTSysVol] c:\program files\creative\sbaudigy ls\surround mixer\CTSysVol.exe /r
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shanem~1\applic~1\mozilla\firefox\profiles\eooakux9.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\shane murray\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-23 107272]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-8 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-8 1095560]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2007-10-26 4224]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-8 130424]
S1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-23 325128]
S1 avgmfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-10-17 27656]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
S1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-23 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-23 298264]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2007-12-26 515803]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2007-12-26 10986]

=============== Created Last 30 ================

2009-03-08 01:38 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-08 01:38 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-08 01:38 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-08 01:38 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-08 01:38 <DIR> --d----- c:\program files\common files\PC Tools
2009-03-08 01:38 <DIR> --d----- c:\program files\Spyware Doctor
2009-03-08 01:38 <DIR> --d----- c:\docume~1\shanem~1\applic~1\PC Tools
2009-03-08 01:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-03-07 08:23 15,840 a------- c:\windows\system32\drivers\PfModNT.sys
2009-03-04 06:13 <DIR> --d----- C:\VundoFix Backups
2009-02-28 05:23 <DIR> --d----- c:\program files\SpywareBlaster
2009-02-26 06:51 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-21 22:29 <DIR> --d----- c:\program files\HDQuality
2009-02-21 22:29 308 ---shr-- C:\autorun.inf
2009-02-21 09:03 290,816 a------- c:\windows\system32\decdll.dll
2009-02-21 09:02 327,680 a------- c:\windows\system32\dvdauthor.ocx
2009-02-21 09:02 233,472 a------- c:\windows\system32\viscomdvdimg.dll
2009-02-21 09:02 152,848 a------- c:\windows\system32\COMDLG32.OCX
2009-02-21 09:02 141,312 a------- c:\windows\system32\MSCMCFR.DLL
2009-02-21 09:02 119,568 a------- c:\windows\system32\VB6FR.DLL
2009-02-21 09:02 115,920 a------- c:\windows\system32\msinet.OCX
2009-02-21 09:02 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-02-21 09:02 15,360 a------- c:\windows\system32\inetfr.DLL
2009-02-21 09:02 401 a------- c:\windows\system32\dvdauthor.lic
2009-02-21 09:02 32,768 a------- c:\windows\system32\CMDLGFR.DLL
2009-02-21 09:02 <DIR> --d----- c:\program files\Videos To DVD
2009-02-21 00:04 0 a------- c:\windows\iPlayer.INI
2009-02-21 00:02 <DIR> --d----- c:\program files\InterActual

==================== Find3M ====================

2009-02-22 05:54 4,182 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-14 23:29 138,624 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-02-14 23:29 202,352 a------- c:\windows\system32\PnkBstrB.exe
2009-01-31 03:46 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-31 03:46 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-31 03:46 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-21 03:12 43,698 a------- c:\windows\system32\xvid-uninstall.exe
2008-12-31 17:04 691,560 a------- c:\windows\system32\OGACheckControl.dll
2008-12-31 17:04 528,744 a------- c:\windows\system32\OGAVerify.exe
2008-12-31 17:04 502,120 a------- c:\windows\system32\OGAAddin.dll
2008-12-20 15:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-06-07 13:17 0 a------- c:\program files\uninstall.dat
2008-05-16 07:06 22,328 a------- c:\docume~1\shanem~1\applic~1\PnkBstrK.sys
2007-11-08 21:54 88 ---shr-- c:\windows\system32\04E31F291D.sys
2008-08-17 18:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081720080818\index.dat

============= FINISH: 1:54:53.17 ===============

Attached Files



#7 muzz66

muzz66
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 13 March 2009 - 06:03 PM

Scanning Report
Saturday, March 14, 2009 08:06:14 - 08:49:47

Computer name: MAIN
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 4 malware found
Packed.Win32.Tdss (virus)

* System

Packed.Win32.Tdss.c (virus)

* C:\RECYCLER\S-7-2-48-100031798-100010489-100003950-4575.COM
* C:\DOCUMENTS AND SETTINGS\SHANE MURRAY\LOCAL SETTINGS\TEMP\BOOTMATRIX.EXE

Trojan:W32/Agent (virus)

* System

Statistics
Scanned:

* Files: 37723
* System: 4053
* Not scanned: 10

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 4
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\PROGRAM FILES\ADOBE\PHOTOSHOP ALBUM STARTER EDITION\3.2\APPS\PDF2IMG.DLL
* C:\DOCUMENTS AND SETTINGS\SHANE MURRAY\MY DOCUMENTS\DOWNLOADS\AA282FULLINSTALLER_BITTORRENT.EXE
* C:\DOCUMENTS AND SETTINGS\SHANE MURRAY\MY DOCUMENTS\DOWNLOADS\AA28FULLINSTALLER_GENERIC.EXE

Options
Scanning engines:

* F-Secure USS: 3.0.0
* F-Secure Blacklight: 0.0.0
* F-Secure Hydra: 3.6.8511, 2009-03-13
* F-Secure Pegasus: 1.20.0, 1970-00-01
* F-Secure AVP: 7.0.171, 2009-03-13

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 13 March 2009 - 06:51 PM

Hello.

There are signs of a rookit infection.

Posted ImageBackdoor Threat
I'm sorry to say that your computer is infected with one or more backdoor trojans.

This means that sensitive information could have been stolen. I would advise to change any passwords for any accounts that you have accessed with the infected computer using a clean computer ASAP. If you have used this computer for banking, I would strongly suggest that you report the possible stolen information. Please do not use the computer for any further transactions, or to enter any other information, if at all possible, until it is declared clean.

You may want to read this article on how to handle identity theft.
You may also want to read this article regarding preventing of identity theft.

This computer can still be cleaned, however, I cannot guarantee that it will be 100% safe even after disinfection.

Please read When Should I Format, How Should I Reinstall.

I will proceed assuming you wish to disinfect. If you want to do a reinstall, reply back saying so.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.


Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
With Regards,
The Panda

Edited by PropagandaPanda, 13 March 2009 - 06:53 PM.


#9 muzz66

muzz66
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 14 March 2009 - 12:54 AM

I am unable to run combo fix as I get a error message each time I try to run it.I think it might be best if I do a reinstall and just be rid of the prob.I do a lot of online banking so it is prob the best solution.Thanx again for your help it is VERY much appreciated. Thank You once again for your input and time.

GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-14 15:33:30
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF8531506]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF8520240]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF8520432]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF8531CC8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF8531F88]
SSDT sptd.sys ZwEnumerateKey [0xF85F0FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF85F1340]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF85303EC]
SSDT sptd.sys ZwQueryKey [0xF85F1418]
SSDT sptd.sys ZwQueryValueKey [0xF85F1298]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF85323EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF85317B8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF851FEF0]

Code 82606960 ZwFlushInstructionCache
Code 826081BE IofCallDriver
Code 82DFEBC6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 826081C3
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 82DFEBCB
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 82606964
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F6C2D8AC 5 Bytes JMP 8309A770
? System32\Drivers\adty27ro.SYS The system cannot find the path specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F860206C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8602018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F86249AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F860206C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F85EBAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F85EBC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F85EBB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F85EC748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F85EC61E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F860129A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 833641E8
Device \FileSystem\Fastfat \FatCdrom 82660790
Device \FileSystem\Udfs \UdfsCdRom 8262A790
Device \FileSystem\Udfs \UdfsDisk 8262A790

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{068CAF65-C196-4CDE-814B-438069D08712} 82E2D330
Device \Driver\usbuhci \Device\USBPDO-0 8308F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{71CEBDED-BF93-40EC-A55B-CF5813E25E51} 82E2D330
Device \Driver\usbuhci \Device\USBPDO-1 8308F1E8
Device \Driver\usbuhci \Device\USBPDO-2 8308F1E8
Device \Driver\usbuhci \Device\USBPDO-3 8308F1E8
Device \Driver\usbehci \Device\USBPDO-4 8305E1E8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 833D61E8
Device \Driver\Cdrom \Device\CdRom0 830A1790
Device \Driver\Cdrom \Device\CdRom1 830A1790
Device \Driver\Cdrom \Device\CdRom2 830A1790
Device \Driver\NetBT \Device\NetBt_Wins_Export 82E2D330
Device \Driver\NetBT \Device\NetbiosSmb 82E2D330
Device \Driver\PCI_NTPNP5678 \Device\0000004d sptd.sys
Device \Driver\PCI_NTPNP5678 \Device\0000004d sptd.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8308F1E8
Device \Driver\usbuhci \Device\USBFDO-1 8308F1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82616790
Device \Driver\usbuhci \Device\USBFDO-2 8308F1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82616790
Device \Driver\usbuhci \Device\USBFDO-3 8308F1E8
Device \Driver\usbehci \Device\USBFDO-4 8305E1E8
Device \Driver\Ftdisk \Device\FtControl 833D61E8
Device \Driver\usbstor \Device\0000008a 826EE1E8
Device \Driver\adty27ro \Device\Scsi\adty27ro1 830191E8
Device \Driver\adty27ro \Device\Scsi\adty27ro1Port5Path0Target0Lun0 830191E8
Device \Driver\usbstor \Device\0000008d 826EE1E8
Device \FileSystem\Fastfat \Fat 82660790

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8266D790
Device \FileSystem\Cdfs \Cdfs BA66DBCE

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\gaopdxjeddwrmw.sys (*** hidden *** ) F4888000-F48A0000 (98304 bytes)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gaopdxjeddwrmw.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0F 0x6E 0x55 0xFB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x22 0xD9 0x65 0x6E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x11 0x55 0xD5 0x86 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0F 0x6E 0x55 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x22 0xD9 0x65 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x11 0x55 0xD5 0x86 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0F 0x6E 0x55 0xFB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x22 0xD9 0x65 0x6E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x11 0x55 0xD5 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxjeddwrmw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxjeddwrmw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxowkyaquv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0F 0x6E 0x55 0xFB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x22 0xD9 0x65 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x11 0x55 0xD5 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Current State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log Type 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Collection Name System Overview
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Collection Name Indirect @C:\WINDOWS\System32\smlogcfg.dll,-731
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Counter List \Processor(_Total)\% Processor Time?\Memory\Pages/sec?\PhysicalDisk(_Total)\Avg. Disk Queue Length?
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Comment This sample log provides an overview of system performance.
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Comment Indirect @C:\WINDOWS\System32\smlogcfg.dll,-735
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@RealTime DataSource 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log File Max Size -1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Data Store Attributes 33
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log File Base Name System_Overview
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log File Base Name Indirect @C:\WINDOWS\System32\smlogcfg.dll,-744
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Sql Log Base Name SQL:!System Overview
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log File Serial Number 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log File Auto Format -1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log File Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@ExecuteOnly 1
Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset005\Control\DeviceClasses\{a5dcbf10-6530-11d2-901f-00c04fb951ed}\##?#USB#Vid_04fc&Pid_5331#01.00.0
Reg HKLM\SYSTEM\controlset005\Control\DeviceClasses\{a5dcbf10-6530-11d2-901f-00c04fb951ed}\##?#USB#Vid_04fc&Pid_5331#01.00.0@DeviceInstance USB\Vid_04fc&Pid_5331\01.00.00
Reg HKLM\SYSTEM\controlset005\Control\DeviceClasses\{a5dcbf10-6530-11d2-901f-00c04fb951ed}\##?#USB#Vid_04fc&Pid_5331#01.00.0\#
Reg HKLM\SYSTEM\controlset005\Control\DeviceClasses\{a5dcbf10-6530-11d2-901f-00c04fb951ed}\##?#USB#Vid_04fc&Pid_5331#01.00.0\#@SymbolicLink \\?\USB#Vid_04fc&Pid_5331#01.00.00#{a5dcbf10-6530-11d2-901f-00c04fb951ed}
Reg HKLM\SYSTEM\controlset005\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\controlset005\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\controlset005\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\controlset005\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxjeddwrmw.sys
Reg HKLM\SYSTEM\controlset005\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\controlset005\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\controlset005\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxjeddwrmw.sys
Reg HKLM\SYSTEM\controlset005\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxowkyaquv.dll
Reg HKLM\SYSTEM\controlset005\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0F 0x6E 0x55 0xFB ...
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x22 0xD9 0x65 0x6E ...
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\controlset005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x11 0x55 0xD5 0x86 ...
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Current State 0
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log Type 0
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Collection Name System Overview
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Collection Name Indirect @C:\WINDOWS\System32\smlogcfg.dll,-731
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Counter List \Processor(_Total)\% Processor Time?\Memory\Pages/sec?\PhysicalDisk(_Total)\Avg. Disk Queue Length?
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Comment This sample log provides an overview of system performance.
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Comment Indirect @C:\WINDOWS\System32\smlogcfg.dll,-735
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@RealTime DataSource 1
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log File Max Size -1
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Data Store Attributes 33
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log File Base Name System_Overview
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log File Base Name Indirect @C:\WINDOWS\System32\smlogcfg.dll,-744
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Sql Log Base Name SQL:!System Overview
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log File Serial Number 1
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log File Auto Format -1
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@Log File Type 2
Reg HKLM\SYSTEM\controlset005\Services\SysmonLog\Log Queries\{7f866baf-b4e3-435f-b1e7-49f1c372f1b9}@ExecuteOnly 1
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@NV Hostname main
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@DataBasePath %SystemRoot%\System32\drivers\etc
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@NameServer
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@ForwardBroadcasts 0
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@IPEnableRouter 0
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@Domain
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@Hostname main
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@SearchList qld.bigpond.net.au
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@UseDomainNameDevolution 1
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@EnableICMPRedirect 1
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@DeadGWDetectDefault 1
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@DontAddDefaultGatewayDefault 0
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@EnableSecurityFilters 0
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@TcpWindowSize 256960
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@DefaultTTL 64
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@EnablePMTUBHDetect 0
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@EnablePMTUDiscovery 1
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@Tcp1323Opts 1
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@MaxDupAcks 3
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@SackOpts 1
Reg HKLM\SYSTEM\controlset005\Services\Tcpip\Parameters@DhcpNameServer 10.1.1.1
Reg HKLM\SOFTWARE\Classes\CLSID\{1E78DD38-3E25-44F9-8430-34A03DA0D11E}\LocalServer32@ C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
Reg HKLM\SOFTWARE\Classes\CLSID\{1E78DD38-3E25-44F9-8430-34A03DA0D11E}\ProgID@ MPAPI.WAPCONNServerMP.4
Reg HKLM\SOFTWARE\Classes\CLSID\{1E78DD38-3E25-44F9-8430-34A03DA0D11E}\VersionIndependentProgID@ MPAPI.WAPCONNServerMP
Reg HKLM\SOFTWARE\Classes\CLSID\{1FF84C3B-1140-4eb6-BE38-4BE618D2E7D6}\InprocServer32@ %SystemRoot%\system32\eapa3hst.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{1FF84C3B-1140-4eb6-BE38-4BE618D2E7D6}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\LocalServer32@ "C:\Program Files\Nokia\Nokia PC Suite 6\ConnectionManager.exe"
Reg HKLM\SOFTWARE\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\ProgID@ ConnectionManager2.CM2App.1
Reg HKLM\SOFTWARE\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\TypeLib@ {07958A64-4537-4D5A-A640-4447BD918636}
Reg HKLM\SOFTWARE\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\VersionIndependentProgID@ ConnectionManager2.CM2App
Reg HKLM\SOFTWARE\Classes\CLSID\{32AB1AC8-1E1D-4F7E-96FB-700B8C6AB2E3}\LocalServer32@ C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
Reg HKLM\SOFTWARE\Classes\CLSID\{32AB1AC8-1E1D-4F7E-96FB-700B8C6AB2E3}\ProgID@ MPAPI.VoiceServerMP.4
Reg HKLM\SOFTWARE\Classes\CLSID\{32AB1AC8-1E1D-4F7E-96FB-700B8C6AB2E3}\VersionIndependentProgID@ MPAPI.VoiceServerMP
Reg HKLM\SOFTWARE\Classes\CLSID\{5871702C-E262-4608-B299-1DEA085AAF34}\LocalServer32@ C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
Reg HKLM\SOFTWARE\Classes\CLSID\{5871702C-E262-4608-B299-1DEA085AAF34}\ProgID@ PhoneControl.PhoneControl.1
Reg HKLM\SOFTWARE\Classes\CLSID\{5871702C-E262-4608-B299-1DEA085AAF34}\TypeLib@ {A3D53D14-51CC-476C-8ABB-1D0DF44D3C8A}
Reg HKLM\SOFTWARE\Classes\CLSID\{5871702C-E262-4608-B299-1DEA085AAF34}\VersionIndependentProgID@ PhoneControl.PhoneControl
Reg HKLM\SOFTWARE\Classes\CLSID\{8AE883D6-9EAD-455a-B37D-EF0B77F00C58}\LocalServer32@ C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
Reg HKLM\SOFTWARE\Classes\CLSID\{8AE883D6-9EAD-455a-B37D-EF0B77F00C58}\ProgID@ PhoneControl2.PhoneControl2.1
Reg HKLM\SOFTWARE\Classes\CLSID\{8AE883D6-9EAD-455a-B37D-EF0B77F00C58}\TypeLib@ {A3D53D14-51CC-476C-8ABB-1D0DF44D3C8A}
Reg HKLM\SOFTWARE\Classes\CLSID\{8AE883D6-9EAD-455a-B37D-EF0B77F00C58}\VersionIndependentProgID@ PhoneControl2.PhoneControl2
Reg HKLM\SOFTWARE\Classes\CLSID\{9EC674CD-6DDA-4973-865A-B0CB47E880B0}\LocalServer32@ C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
Reg HKLM\SOFTWARE\Classes\CLSID\{9EC674CD-6DDA-4973-865A-B0CB47E880B0}\ProgID@ DataLayer.DataLayer.1
Reg HKLM\SOFTWARE\Classes\CLSID\{9EC674CD-6DDA-4973-865A-B0CB47E880B0}\TypeLib@ {14FEE42C-10D7-4FF5-BF54-EB8A977A2E99}
Reg HKLM\SOFTWARE\Classes\CLSID\{9EC674CD-6DDA-4973-865A-B0CB47E880B0}\VersionIndependentProgID@ DataLayer.DataLayer
Reg HKLM\SOFTWARE\Classes\CLSID\{B0E28D63-52F6-4e30-992B-78ECF97268E9}\InprocServer32@ %SystemRoot%\system32\eapa3hst.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{B0E28D63-52F6-4e30-992B-78ECF97268E9}\InprocServer32@ThreadingModel Free

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\gaopdxcounter 4 bytes
File C:\WINDOWS\system32\drivers\gaopdxjeddwrmw.sys 84480 bytes executable <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 14 March 2009 - 09:03 AM

Hello.

I would definately consider a reinstall. GMER detected a nasty rookit.

Posted ImageBackdoor Threat
I'm sorry to say that your computer is infected with one or more backdoor trojans.

This means that sensitive information could have been stolen. I would advise to change any passwords for any accounts that you have accessed with the infected computer using a clean computer ASAP. If you have used this computer for banking, I would strongly suggest that you report the possible stolen information. Please do not use the computer for any further transactions, or to enter any other information, if at all possible, until it is declared clean.

You may want to read this article on how to handle identity theft.
You may also want to read this article regarding preventing of identity theft.

This computer can still be cleaned, however, I cannot guarantee that it will be 100% safe even after disinfection.

Please read When Should I Format, How Should I Reinstall.

I will proceed assuming you wish to disinfect. If you want to do a reinstall, reply back saying so.

If you wish to continue, delete your current copy of ComboFix. Download it again. In the Save As box, save it as ComboFix123.exe.

With Regards,
The Panda

#11 muzz66

muzz66
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 14 March 2009 - 05:06 PM

ComboFix 09-03-13.02 - Shane Murray 2009-03-15 7:40:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.221 [GMT 10:00]
Running from: c:\documents and settings\Shane Murray\Desktop\ComboFix123.exe.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\ozatulus.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gaopdxjeddwrmw.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxowkyaquv.dll
c:\windows\system32\UACpjbdmwvk.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 )))))))))))))))))))))))))))))))
.

2009-03-14 07:54 . 2009-03-14 07:54 <DIR> d-------- C:\fsaua.data
2009-03-12 20:09 . 2009-03-12 20:09 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Ahead
2009-03-12 19:06 . 2009-03-12 19:10 <DIR> d-------- c:\documents and settings\Shane Murray\Application Data\Ahead
2009-03-12 19:03 . 2009-03-12 19:03 <DIR> d-------- c:\program files\Nero
2009-03-12 19:03 . 2009-03-12 19:09 <DIR> d-------- c:\program files\Common Files\Ahead
2009-03-11 21:59 . 2009-03-12 20:00 1,908 --a------ c:\windows\diagwrn.xml
2009-03-11 21:59 . 2009-03-12 20:00 1,908 --a------ c:\windows\diagerr.xml
2009-03-08 21:23 . 2009-03-08 21:58 <DIR> d-------- C:\my dvd
2009-03-08 21:22 . 2009-03-08 22:03 <DIR> d-------- c:\program files\Easy Avi Divx Xvid to DVD Burner
2009-03-08 21:22 . 2009-03-08 21:22 67 --a------ c:\windows\Easy Avi Divx Xvid to DVD Burner.INI
2009-03-08 19:38 . 2009-03-08 20:53 <DIR> d-------- c:\program files\Spyware Doctor
2009-03-08 19:38 . 2009-03-08 19:38 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-08 19:38 . 2009-03-08 19:38 <DIR> d-------- c:\documents and settings\Shane Murray\Application Data\PC Tools
2009-03-08 19:38 . 2009-03-08 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-03-08 19:38 . 2008-12-12 02:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-08 19:38 . 2009-02-24 04:11 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-08 19:38 . 2008-12-19 06:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-08 19:38 . 2008-12-11 05:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-08 02:23 . 2003-03-06 06:19 15,840 --a------ c:\windows\system32\drivers\PfModNT.sys
2009-03-05 01:19 . 2009-03-05 01:19 <DIR> d-------- c:\documents and settings\Administrator.MAIN
2009-03-05 00:13 . 2009-03-05 00:13 <DIR> d-------- C:\VundoFix Backups
2009-02-28 23:23 . 2009-02-28 23:26 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-28 23:23 . 2009-03-14 07:52 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-27 00:51 . 2009-02-27 00:51 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 16:29 . 2009-02-22 16:29 <DIR> d-------- c:\program files\HDQuality
2009-02-22 03:03 . 2009-01-23 08:28 290,816 --a------ c:\windows\system32\decdll.dll
2009-02-22 03:02 . 2009-03-09 18:49 <DIR> d-------- c:\program files\Videos To DVD
2009-02-22 03:02 . 2009-01-24 14:21 327,680 --a------ c:\windows\system32\dvdauthor.ocx
2009-02-22 03:02 . 2009-01-24 14:20 233,472 --a------ c:\windows\system32\viscomdvdimg.dll
2009-02-22 03:02 . 2009-01-24 14:08 152,848 --a------ c:\windows\system32\COMDLG32.OCX
2009-02-22 03:02 . 2009-01-24 14:08 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2009-02-22 03:02 . 2009-01-24 14:08 119,568 --a------ c:\windows\system32\VB6FR.DLL
2009-02-22 03:02 . 2009-01-24 14:08 115,920 --a------ c:\windows\system32\msinet.OCX
2009-02-22 03:02 . 2009-01-24 14:08 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-02-22 03:02 . 2009-01-24 14:08 32,768 --a------ c:\windows\system32\CMDLGFR.DLL
2009-02-22 03:02 . 2009-01-24 14:08 15,360 --a------ c:\windows\system32\inetfr.DLL
2009-02-22 03:02 . 2009-01-24 14:21 401 --a------ c:\windows\system32\dvdauthor.lic
2009-02-21 18:04 . 2009-02-21 18:04 0 --a------ c:\windows\iPlayer.INI
2009-02-21 18:02 . 2009-02-21 18:02 <DIR> d-------- c:\program files\InterActual

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 21:29 --------- d-----w c:\documents and settings\Shane Murray\Application Data\MailWasherPro
2009-03-12 09:39 --------- d-----w c:\documents and settings\Shane Murray\Application Data\uTorrent
2009-03-11 00:18 4,182 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-11 00:18 --------- d-----w c:\documents and settings\Lauren Tait\Application Data\Corel
2009-03-07 16:26 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 04:33 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-02 04:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-02 04:11 --------- d-----w c:\program files\RPM
2009-02-27 15:45 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-26 14:51 --------- d-----w c:\program files\Java
2009-02-22 13:23 --------- d-----w c:\program files\Nokia
2009-02-22 13:23 --------- d-----w c:\program files\Common Files\PCSuite
2009-02-22 13:23 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-02-22 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-22 12:51 --------- d-----w c:\program files\America's Army Deploy Client
2009-02-22 12:51 --------- d-----w c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2009-02-22 01:04 --------- d-----w c:\program files\Burn4Free Toolbar
2009-02-19 06:18 --------- d-----w c:\program files\Safari
2009-02-15 10:31 --------- d-----w c:\program files\America's Army
2009-02-15 07:29 202,352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-15 07:29 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-15 04:07 --------- d-----w c:\documents and settings\Shane Murray\Application Data\Corel
2009-02-06 17:11 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-31 11:46 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-31 11:46 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-31 11:46 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-31 11:46 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-29 07:06 --------- d-----w c:\documents and settings\Lauren Tait\Application Data\AVGTOOLBAR
2009-01-27 16:44 --------- d-----w c:\documents and settings\Shane Murray\Application Data\AVGTOOLBAR
2009-01-27 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-01-24 13:36 --------- d-----w c:\program files\STOPzilla!
2009-01-24 13:16 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-23 11:32 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2009-01-23 10:53 --------- d-----w c:\program files\AVG
2009-01-22 10:56 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-22 10:56 --------- d-----w c:\documents and settings\Shane Murray\Application Data\SUPERAntiSpyware.com
2009-01-22 10:36 --------- d-----w c:\program files\Common Files\iS3
2009-01-21 12:24 --------- d-----w c:\program files\Common Files\AVSMedia
2009-01-21 12:00 --------- d-----w c:\documents and settings\Shane Murray\Application Data\AVS4YOU
2009-01-21 12:00 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-21 11:13 --------- d-----w c:\program files\Xvid
2009-01-21 11:12 43,698 ----a-w c:\windows\system32\xvid-uninstall.exe
2009-01-21 11:12 --------- d-----w c:\program files\Gabest
2009-01-21 11:12 --------- d-----w c:\program files\AviSynth 2.5
2009-01-16 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-15 08:35 --------- d-----w c:\program files\Bonjour
2009-01-15 08:34 --------- d-----w c:\program files\iTunes
2009-01-15 08:34 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 08:33 --------- d-----w c:\program files\iPod
2009-01-15 08:33 --------- d-----w c:\program files\Common Files\Apple
2009-01-15 08:32 --------- d-----w c:\program files\QuickTime
2009-01-01 01:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2009-01-01 01:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2009-01-01 01:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-07 21:17 0 ----a-w c:\program files\uninstall.dat
2008-05-16 15:06 22,328 ----a-w c:\documents and settings\Shane Murray\Application Data\PnkBstrK.sys
2007-11-09 05:54 88 --sh--r c:\windows\system32\04E31F291D.sys
2008-08-18 02:40 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081720080818\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\GO\CTCMSGo.exe" [2003-02-21 126976]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe" [2003-05-03 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-23 05:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 21:46 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 5\\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DataViz Messenger.lnk
backup=c:\windows\pss\DataViz Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Shane Murray^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Shane Murray\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nHancer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2008-04-10 03:00 826880 c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-11 10:53 133104 c:\documents and settings\Shane Murray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-21 07:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 10:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-07-04 05:32 81920 c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-27 00:53 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"\\\\SECOND\\AMERICA'S ARMY\\System\\ArmyOps.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsGui.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-08 130424]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-23 325128]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-23 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-16 8944]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-16 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-23 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-23 298264]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2007-10-27 4224]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2007-12-27 515803]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-16 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-08 348752]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2007-12-27 10986]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-03-14 c:\windows\Tasks\A2FE616F919A1E17.job
- c:\docume~1\moniqu~1\applic~1\idlefi~1\Htm Store Vga.exe []

2009-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-31 05:34]

2009-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-562591055-839522115-1004.job
- c:\documents and settings\Shane Murray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-11 10:53]

2008-09-14 c:\windows\Tasks\LifeChatTask.job
- c:\program files\Microsoft LifeChat\LifeChat.exe [2008-08-22 04:16]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = google.com.au
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Shane Murray\Application Data\Mozilla\Firefox\Profiles\eooakux9.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\Shane Murray\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 07:44:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1343024091-562591055-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:06,6e,a3,5a,bc,c0,11,24,0e,e4,24,9c,c6,18,66,e0,d8,ae,eb,df,22,
a7,0d,06,88,8d,fe,c5,02,c2,40,61,de,1e,4f,ac,64,b8,5c,12,17,a4,f2,18,2e,49,\
"rkeysecu"=hex:47,f6,f4,46,21,0c,09,49,90,92,38,b7,95,da,9d,0b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E78DD38-3E25-44F9-8430-34A03DA0D11E}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\Nokia\\MPAPI\\MPAPI3s.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E78DD38-3E25-44F9-8430-34A03DA0D11E}\ProgID]
@DACL=(02 0000)
@="MPAPI.WAPCONNServerMP.4"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E78DD38-3E25-44F9-8430-34A03DA0D11E}\VersionIndependentProgID]
@DACL=(02 0000)
@="MPAPI.WAPCONNServerMP"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1FF84C3B-1140-4eb6-BE38-4BE618D2E7D6}\InprocServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\system32\\eapa3hst.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\LocalServer32]
@DACL=(02 0000)
@="\"c:\\Program Files\\Nokia\\Nokia PC Suite 6\\ConnectionManager.exe\""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\ProgID]
@DACL=(02 0000)
@="ConnectionManager2.CM2App.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\TypeLib]
@DACL=(02 0000)
@="{07958A64-4537-4D5A-A640-4447BD918636}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\VersionIndependentProgID]
@DACL=(02 0000)
@="ConnectionManager2.CM2App"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{32AB1AC8-1E1D-4F7E-96FB-700B8C6AB2E3}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\Nokia\\MPAPI\\MPAPI3s.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{32AB1AC8-1E1D-4F7E-96FB-700B8C6AB2E3}\ProgID]
@DACL=(02 0000)
@="MPAPI.VoiceServerMP.4"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{32AB1AC8-1E1D-4F7E-96FB-700B8C6AB2E3}\VersionIndependentProgID]
@DACL=(02 0000)
@="MPAPI.VoiceServerMP"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5871702C-E262-4608-B299-1DEA085AAF34}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5871702C-E262-4608-B299-1DEA085AAF34}\ProgID]
@DACL=(02 0000)
@="PhoneControl.PhoneControl.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5871702C-E262-4608-B299-1DEA085AAF34}\TypeLib]
@DACL=(02 0000)
@="{A3D53D14-51CC-476C-8ABB-1D0DF44D3C8A}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5871702C-E262-4608-B299-1DEA085AAF34}\VersionIndependentProgID]
@DACL=(02 0000)
@="PhoneControl.PhoneControl"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8AE883D6-9EAD-455a-B37D-EF0B77F00C58}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8AE883D6-9EAD-455a-B37D-EF0B77F00C58}\ProgID]
@DACL=(02 0000)
@="PhoneControl2.PhoneControl2.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8AE883D6-9EAD-455a-B37D-EF0B77F00C58}\TypeLib]
@DACL=(02 0000)
@="{A3D53D14-51CC-476C-8ABB-1D0DF44D3C8A}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8AE883D6-9EAD-455a-B37D-EF0B77F00C58}\VersionIndependentProgID]
@DACL=(02 0000)
@="PhoneControl2.PhoneControl2"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9EC674CD-6DDA-4973-865A-B0CB47E880B0}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9EC674CD-6DDA-4973-865A-B0CB47E880B0}\ProgID]
@DACL=(02 0000)
@="DataLayer.DataLayer.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9EC674CD-6DDA-4973-865A-B0CB47E880B0}\TypeLib]
@DACL=(02 0000)
@="{14FEE42C-10D7-4FF5-BF54-EB8A977A2E99}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9EC674CD-6DDA-4973-865A-B0CB47E880B0}\VersionIndependentProgID]
@DACL=(02 0000)
@="DataLayer.DataLayer"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B0E28D63-52F6-4e30-992B-78ECF97268E9}\InprocServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\system32\\eapa3hst.dll"
"ThreadingModel"="Free"

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\usg\#Hewlett-Packard#HP Photosmart D5300 series#1205597398\SixMonthWindow]
@DACL=(02 0000)
"Log000Date"="1205601458;03/15/2008 10:17:38"
"Log000"="2."
"Count"="3"
"LastTime"="1206924620;03/30/2008 17:50:20"
"LastTotal"="4."
"Log001Date"="1206208045;03/22/2008 10:47:25"
"Log001"="2."
"Log002Date"="1206813403;03/29/2008 10:56:43"
"Log002"="4."

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{13A7995E-7D8F-45B4-9C77-819265225763}]
@DACL=(02 0000)
"Priority"=dword:00000001
"AutoInsert"=dword:00000001
"Name"="WMPlayer Spectrum Analyzer DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{95037DA1-6ED9-4B27-8CFF-9AD3DFB0B2F2}]
@DACL=(02 0000)
"Priority"=dword:fffffffb
"AutoInsert"=dword:00000001
"Name"="WMPlayer SRSWow DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{974BF3BF-C9AE-4476-8003-5FE544DF458C}]
@DACL=(02 0000)
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Video Processing DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{B2DBA270-9F49-4513-AC13-76496D6EBA3A}]
@DACL=(02 0000)
"Priority"=dword:00000002
"AutoInsert"=dword:00000000
"Name"="Speaker Enhancement DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D01BC8E2-70AD-4976-9612-21B37ED5C8E8}]
@DACL=(02 0000)
"Priority"=dword:00000003
"AutoInsert"=dword:00000001
"Name"="WMPlayer Equalizer DMO"

[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@videoegg.com/Publisher,version=1.5\MimeTypes]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@videoegg.com/Publisher,version=1.5\Suffixes]
@DACL=(02 0000)
"videoegg_none"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-15 7:46:48
ComboFix-quarantined-files.txt 2009-03-14 21:46:45

Pre-Run: 5,323,264,000 bytes free
Post-Run: 6,205,300,736 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
381

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 15 March 2009 - 09:15 AM

Hello.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    http://www.bleepingcomputer.com/forums/t/207291/please-check-my-log/
    
    Suspect::[59]
    c:\windows\system32\OGACheckControl.dll
    c:\windows\system32\OGAVerify.exe
    c:\windows\system32\OGAAddin.dll
    
    File::
    c:\windows\Tasks\A2FE616F919A1E17.job
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

At the end of its run ComboFix will attempt to upload some files. Please make sure you are connected to the Internet before clicking "OK". Kindly remind me in you next reply that samples were uploaded.

Download and Run Lop S&D
You can find a detailed instructions with visuals here:
http://eric.71.mespages.googlepages.com/lop.sd.en
  • Disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please download Lop S&D by Eric_71 to your desktop, if you have not already or you lost your copy.
  • Double click LopSD.exe to run it. If you are using Windows Vista, right-click on LopSD.exe icon and select Run as administrator.
  • Choose the language by typing of the corresponding letter and pressing Enter.
  • Click OK at the prompt.
  • At this point, close all windows.
  • Type 1 followed by Enter to selection option "1 - Search".
  • When the scan is finished, a report (C:\lopR.txt) will be generated, post the contents of it in your next reply.

With Regards,
The Panda

#13 muzz66

muzz66
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 15 March 2009 - 07:45 PM

ComboFix 09-03-15.01 - Shane Murray 2009-03-16 10:00:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.155 [GMT 10:00]
Running from: c:\documents and settings\Shane Murray\Desktop\ComboFix123.exe.exe
Command switches used :: c:\documents and settings\Shane Murray\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\Tasks\A2FE616F919A1E17.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\A2FE616F919A1E17.job
E:\Autorun.inf
e:\recycler\S-7-2-48-100031798-100010489-100003950-4575.com

.
((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-14 07:54 . 2009-03-14 07:54 <DIR> d-------- C:\fsaua.data
2009-03-12 20:09 . 2009-03-12 20:09 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Ahead
2009-03-12 19:06 . 2009-03-12 19:10 <DIR> d-------- c:\documents and settings\Shane Murray\Application Data\Ahead
2009-03-12 19:03 . 2009-03-12 19:03 <DIR> d-------- c:\program files\Nero
2009-03-12 19:03 . 2009-03-12 19:09 <DIR> d-------- c:\program files\Common Files\Ahead
2009-03-11 21:59 . 2009-03-12 20:00 1,908 --a------ c:\windows\diagwrn.xml
2009-03-11 21:59 . 2009-03-12 20:00 1,908 --a------ c:\windows\diagerr.xml
2009-03-08 21:23 . 2009-03-08 21:58 <DIR> d-------- C:\my dvd
2009-03-08 21:22 . 2009-03-08 22:03 <DIR> d-------- c:\program files\Easy Avi Divx Xvid to DVD Burner
2009-03-08 21:22 . 2009-03-08 21:22 67 --a------ c:\windows\Easy Avi Divx Xvid to DVD Burner.INI
2009-03-08 19:38 . 2009-03-08 20:53 <DIR> d-------- c:\program files\Spyware Doctor
2009-03-08 19:38 . 2009-03-08 19:38 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-08 19:38 . 2009-03-08 19:38 <DIR> d-------- c:\documents and settings\Shane Murray\Application Data\PC Tools
2009-03-08 19:38 . 2009-03-08 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-03-08 19:38 . 2008-12-12 02:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-08 19:38 . 2009-02-24 04:11 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-08 19:38 . 2008-12-19 06:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-08 19:38 . 2008-12-11 05:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-08 02:23 . 2003-03-06 06:19 15,840 --a------ c:\windows\system32\drivers\PfModNT.sys
2009-03-05 01:19 . 2009-03-05 01:19 <DIR> d-------- c:\documents and settings\Administrator.MAIN
2009-03-05 00:13 . 2009-03-05 00:13 <DIR> d-------- C:\VundoFix Backups
2009-02-28 23:23 . 2009-02-28 23:26 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-28 23:23 . 2009-03-14 07:52 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-27 00:51 . 2009-02-27 00:51 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 16:29 . 2009-02-22 16:29 <DIR> d-------- c:\program files\HDQuality
2009-02-22 03:03 . 2009-01-23 08:28 290,816 --a------ c:\windows\system32\decdll.dll
2009-02-22 03:02 . 2009-03-09 18:49 <DIR> d-------- c:\program files\Videos To DVD
2009-02-22 03:02 . 2009-01-24 14:21 327,680 --a------ c:\windows\system32\dvdauthor.ocx
2009-02-22 03:02 . 2009-01-24 14:20 233,472 --a------ c:\windows\system32\viscomdvdimg.dll
2009-02-22 03:02 . 2009-01-24 14:08 152,848 --a------ c:\windows\system32\COMDLG32.OCX
2009-02-22 03:02 . 2009-01-24 14:08 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2009-02-22 03:02 . 2009-01-24 14:08 119,568 --a------ c:\windows\system32\VB6FR.DLL
2009-02-22 03:02 . 2009-01-24 14:08 115,920 --a------ c:\windows\system32\msinet.OCX
2009-02-22 03:02 . 2009-01-24 14:08 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-02-22 03:02 . 2009-01-24 14:08 32,768 --a------ c:\windows\system32\CMDLGFR.DLL
2009-02-22 03:02 . 2009-01-24 14:08 15,360 --a------ c:\windows\system32\inetfr.DLL
2009-02-22 03:02 . 2009-01-24 14:21 401 --a------ c:\windows\system32\dvdauthor.lic
2009-02-21 18:04 . 2009-02-21 18:04 0 --a------ c:\windows\iPlayer.INI
2009-02-21 18:02 . 2009-02-21 18:02 <DIR> d-------- c:\program files\InterActual

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 23:51 --------- d-----w c:\documents and settings\Shane Murray\Application Data\MailWasherPro
2009-03-15 06:44 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-12 09:39 --------- d-----w c:\documents and settings\Shane Murray\Application Data\uTorrent
2009-03-11 00:18 4,182 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-11 00:18 --------- d-----w c:\documents and settings\Lauren Tait\Application Data\Corel
2009-03-07 16:26 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 04:33 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-02 04:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-02 04:11 --------- d-----w c:\program files\RPM
2009-02-27 15:45 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-26 14:51 --------- d-----w c:\program files\Java
2009-02-22 13:23 --------- d-----w c:\program files\Nokia
2009-02-22 13:23 --------- d-----w c:\program files\Common Files\PCSuite
2009-02-22 13:23 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-02-22 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-22 12:51 --------- d-----w c:\program files\America's Army Deploy Client
2009-02-22 12:51 --------- d-----w c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2009-02-22 01:04 --------- d-----w c:\program files\Burn4Free Toolbar
2009-02-19 06:18 --------- d-----w c:\program files\Safari
2009-02-15 10:31 --------- d-----w c:\program files\America's Army
2009-02-15 07:29 202,352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-15 07:29 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-15 04:07 --------- d-----w c:\documents and settings\Shane Murray\Application Data\Corel
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:11 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-31 11:46 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-31 11:46 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-31 11:46 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-31 11:46 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-29 07:06 --------- d-----w c:\documents and settings\Lauren Tait\Application Data\AVGTOOLBAR
2009-01-27 16:44 --------- d-----w c:\documents and settings\Shane Murray\Application Data\AVGTOOLBAR
2009-01-27 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-01-24 13:36 --------- d-----w c:\program files\STOPzilla!
2009-01-24 13:16 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-23 11:32 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2009-01-23 10:53 --------- d-----w c:\program files\AVG
2009-01-22 10:56 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-22 10:56 --------- d-----w c:\documents and settings\Shane Murray\Application Data\SUPERAntiSpyware.com
2009-01-22 10:36 --------- d-----w c:\program files\Common Files\iS3
2009-01-21 12:24 --------- d-----w c:\program files\Common Files\AVSMedia
2009-01-21 12:00 --------- d-----w c:\documents and settings\Shane Murray\Application Data\AVS4YOU
2009-01-21 12:00 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-21 11:13 --------- d-----w c:\program files\Xvid
2009-01-21 11:12 43,698 ----a-w c:\windows\system32\xvid-uninstall.exe
2009-01-21 11:12 --------- d-----w c:\program files\Gabest
2009-01-21 11:12 --------- d-----w c:\program files\AviSynth 2.5
2009-01-16 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-15 08:35 --------- d-----w c:\program files\Bonjour
2009-01-15 08:34 --------- d-----w c:\program files\iTunes
2009-01-15 08:34 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 08:33 --------- d-----w c:\program files\iPod
2009-01-15 08:33 --------- d-----w c:\program files\Common Files\Apple
2009-01-15 08:32 --------- d-----w c:\program files\QuickTime
2009-01-01 01:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2009-01-01 01:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2009-01-01 01:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-07 21:17 0 ----a-w c:\program files\uninstall.dat
2008-05-16 15:06 22,328 ----a-w c:\documents and settings\Shane Murray\Application Data\PnkBstrK.sys
2007-11-09 05:54 88 --sh--r c:\windows\system32\04E31F291D.sys
2008-08-18 02:40 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081720080818\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-15_ 7.45.30.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-12 02:32:54 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-03-15 04:06:41 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2009-02-12 02:32:54 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-03-15 04:06:41 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-02-12 02:32:54 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-03-15 04:06:42 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-02-12 02:32:54 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-03-15 04:06:41 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-02-12 02:32:54 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-03-15 04:06:42 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2009-02-12 02:32:54 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-03-15 04:06:42 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-02-12 02:32:54 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-03-15 04:06:42 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-02-12 02:32:54 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-03-15 04:06:42 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-02-12 02:32:54 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-03-15 04:06:41 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-02-12 02:32:54 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-03-15 04:06:41 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-02-12 02:32:54 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-03-15 04:06:42 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-02-12 02:32:54 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-03-15 04:06:41 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2009-02-12 02:32:54 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-03-15 04:06:41 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-05 06:54:55 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
+ 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 12:12:56 1,846,400 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 -c----w c:\windows\system32\dllcache\win32k.sys
- 2007-06-12 06:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 08:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2009-02-05 14:29:45 217,656 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-15 06:44:39 217,656 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll
- 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2007-08-11 03:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-26 23:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2007-06-12 06:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 08:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\GO\CTCMSGo.exe" [2003-02-21 126976]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"CTSysVol"="c:\program files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe" [2003-05-03 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-23 05:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 21:46 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 5\\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DataViz Messenger.lnk
backup=c:\windows\pss\DataViz Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Shane Murray^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Shane Murray\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2008-04-10 03:00 826880 c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-11 10:53 133104 c:\documents and settings\Shane Murray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-21 07:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 10:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-07-04 05:32 81920 c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-27 00:53 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"\\\\SECOND\\AMERICA'S ARMY\\System\\ArmyOps.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsGui.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-08 130424]
R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-23 325128]
R1 avgtdix;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-23 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-16 8944]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-16 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-23 298264]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2007-10-27 4224]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-23 903960]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2007-12-27 515803]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-16 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-08 348752]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2007-12-27 10986]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-31 05:34]

2009-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-562591055-839522115-1004.job
- c:\documents and settings\Shane Murray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-11 10:53]

2008-09-14 c:\windows\Tasks\LifeChatTask.job
- c:\program files\Microsoft LifeChat\LifeChat.exe [2008-08-22 04:16]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com.au
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Shane Murray\Application Data\Mozilla\Firefox\Profiles\eooakux9.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\Shane Murray\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 10:03:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1343024091-562591055-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:06,6e,a3,5a,bc,c0,11,24,0e,e4,24,9c,c6,18,66,e0,d8,ae,eb,df,22,
a7,0d,06,88,8d,fe,c5,02,c2,40,61,de,1e,4f,ac,64,b8,5c,12,17,a4,f2,18,2e,49,\
"rkeysecu"=hex:47,f6,f4,46,21,0c,09,49,90,92,38,b7,95,da,9d,0b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E78DD38-3E25-44F9-8430-34A03DA0D11E}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\Nokia\\MPAPI\\MPAPI3s.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E78DD38-3E25-44F9-8430-34A03DA0D11E}\ProgID]
@DACL=(02 0000)
@="MPAPI.WAPCONNServerMP.4"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1E78DD38-3E25-44F9-8430-34A03DA0D11E}\VersionIndependentProgID]
@DACL=(02 0000)
@="MPAPI.WAPCONNServerMP"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1FF84C3B-1140-4eb6-BE38-4BE618D2E7D6}\InprocServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\system32\\eapa3hst.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\LocalServer32]
@DACL=(02 0000)
@="\"c:\\Program Files\\Nokia\\Nokia PC Suite 6\\ConnectionManager.exe\""

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\ProgID]
@DACL=(02 0000)
@="ConnectionManager2.CM2App.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\TypeLib]
@DACL=(02 0000)
@="{07958A64-4537-4D5A-A640-4447BD918636}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\VersionIndependentProgID]
@DACL=(02 0000)
@="ConnectionManager2.CM2App"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{32AB1AC8-1E1D-4F7E-96FB-700B8C6AB2E3}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\Nokia\\MPAPI\\MPAPI3s.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{32AB1AC8-1E1D-4F7E-96FB-700B8C6AB2E3}\ProgID]
@DACL=(02 0000)
@="MPAPI.VoiceServerMP.4"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{32AB1AC8-1E1D-4F7E-96FB-700B8C6AB2E3}\VersionIndependentProgID]
@DACL=(02 0000)
@="MPAPI.VoiceServerMP"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5871702C-E262-4608-B299-1DEA085AAF34}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5871702C-E262-4608-B299-1DEA085AAF34}\ProgID]
@DACL=(02 0000)
@="PhoneControl.PhoneControl.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5871702C-E262-4608-B299-1DEA085AAF34}\TypeLib]
@DACL=(02 0000)
@="{A3D53D14-51CC-476C-8ABB-1D0DF44D3C8A}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5871702C-E262-4608-B299-1DEA085AAF34}\VersionIndependentProgID]
@DACL=(02 0000)
@="PhoneControl.PhoneControl"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8AE883D6-9EAD-455a-B37D-EF0B77F00C58}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8AE883D6-9EAD-455a-B37D-EF0B77F00C58}\ProgID]
@DACL=(02 0000)
@="PhoneControl2.PhoneControl2.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8AE883D6-9EAD-455a-B37D-EF0B77F00C58}\TypeLib]
@DACL=(02 0000)
@="{A3D53D14-51CC-476C-8ABB-1D0DF44D3C8A}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8AE883D6-9EAD-455a-B37D-EF0B77F00C58}\VersionIndependentProgID]
@DACL=(02 0000)
@="PhoneControl2.PhoneControl2"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9EC674CD-6DDA-4973-865A-B0CB47E880B0}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9EC674CD-6DDA-4973-865A-B0CB47E880B0}\ProgID]
@DACL=(02 0000)
@="DataLayer.DataLayer.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9EC674CD-6DDA-4973-865A-B0CB47E880B0}\TypeLib]
@DACL=(02 0000)
@="{14FEE42C-10D7-4FF5-BF54-EB8A977A2E99}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9EC674CD-6DDA-4973-865A-B0CB47E880B0}\VersionIndependentProgID]
@DACL=(02 0000)
@="DataLayer.DataLayer"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B0E28D63-52F6-4e30-992B-78ECF97268E9}\InprocServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\system32\\eapa3hst.dll"
"ThreadingModel"="Free"

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\usg\#Hewlett-Packard#HP Photosmart D5300 series#1205597398\SixMonthWindow]
@DACL=(02 0000)
"Log000Date"="1205601458;03/15/2008 10:17:38"
"Log000"="2."
"Count"="3"
"LastTime"="1206924620;03/30/2008 17:50:20"
"LastTotal"="4."
"Log001Date"="1206208045;03/22/2008 10:47:25"
"Log001"="2."
"Log002Date"="1206813403;03/29/2008 10:56:43"
"Log002"="4."

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{13A7995E-7D8F-45B4-9C77-819265225763}]
@DACL=(02 0000)
"Priority"=dword:00000001
"AutoInsert"=dword:00000001
"Name"="WMPlayer Spectrum Analyzer DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{95037DA1-6ED9-4B27-8CFF-9AD3DFB0B2F2}]
@DACL=(02 0000)
"Priority"=dword:fffffffb
"AutoInsert"=dword:00000001
"Name"="WMPlayer SRSWow DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{974BF3BF-C9AE-4476-8003-5FE544DF458C}]
@DACL=(02 0000)
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Video Processing DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{B2DBA270-9F49-4513-AC13-76496D6EBA3A}]
@DACL=(02 0000)
"Priority"=dword:00000002
"AutoInsert"=dword:00000000
"Name"="Speaker Enhancement DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D01BC8E2-70AD-4976-9612-21B37ED5C8E8}]
@DACL=(02 0000)
"Priority"=dword:00000003
"AutoInsert"=dword:00000001
"Name"="WMPlayer Equalizer DMO"

[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@videoegg.com/Publisher,version=1.5\MimeTypes]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@videoegg.com/Publisher,version=1.5\Suffixes]
@DACL=(02 0000)
"videoegg_none"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-16 10:05:08
ComboFix-quarantined-files.txt 2009-03-16 00:05:05
ComboFix2.txt 2009-03-14 21:46:50

Pre-Run: 6,365,765,632 bytes free
Post-Run: 6,363,398,144 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
417 --- E O F --- 2009-03-15 04:06:45

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 16 March 2009 - 08:25 AM

Hello.

Please proceed to running Lop S&D per my previous post when ready.

With Regards,
The Panda

#15 muzz66

muzz66
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 20 March 2009 - 04:50 PM

sorry for the delay been away with work,

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )
BIOS : BIOS Date: 12/26/05 19:45:54 Ver: 08.00.12
USER : Shane Murray ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:5 Go)
D:\ (CD or DVD)
F:\ (CD or DVD) - UDF - Total:2 Go (Free:0 Go)
G:\ (USB) - FAT - Total:982 Mo (Free:0 Go)
H:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sat 03/21/2009| 7:33 )

--------------------\\ Listing folders in APPLIC~1

[10/19/2007|12:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[10/19/2007|12:51] C:\DOCUME~1\ADMINI~1.MAI\APPLIC~1\<DIR> Microsoft

[01/15/2009|06:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[08/16/2008|06:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[02/22/2009|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> America's Army Deploy Client
[11/11/2007|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/11/2007|01:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[01/31/2009|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[01/21/2009|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU
[11/10/2007|01:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[02/22/2009|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Downloaded Installations
[01/16/2009|03:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Electronic Arts
[03/15/2008|03:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[03/15/2008|03:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[03/15/2008|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP Product Assistant
[03/15/2008|03:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HPSSUPPLY
[11/19/2007|07:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Iso sign frag chic
[10/07/2008|03:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[10/19/2007|12:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[02/22/2009|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[02/22/2009|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[11/13/2007|01:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSScanAppDataDir
[05/12/2008|07:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nHancer
[02/22/2008|04:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NVIDIA
[02/07/2009|03:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[08/30/2008|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Suite
[03/08/2009|07:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Tools
[01/23/2009|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SITEguard
[03/02/2009|02:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[01/28/2009|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> STOPzilla!
[01/24/2009|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[03/14/2009|07:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[03/15/2008|03:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WEBREG
[10/18/2007|03:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[10/13/2008|03:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WindowsLiveInstaller
[08/14/2008|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[10/19/2007|12:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[03/16/2008|02:19] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> Adobe
[11/11/2007|01:49] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> Apple Computer
[01/29/2009|05:06] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> AVGTOOLBAR
[03/11/2009|10:18] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> Corel
[11/07/2007|12:27] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> Creative
[05/01/2008|12:50] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> HPAppData
[10/19/2007|02:08] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> Identities
[12/16/2008|04:14] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> LimeWire
[10/24/2007|11:40] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> Macromedia
[11/09/2007|12:26] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> MailWasherPro
[04/21/2008|08:06] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> Microsoft
[10/24/2007|11:36] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> Mozilla
[08/30/2008|01:10] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> PC Suite
[12/03/2007|07:33] C:\DOCUME~1\LAUREN~1\APPLIC~1\<DIR> Sun

[03/12/2009|08:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Ahead
[10/18/2007|03:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft


[10/18/2007|03:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[01/24/2008|03:06] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Adobe
[03/12/2009|07:10] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Ahead
[08/10/2008|02:58] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Apple Computer
[08/23/2008|09:39] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Arcsoft
[01/28/2009|02:44] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> AVGTOOLBAR
[01/21/2009|10:00] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> AVS4YOU
[02/15/2009|02:07] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Corel
[10/18/2007|01:57] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Creative
[10/21/2007|02:27] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Help
[03/18/2008|04:36] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> HP
[03/19/2008|06:30] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> HPAppData
[10/18/2007|03:33] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Identities
[10/19/2007|01:10] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> idlefindmeet
[08/23/2008|09:54] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Leadertech
[10/07/2008|03:40] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> LimeWire
[10/18/2007|04:03] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Macromedia
[03/20/2009|08:12] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> MailWasherPro
[03/21/2008|06:21] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Microsoft
[10/19/2007|12:23] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Mozilla
[08/30/2008|07:42] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> PC Suite
[03/08/2009|07:38] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> PC Tools
[08/31/2008|04:10] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> SecuROM
[09/01/2008|05:43] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> SPORE Creature Creator
[10/20/2007|02:37] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Sun
[01/22/2009|08:56] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/21/2007|01:40] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> SystemRequirementsLab
[10/27/2007|02:29] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> teamspeak2
[03/12/2009|07:39] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> uTorrent
[11/08/2007|04:51] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> WinRAR
[12/23/2007|02:58] C:\DOCUME~1\SHANEM~1\APPLIC~1\<DIR> Xfire

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/20/2009 09:17 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-562591055-839522115-1004.job
[09/14/2008 01:34 PM][--a------] C:\WINDOWS\tasks\LifeChatTask.job
[03/18/2009 09:56 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[03/21/2009 07:30 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/29/2002 10:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ MsgPlus SPONSOR INSTALLED !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"DisplayName"="Messenger Plus! 3 & Sponsor"
"SponsorInstalled"=dword:00000001


--------------------\\ Listing Folders in C:\Program Files

[08/16/2008|06:29] C:\Program Files\<DIR> Adobe
[10/19/2007|01:10] C:\Program Files\<DIR> Adverts
[06/11/2008|07:27] C:\Program Files\<DIR> Alcohol Soft
[06/11/2008|07:40] C:\Program Files\<DIR> Alcohol Toolbar
[02/15/2009|08:31] C:\Program Files\<DIR> America's Army
[02/22/2009|10:51] C:\Program Files\<DIR> America's Army Deploy Client
[08/10/2008|02:28] C:\Program Files\<DIR> Apple Software Update
[01/23/2009|08:53] C:\Program Files\<DIR> AVG
[01/21/2009|09:12] C:\Program Files\<DIR> AviSynth 2.5
[01/15/2009|06:35] C:\Program Files\<DIR> Bonjour
[02/22/2009|11:04] C:\Program Files\<DIR> Burn4Free Toolbar
[03/16/2009|10:02] C:\Program Files\<DIR> Common Files
[10/18/2007|03:25] C:\Program Files\<DIR> ComPlus Applications
[11/09/2007|03:54] C:\Program Files\<DIR> Corel
[09/07/2008|06:32] C:\Program Files\<DIR> Creative
[08/30/2008|06:22] C:\Program Files\<DIR> DIFX
[09/13/2008|10:44] C:\Program Files\<DIR> Documents To Go
[06/11/2008|07:41] C:\Program Files\<DIR> dvd43
[09/03/2008|03:06] C:\Program Files\<DIR> EA GAMES
[03/08/2009|10:03] C:\Program Files\<DIR> Easy Avi Divx Xvid to DVD Burner
[08/31/2008|03:25] C:\Program Files\<DIR> Electronic Arts
[11/12/2007|01:59] C:\Program Files\<DIR> FireTrust
[01/21/2009|09:12] C:\Program Files\<DIR> Gabest
[01/31/2008|03:07] C:\Program Files\<DIR> GameArena
[10/18/2007|03:11] C:\Program Files\<DIR> Grisoft
[02/22/2009|04:29] C:\Program Files\<DIR> HDQuality
[03/01/2009|12:23] C:\Program Files\<DIR> HijackThis
[03/15/2008|03:50] C:\Program Files\<DIR> HP
[10/18/2007|12:43] C:\Program Files\<DIR> idlefindmeet
[03/08/2009|02:26] C:\Program Files\<DIR> InstallShield Installation Information
[02/21/2009|06:02] C:\Program Files\<DIR> InterActual
[02/12/2009|12:31] C:\Program Files\<DIR> Internet Explorer
[10/21/2007|02:26] C:\Program Files\<DIR> iolo
[01/15/2009|06:33] C:\Program Files\<DIR> iPod
[01/15/2009|06:34] C:\Program Files\<DIR> iTunes
[02/27/2009|12:51] C:\Program Files\<DIR> Java
[10/07/2008|02:59] C:\Program Files\<DIR> Lavasoft
[08/10/2008|10:34] C:\Program Files\<DIR> LimeWire
[10/24/2007|11:33] C:\Program Files\<DIR> MagicDisc
[06/11/2008|06:12] C:\Program Files\<DIR> MagicISO
[01/21/2009|10:30] C:\Program Files\<DIR> Messenger
[10/18/2007|12:42] C:\Program Files\<DIR> MessengerPlus! 3
[10/13/2008|03:10] C:\Program Files\<DIR> Microsoft
[11/10/2007|01:19] C:\Program Files\<DIR> Microsoft ActiveSync
[10/25/2007|12:09] C:\Program Files\<DIR> Microsoft Expression
[10/18/2007|03:28] C:\Program Files\<DIR> microsoft frontpage
[09/14/2008|11:02] C:\Program Files\<DIR> Microsoft LifeChat
[02/22/2009|11:11] C:\Program Files\<DIR> Microsoft Office
[03/15/2009|04:44] C:\Program Files\<DIR> Microsoft Silverlight
[10/25/2007|12:09] C:\Program Files\<DIR> Microsoft Visual Studio
[04/03/2008|02:45] C:\Program Files\<DIR> Microsoft Visual Studio 8
[10/24/2007|11:53] C:\Program Files\<DIR> Microsoft Works
[11/10/2007|01:19] C:\Program Files\<DIR> Microsoft.NET
[05/03/2008|12:37] C:\Program Files\<DIR> Mitsubishi Workshop Manuals
[08/23/2008|02:10] C:\Program Files\<DIR> MMCd Tools
[08/18/2008|03:48] C:\Program Files\<DIR> Movie Maker
[03/20/2009|09:17] C:\Program Files\<DIR> Mozilla Firefox
[10/18/2007|03:25] C:\Program Files\<DIR> MSN
[10/18/2007|03:25] C:\Program Files\<DIR> MSN Gaming Zone
[11/10/2007|01:57] C:\Program Files\<DIR> MSXML 4.0
[03/12/2009|07:03] C:\Program Files\<DIR> Nero
[08/18/2008|03:45] C:\Program Files\<DIR> NetMeeting
[02/22/2009|11:23] C:\Program Files\<DIR> Nokia
[10/27/2007|01:48] C:\Program Files\<DIR> NVIDIA Corporation
[10/18/2007|03:25] C:\Program Files\<DIR> Online Services
[08/18/2008|03:45] C:\Program Files\<DIR> Outlook Express
[10/21/2008|10:00] C:\Program Files\<DIR> Palm
[12/16/2008|04:15] C:\Program Files\<DIR> palmOne
[06/08/2008|01:27] C:\Program Files\<DIR> PCPitstop
[01/15/2009|06:32] C:\Program Files\<DIR> QuickTime
[10/19/2007|12:51] C:\Program Files\<DIR> Real
[10/27/2007|01:43] C:\Program Files\<DIR> RivaTuner v2.05
[06/08/2008|05:39] C:\Program Files\<DIR> RivaTuner v2.09
[03/17/2008|03:47] C:\Program Files\<DIR> Roxio
[03/02/2009|02:11] C:\Program Files\<DIR> RPM
[02/19/2009|04:18] C:\Program Files\<DIR> Safari
[11/19/2007|07:22] C:\Program Files\<DIR> Setup
[03/02/2009|02:33] C:\Program Files\<DIR> Spybot - Search & Destroy
[03/08/2009|08:53] C:\Program Files\<DIR> Spyware Doctor
[02/28/2009|11:26] C:\Program Files\<DIR> SpywareBlaster
[01/24/2009|11:36] C:\Program Files\<DIR> STOPzilla!
[02/28/2009|01:45] C:\Program Files\<DIR> SUPERAntiSpyware
[10/27/2007|02:36] C:\Program Files\<DIR> Teamspeak2_RC2
[06/08/2008|05:46] C:\Program Files\<DIR> TechTracker
[10/27/2007|02:37] C:\Program Files\<DIR> TSO
[10/18/2007|03:33] C:\Program Files\<DIR> Uninstall Information
[10/22/2007|10:41] C:\Program Files\<DIR> uTorrent
[10/18/2007|03:35] C:\Program Files\<DIR> VIA
[03/09/2009|06:49] C:\Program Files\<DIR> Videos To DVD
[10/15/2008|12:02] C:\Program Files\<DIR> WinAce
[09/07/2008|09:11] C:\Program Files\<DIR> WinALDL
[12/21/2007|01:09] C:\Program Files\<DIR> Windows Live
[08/27/2008|12:37] C:\Program Files\<DIR> Windows Media Connect 2
[08/27/2008|01:19] C:\Program Files\<DIR> Windows Media Player
[08/18/2008|03:45] C:\Program Files\<DIR> Windows NT
[10/18/2007|03:25] C:\Program Files\<DIR> WindowsUpdate
[11/08/2007|04:50] C:\Program Files\<DIR> WinRAR
[10/18/2007|03:28] C:\Program Files\<DIR> xerox
[03/31/2008|11:37] C:\Program Files\<DIR> Xfire
[01/21/2009|09:13] C:\Program Files\<DIR> Xvid

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/16/2008|06:28] C:\Program Files\Common Files\<DIR> Adobe
[08/16/2008|06:28] C:\Program Files\Common Files\<DIR> Adobe AIR
[03/12/2009|07:09] C:\Program Files\Common Files\<DIR> Ahead
[01/15/2009|06:33] C:\Program Files\Common Files\<DIR> Apple
[01/21/2009|10:24] C:\Program Files\Common Files\<DIR> AVSMedia
[11/09/2007|03:54] C:\Program Files\Common Files\<DIR> Corel
[10/24/2007|11:53] C:\Program Files\Common Files\<DIR> DESIGNER
[03/15/2008|03:36] C:\Program Files\Common Files\<DIR> HP
[10/18/2007|01:48] C:\Program Files\Common Files\<DIR> InstallShield
[01/22/2009|08:36] C:\Program Files\Common Files\<DIR> iS3
[10/20/2007|02:30] C:\Program Files\Common Files\<DIR> Java
[02/22/2009|11:11] C:\Program Files\Common Files\<DIR> Microsoft Shared
[10/18/2007|03:26] C:\Program Files\Common Files\<DIR> MSSoap
[10/17/2007|08:19] C:\Program Files\Common Files\<DIR> ODBC
[03/08/2009|07:38] C:\Program Files\Common Files\<DIR> PC Tools
[02/22/2009|11:23] C:\Program Files\Common Files\<DIR> PCSuite
[10/18/2007|03:26] C:\Program Files\Common Files\<DIR> Services
[10/17/2007|08:19] C:\Program Files\Common Files\<DIR> SpeechEngines
[03/17/2008|03:47] C:\Program Files\Common Files\<DIR> SureThing Shared
[08/18/2008|03:45] C:\Program Files\Common Files\<DIR> System
[10/03/2008|11:58] C:\Program Files\Common Files\<DIR> Windows Live
[10/04/2008|12:00] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[01/22/2009|08:56] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 35 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Iso sign frag chic
C:\Program Files\Adverts

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file MODIFIED

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 07:35:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\SHANEM~1\Application Data\uTorrent\Ad-Aware 2007 Professional Edition 7.0.1.6 + Crack [h33t] [CaZoR].1.torrent
C:\DOCUME~1\SHANEM~1\Application Data\uTorrent\Ad-Aware 2007 Professional Edition 7.0.1.6 + Crack [h33t] [CaZoR].torrent
C:\DOCUME~1\SHANEM~1\Application Data\uTorrent\AVS Video Converter 6.2.3.314 + Crack.rar.torrent
C:\DOCUME~1\SHANEM~1\Application Data\uTorrent\Nero Premium v7.570 + Keygen.torrent
C:\DOCUME~1\SHANEM~1\Application Data\uTorrent\Spyware Doctor 6.0.0.386 + CRACK +SERIALS LICENCE RESET.torrent
C:\DOCUME~1\SHANEM~1\Application Data\uTorrent\spyware doctor crack suite full [canucrackit] all versons.rar.torrent
C:\DOCUME~1\SHANEM~1\Application Data\uTorrent\STOPzilla! v3.1.0.7 + Crack (pop up blocker and the code works!!).zip.torrent
C:\DOCUME~1\SHANEM~1\Desktop\Xx.Moniiqu.ee_Bby.xX\My Documents\LimeWire\Incomplete\Preview-T-8202309-Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3
C:\DOCUME~1\SHANEM~1\Desktop\Xx.Moniiqu.ee_Bby.xX\My Documents\My Music\My Playlists\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3
C:\DOCUME~1\SHANEM~1\My Documents\STOPzilla! v3.1.0.7 + Crack
C:\DOCUME~1\SHANEM~1\My Documents\Downloads\Nero Premium v7.570 + Keygen
C:\DOCUME~1\SHANEM~1\My Documents\Downloads\Nero Premium v7.570 + Keygen [mininova].torrent
C:\DOCUME~1\SHANEM~1\My Documents\Downloads\spyware doctor crack suite full [canucrackit] all versons.rar [mininova].torrent
C:\DOCUME~1\SHANEM~1\My Documents\Downloads\Spyware_Doctor_6.0.0.386_+_CRACK_+SERIALS_LICENCE_RESET [mininova].torrent
C:\DOCUME~1\SHANEM~1\My Documents\Downloads\STOPzilla! v3.1.0.7 + Crack
C:\DOCUME~1\SHANEM~1\My Documents\Downloads\STOPzilla! v3.1.0.7 + Crack (pop up blocker and the code works!!).zip
C:\DOCUME~1\SHANEM~1\My Documents\Downloads\Nero Premium v7.570 + Keygen\Installation.txt
C:\DOCUME~1\SHANEM~1\My Documents\Downloads\Nero Premium v7.570 + Keygen\keygen.exe
C:\DOCUME~1\SHANEM~1\My Documents\Downloads\Nero Premium v7.570 + Keygen\Nero - 7.5.7.0.exe
C:\DOCUME~1\SHANEM~1\My Documents\Downloads\STOPzilla! v3.1.0.7 + Crack\activator.exe
C:\DOCUME~1\SHANEM~1\My Documents\Incomplete\KMU4M6ZQC7OEK2U2JIJ5DKBD5B22BBFO\.datAd-Aware 2007 Professional Edition 7.0.1.6 + Crack [h33t] [CaZoR]
C:\DOCUME~1\SHANEM~1\My Documents\Incomplete\KMU4M6ZQC7OEK2U2JIJ5DKBD5B22BBFO\Ad-Aware 2007 Professional Edition 7.0.1.6 + Crack [h33t] [CaZoR]
C:\DOCUME~1\SHANEM~1\My Documents\Incomplete\KMU4M6ZQC7OEK2U2JIJ5DKBD5B22BBFO\Ad-Aware 2007 Professional Edition 7.0.1.6 + Crack [h33t] [CaZoR]\Ad-Aware 2007 Professional Edition 7.0.1.6 + Crack [h33t] [CaZoR].rar
C:\DOCUME~1\SHANEM~1\My Documents\Incomplete\KMU4M6ZQC7OEK2U2JIJ5DKBD5B22BBFO\Ad-Aware 2007 Professional Edition 7.0.1.6 + Crack [h33t] [CaZoR]\tracked_by_h33t_com.txt
C:\DOCUME~1\SHANEM~1\My Documents\STOPzilla! v3.1.0.7 + Crack\activator.exe
C:\DOCUME~1\SHANEM~1\My Documents\STOPzilla! v3.1.0.7 + Crack\harvest.nfo
C:\DOCUME~1\SHANEM~1\My Documents\STOPzilla! v3.1.0.7 + Crack\STOPzilla_Setup.exe
C:\DOCUME~1\SHANEM~1\Recent\Nero Premium v7.570 + Keygen.lnk


[F:10][D:1]-> C:\DOCUME~1\SHANEM~1\LOCALS~1\Temp
[F:38][D:0]-> C:\DOCUME~1\SHANEM~1\Cookies
[F:68][D:4]-> C:\DOCUME~1\SHANEM~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 03/20/2009|19:27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sat 03/21/2009| 7:36 - Option : [1]

--------------------\\ Scan completed at 7:36:49




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users