Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager And Other Apps Disappearing


  • Please log in to reply
30 replies to this topic

#1 Eclipse

Eclipse

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 03 April 2007 - 07:04 AM

Hi guys,

task manager and other applications when I open are disappearing after flashing a for a bit..i am assuming that my machine has some kind of virus...can you guys asssist me in removing it...

below is the HijackThis log file..

Logfile of HijackThis v1.99.1
Scan saved at 9:48:31 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\XPPRO\System32\smss.exe
C:\WINDOWS\XPPRO\system32\winlogon.exe
C:\WINDOWS\XPPRO\system32\services.exe
C:\WINDOWS\XPPRO\system32\lsass.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\XPPRO\system32\spoolsv.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\XPPRO\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\XPPRO\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\XPPRO\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\XPPRO\system32\RunDLL32.exe
C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\WINDOWS\XPPRO\System32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\IFACE.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PAVJOBS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bindu.VIJAY143BINDU\Desktop\drivers\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\XPPRO\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\XPPRO\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (B&W)] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P32 "EPSON Stylus CX3800 Series (B&W)" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P57 "Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810" /O22 "\\VDUPATID810\Printer3" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on VDUPATID810] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P46 "Auto EPSON Stylus CX3800 Series on VDUPATID810" /O22 "\\VDUPATID810\Printer4" /M "Stylus CX3800"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\XPPRO\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\XPPRO\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\XPPRO\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\XPPRO\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 03 April 2007 - 07:22 AM

Welcome to the BleepingComputer HijackThis forum Eclipse :thumbsup:

Please run the F-Secure online virus/spyware scan using Internet Explorer:
http://support.f-secure.com/enu/home/ols3.shtml
Follow the directions in the F-Secure page for proper Installation.
Accept the License Agreement.
Once the ActiveX installs,Click ‘Custom Scan’ and be sure the following are checked:
1.Scan whole System
2.Scan all files
3.Scan whole system for rootkits
4.Scan whole system for spyware
5.Scan inside archives
6.Use advanced heuristics
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the ‘I want to decide item by item’ button.
For each item found,Select ‘Disinfect’ and click ‘Next’.
Click the ‘Show Report’ button,then copy and paste the entire report into your next reply.

******************************

Please download Sophos Anti-Rootkit,and save it on your desktop.
1. Double-click sarsfx.exe to extract the files and leave the default settings.
2. Open the folder C:\SOPHTEMP and double-click sargui.exe to start the program.
3. Make sure the following are checked:
- Running processes
- Windows Registry
- Local Hard Drives
4. Click the "Start Scan" button.
5. Click the "OK" button after you get the notification that the scan has finished and close the program.
6. Click on Start>Run and type, or copy and paste: %temp%\sarscan.log then press Enter.
7. This should open the log from the rootkit scan.
Post this log into your next reply.

Note:
If the scan is performed while the computer is in use, false positives may appear in the scan results.
This is caused by files or registry entries being deleted,including temporary files being deleted automatically.
It has also been reported that Trojan Hunter is detecting Sophos Anti-rootkit as Trojan.Dropper.Interlac.100
So if you have Trojan Hunter installed you will need to disable it prior to running a scan.

******************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Restart your pc.
Post all three above logs/reports and a new Hijackthis log into your next reply please.
Posted Image
Posted Image

#3 Eclipse

Eclipse
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 03 April 2007 - 09:44 AM

Thank you so much for your prompt. I will try all your suggestions and will post the logs as soon as I can.

Thanks again

#4 Eclipse

Eclipse
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 03 April 2007 - 06:56 PM

I could not run combofix.exe and F-Secure online virus stopped with an error...so i am posting only HiJackThis Log file and sophos anti-root log


Sophos Anti-Rootkit Version 1.2 (data 1.01) © 2006 Sophos Plc
Started logging on 4/3/2007 at 19:28:15 PM
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters\SymbolicLinkValue
Hidden: file C:\Program Files:$TXF_DATA
Hidden: file C:\Program Files\Windows Mail:$TXF_DATA
Hidden: file C:\ProgramData:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto\RSA:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys:$TXF_DATA
Hidden: file C:\Windows:$TXF_DATA
Hidden: file C:\Windows\AppPatch:$TXF_DATA
Hidden: file C:\Windows\servicing:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages:$TXF_DATA
Hidden: file C:\Windows\System32:$TXF_DATA
Hidden: file C:\Windows\System32\catroot2:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows\MUI:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows Defender:$TXF_DATA
Hidden: file C:\Windows\Temp:$TXF_DATA
Hidden: file C:\Windows\winsxs:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16386_none_47403923c16007bf:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16386_none_09ec7677f5607450:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16386_none_09ed76c1f55f8da7:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16386_none_09ee770bf55ea6fe:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16386_none_5938ffdfe0e8b606:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6000.16386_none_fc68e358f899a090:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_3fc98d12c451f0a7:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16386_none_f95b545b6ed37b65:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16386_none_110c50a0253e6a48:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16386_none_f05158286e8f4253:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16386_none_f05158286e8f4253\OESpamFilter.dat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16386_none_09ed76c1f55f8da7\AcGenral.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055\AcLayers.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\AcRes.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16386_none_09ee770bf55ea6fe\AcSpecfc.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055\AcXtrnal.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055\drvmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16386_none_09ec7677f5607450\msimain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16386_none_47403923c16007bf\pcamain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\sysmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16386_none_5938ffdfe0e8b606\crypt32.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6000.16386_none_fc68e358f899a090\DWWIN.EXE:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_3fc98d12c451f0a7\gameux.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_3fc98d12c451f0a7\GameUXLegacyGDFs.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16386_none_f95b545b6ed37b65\ieapfltr.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16386_none_110c50a0253e6a48\mshtml.dll:$TXF_DATA
Hidden: file C:\Windows\System32\catroot2\dberr.txt:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d\msxml4.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\msxml4r.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\d0ea802a3352c70152010000a405540f.x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230.manifest:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Norton Internet Security - Run Full System Scan - bindu:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230\capilock.dat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230\crypt32.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\d0ea802a3352c70153010000a405540f.x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_capilock.dat_79d31fad:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\304c832a3352c70154010000a405540f.x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_crypt32.dll_9c3ccf73:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\3057962a3352c70155010000a405540f._0000000000000000.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929685~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\f072bd9cabcc08d7c69c7233dbd8250f135108961d8ff8329077109ceba3670a.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB931573~31bf3856ad364e35~x86~~6.0.1.0.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB931573~31bf3856ad364e35~x86~~6.0.1.0.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\90b8982a3352c70156010000a405540f.$$.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\d000a72a3352c70157010000a405540f.$$_system32_21f9a9c4a2f8b514.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\1054c82a3352c70158010000a405540f.programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929685~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\af33616f5bc0f29c02dd361196760c61f4a5d0675f815556474b2428526e4381.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\ad9f0b431da6f224b659f0fe2809f1514b0c914df2b996c24bd31655454ea9dd.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB930857~31bf3856ad364e35~x86~~6.0.1.0.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\f0b9a1bfe7438cb7278a67b3ed92e8672ca3ab8625a5a003df342919b341d5e4.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB930857~31bf3856ad364e35~x86~~6.0.1.0.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_capilock.dat_79d31fad:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_crypt32.dll_9c3ccf73:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16426_none_47811a91c12f5d40\pcamain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16426_none_47811a91c12f5d40:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16426_none_400a6e80c4214628:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\2825710b7e12c276607d1b23531a245fe7013732f6f981972490496b5dfe1b7a.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\527d691d73f683ad591783b7e63921bd886cbe0c14f4199d7f76e244192b0e0c.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.4.0.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\686f10e47be1c8e4f572dca67961e0bde8e31f0d7a2fee39bdd58a215a64376d.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.4.0.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16426_none_400a6e80c4214628\gameux.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16426_none_400a6e80c4214628\GameUXLegacyGDFs.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16426_none_0a3058c3f52d15d6\AcXtrnal.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16426_none_0a3058c3f52d15d6:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16426_none_0a3058c3f52d15d6\AcLayers.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16426_none_0a3058c3f52d15d6\drvmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16426_none_0a2c579bf530b07a\sysmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16426_none_0a2c579bf530b07a:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16426_none_0a2c579bf530b07a\AcRes.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16426_none_0a2d57e5f52fc9d1\msimain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16426_none_0a2d57e5f52fc9d1:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16426_none_0a2f5879f52dfc7f\AcSpecfc.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16426_none_0a2f5879f52dfc7f:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16426_none_0a2e582ff52ee328\AcGenral.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16426_none_0a2e582ff52ee328:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16397_none_f95184b96edab0ad\ieapfltr.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16397_none_f95184b96edab0ad:$TXF_DATA
Hidden: file C:\Windows\System32\mshtml.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90_mshtml.tlb_fab8f577:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90_mshtml.dll_fab8f891:$TXF_DATA
Hidden: file C:\Windows\winsxs\cleanup.xml:$TXF_DATA
Hidden: file C:\Windows\System32\DWWIN.EXE:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6000.16416_none_fcb494b2f860da20:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\$$.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\_0000000000000000.cdf-ms:$TXF_DATA
Hidden: file C:\Program Files\Windows Mail\OESpamFilter.dat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16420_none_f08c37da6e63ffca:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\msxml4.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat:$TXF_DATA
Hidden: file C:\Windows\XPPRO\SoftwareDistribution\DataStore\Logs\tmp.edb
Stopped logging on 4/3/2007 at 19:32:22 PM

---------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 19:50, on 07-04-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\XPPRO\System32\smss.exe
C:\WINDOWS\XPPRO\system32\winlogon.exe
C:\WINDOWS\XPPRO\system32\services.exe
C:\WINDOWS\XPPRO\system32\lsass.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\XPPRO\system32\spoolsv.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\XPPRO\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\XPPRO\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\XPPRO\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\XPPRO\system32\RunDLL32.exe
C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\XPPRO\system32\wuauclt.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Documents and Settings\bindu.VIJAY143BINDU\Desktop\drivers\HijackThis.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\Upgrader.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\XPPRO\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\XPPRO\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (B&W)] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P32 "EPSON Stylus CX3800 Series (B&W)" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P57 "Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810" /O22 "\\VDUPATID810\Printer3" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on VDUPATID810] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P46 "Auto EPSON Stylus CX3800 Series on VDUPATID810" /O22 "\\VDUPATID810\Printer4" /M "Stylus CX3800"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\XPPRO\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\XPPRO\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\XPPRO\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\XPPRO\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

#5 Eclipse

Eclipse
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 04 April 2007 - 07:09 AM

you guys see anything wrong with the log files...

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 04 April 2007 - 07:19 AM

First make sure you're logged on to your pc as Administrator,or at least logged on with an account with administers privileges.

Go here,download the Sysclean Package (3.2MB):
http://www.trendmicro.com/download/pattern-dcs.asp

Go here,download the latest Virus Pattern File for Windows (lpt391.zip) (18.1MB):
http://www.trendmicro.com/download/viruspattern.asp

Now create a new folder on your desktop,rename it Sysclean.
Now place the Sysclean Package inside that new folder.
Unzip/extract the Virus Pattern File to that new folder.

Close all open applications,and DISABLE your current antivirus software.
Open the Sysclean folder and double-click on sysclean.com to start the scan.
It will take some time to complete.
Be patient and let it clean whatever it finds.

*****************************

Please download Sophos Anti-Rootkit,and save it on your desktop.
1. Double-click sarsfx.exe to extract the files and leave the default settings.
2. Open the folder C:\SOPHTEMP and double-click sargui.exe to start the program.
3. Make sure the following are checked:
- Running processes
- Windows Registry
- Local Hard Drives
4. Click the "Start Scan" button.
5. Click the "OK" button after you get the notification that the scan has finished and close the program.
6. Click on Start>Run and type, or copy and paste: %temp%\sarscan.log then press Enter.
7. This should open the log from the rootkit scan.
Post this log into your next reply.

Note:
If the scan is performed while the computer is in use, false positives may appear in the scan results.
This is caused by files or registry entries being deleted,including temporary files being deleted automatically.
It has also been reported that Trojan Hunter is detecting Sophos Anti-rootkit as Trojan.Dropper.Interlac.100
So if you have Trojan Hunter installed you will need to disable it prior to running a scan.

**************************

Download\unzip and double click on the .reg file which is attached below.
Restart your pc when you've finished.
Posted Image
Posted Image

#7 Eclipse

Eclipse
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 04 April 2007 - 08:22 AM

here is the new log file:


Sophos Anti-Rootkit Version 1.2 (data 1.01) © 2006 Sophos Plc
Started logging on 4/3/2007 at 19:28:15 PM
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters\SymbolicLinkValue
Hidden: file C:\Program Files:$TXF_DATA
Hidden: file C:\Program Files\Windows Mail:$TXF_DATA
Hidden: file C:\ProgramData:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto\RSA:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys:$TXF_DATA
Hidden: file C:\Windows:$TXF_DATA
Hidden: file C:\Windows\AppPatch:$TXF_DATA
Hidden: file C:\Windows\servicing:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages:$TXF_DATA
Hidden: file C:\Windows\System32:$TXF_DATA
Hidden: file C:\Windows\System32\catroot2:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows\MUI:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows Defender:$TXF_DATA
Hidden: file C:\Windows\Temp:$TXF_DATA
Hidden: file C:\Windows\winsxs:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16386_none_47403923c16007bf:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16386_none_09ec7677f5607450:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16386_none_09ed76c1f55f8da7:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16386_none_09ee770bf55ea6fe:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16386_none_5938ffdfe0e8b606:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6000.16386_none_fc68e358f899a090:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_3fc98d12c451f0a7:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16386_none_f95b545b6ed37b65:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16386_none_110c50a0253e6a48:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16386_none_f05158286e8f4253:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16386_none_f05158286e8f4253\OESpamFilter.dat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16386_none_09ed76c1f55f8da7\AcGenral.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055\AcLayers.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\AcRes.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16386_none_09ee770bf55ea6fe\AcSpecfc.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055\AcXtrnal.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055\drvmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16386_none_09ec7677f5607450\msimain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16386_none_47403923c16007bf\pcamain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\sysmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16386_none_5938ffdfe0e8b606\crypt32.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6000.16386_none_fc68e358f899a090\DWWIN.EXE:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_3fc98d12c451f0a7\gameux.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_3fc98d12c451f0a7\GameUXLegacyGDFs.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16386_none_f95b545b6ed37b65\ieapfltr.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16386_none_110c50a0253e6a48\mshtml.dll:$TXF_DATA
Hidden: file C:\Windows\System32\catroot2\dberr.txt:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d\msxml4.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\msxml4r.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\d0ea802a3352c70152010000a405540f.x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230.manifest:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Norton Internet Security - Run Full System Scan - bindu:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230\capilock.dat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230\crypt32.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\d0ea802a3352c70153010000a405540f.x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_capilock.dat_79d31fad:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\304c832a3352c70154010000a405540f.x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_crypt32.dll_9c3ccf73:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\3057962a3352c70155010000a405540f._0000000000000000.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929685~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\f072bd9cabcc08d7c69c7233dbd8250f135108961d8ff8329077109ceba3670a.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB931573~31bf3856ad364e35~x86~~6.0.1.0.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB931573~31bf3856ad364e35~x86~~6.0.1.0.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\90b8982a3352c70156010000a405540f.$$.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\d000a72a3352c70157010000a405540f.$$_system32_21f9a9c4a2f8b514.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\1054c82a3352c70158010000a405540f.programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929685~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\af33616f5bc0f29c02dd361196760c61f4a5d0675f815556474b2428526e4381.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\ad9f0b431da6f224b659f0fe2809f1514b0c914df2b996c24bd31655454ea9dd.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB930857~31bf3856ad364e35~x86~~6.0.1.0.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\f0b9a1bfe7438cb7278a67b3ed92e8672ca3ab8625a5a003df342919b341d5e4.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB930857~31bf3856ad364e35~x86~~6.0.1.0.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_capilock.dat_79d31fad:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_crypt32.dll_9c3ccf73:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16426_none_47811a91c12f5d40\pcamain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16426_none_47811a91c12f5d40:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16426_none_400a6e80c4214628:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\2825710b7e12c276607d1b23531a245fe7013732f6f981972490496b5dfe1b7a.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\527d691d73f683ad591783b7e63921bd886cbe0c14f4199d7f76e244192b0e0c.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.4.0.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\686f10e47be1c8e4f572dca67961e0bde8e31f0d7a2fee39bdd58a215a64376d.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.4.0.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16426_none_400a6e80c4214628\gameux.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16426_none_400a6e80c4214628\GameUXLegacyGDFs.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16426_none_0a3058c3f52d15d6\AcXtrnal.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16426_none_0a3058c3f52d15d6:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16426_none_0a3058c3f52d15d6\AcLayers.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16426_none_0a3058c3f52d15d6\drvmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16426_none_0a2c579bf530b07a\sysmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16426_none_0a2c579bf530b07a:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16426_none_0a2c579bf530b07a\AcRes.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16426_none_0a2d57e5f52fc9d1\msimain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16426_none_0a2d57e5f52fc9d1:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16426_none_0a2f5879f52dfc7f\AcSpecfc.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16426_none_0a2f5879f52dfc7f:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16426_none_0a2e582ff52ee328\AcGenral.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16426_none_0a2e582ff52ee328:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16397_none_f95184b96edab0ad\ieapfltr.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16397_none_f95184b96edab0ad:$TXF_DATA
Hidden: file C:\Windows\System32\mshtml.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90_mshtml.tlb_fab8f577:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90_mshtml.dll_fab8f891:$TXF_DATA
Hidden: file C:\Windows\winsxs\cleanup.xml:$TXF_DATA
Hidden: file C:\Windows\System32\DWWIN.EXE:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6000.16416_none_fcb494b2f860da20:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\$$.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\_0000000000000000.cdf-ms:$TXF_DATA
Hidden: file C:\Program Files\Windows Mail\OESpamFilter.dat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16420_none_f08c37da6e63ffca:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\msxml4.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat:$TXF_DATA
Hidden: file C:\Windows\XPPRO\SoftwareDistribution\DataStore\Logs\tmp.edb
Stopped logging on 4/3/2007 at 19:32:22 PM


Sophos Anti-Rootkit Version 1.2 (data 1.01) © 2006 Sophos Plc
Started logging on 07-04-04 at 09:14
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters\SymbolicLinkValue
Hidden: file C:\Program Files:$TXF_DATA
Hidden: file C:\Program Files\Windows Mail:$TXF_DATA
Hidden: file C:\ProgramData:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto\RSA:$TXF_DATA
Hidden: file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys:$TXF_DATA
Hidden: file C:\Windows:$TXF_DATA
Hidden: file C:\Windows\AppPatch:$TXF_DATA
Hidden: file C:\Windows\servicing:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages:$TXF_DATA
Hidden: file C:\Windows\System32:$TXF_DATA
Hidden: file C:\Windows\System32\catroot2:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows\MUI:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows Defender:$TXF_DATA
Hidden: file C:\Windows\Temp:$TXF_DATA
Hidden: file C:\Windows\winsxs:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16386_none_47403923c16007bf:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16386_none_09ec7677f5607450:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16386_none_09ed76c1f55f8da7:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16386_none_09ee770bf55ea6fe:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16386_none_5938ffdfe0e8b606:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6000.16386_none_fc68e358f899a090:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_3fc98d12c451f0a7:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16386_none_f95b545b6ed37b65:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16386_none_110c50a0253e6a48:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16386_none_f05158286e8f4253:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16386_none_f05158286e8f4253\OESpamFilter.dat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16386_none_09ed76c1f55f8da7\AcGenral.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055\AcLayers.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\AcRes.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16386_none_09ee770bf55ea6fe\AcSpecfc.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055\AcXtrnal.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16386_none_09ef7755f55dc055\drvmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16386_none_09ec7677f5607450\msimain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16386_none_47403923c16007bf\pcamain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\sysmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16386_none_5938ffdfe0e8b606\crypt32.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6000.16386_none_fc68e358f899a090\DWWIN.EXE:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_3fc98d12c451f0a7\gameux.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16386_none_3fc98d12c451f0a7\GameUXLegacyGDFs.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16386_none_f95b545b6ed37b65\ieapfltr.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16386_none_110c50a0253e6a48\mshtml.dll:$TXF_DATA
Hidden: file C:\Windows\System32\catroot2\dberr.txt:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d\msxml4.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\msxml4r.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\d0ea802a3352c70152010000a405540f.x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230.manifest:$TXF_DATA
Hidden: file C:\Windows\System32\Tasks\Norton Internet Security - Run Full System Scan - bindu:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230\capilock.dat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230\crypt32.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\d0ea802a3352c70153010000a405540f.x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_capilock.dat_79d31fad:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\304c832a3352c70154010000a405540f.x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_crypt32.dll_9c3ccf73:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\3057962a3352c70155010000a405540f._0000000000000000.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929685~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\f072bd9cabcc08d7c69c7233dbd8250f135108961d8ff8329077109ceba3670a.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB931573~31bf3856ad364e35~x86~~6.0.1.0.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB931573~31bf3856ad364e35~x86~~6.0.1.0.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\90b8982a3352c70156010000a405540f.$$.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\d000a72a3352c70157010000a405540f.$$_system32_21f9a9c4a2f8b514.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Temp\PendingRenames\1054c82a3352c70158010000a405540f.programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929685~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\af33616f5bc0f29c02dd361196760c61f4a5d0675f815556474b2428526e4381.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\ad9f0b431da6f224b659f0fe2809f1514b0c914df2b996c24bd31655454ea9dd.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB928089~31bf3856ad364e35~x86~~6.0.1.1.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB930857~31bf3856ad364e35~x86~~6.0.1.0.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\f0b9a1bfe7438cb7278a67b3ed92e8672ca3ab8625a5a003df342919b341d5e4.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB930857~31bf3856ad364e35~x86~~6.0.1.0.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_capilock.dat_79d31fad:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230_crypt32.dll_9c3ccf73:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\programdata_microsoft_crypto_rsa_machinekeys_aa739417efae0d58.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16426_none_47811a91c12f5d40\pcamain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16426_none_47811a91c12f5d40:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16426_none_400a6e80c4214628:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\2825710b7e12c276607d1b23531a245fe7013732f6f981972490496b5dfe1b7a.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\527d691d73f683ad591783b7e63921bd886cbe0c14f4199d7f76e244192b0e0c.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_2_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB929427~31bf3856ad364e35~x86~~6.0.1.10.mum:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.4.0.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\Catalogs\686f10e47be1c8e4f572dca67961e0bde8e31f0d7a2fee39bdd58a215a64376d.cat:$TXF_DATA
Hidden: file C:\Windows\servicing\Packages\Package_1_for_KB905866~31bf3856ad364e35~x86~~6.0.4.0.mum:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16426_none_400a6e80c4214628\gameux.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16426_none_400a6e80c4214628\GameUXLegacyGDFs.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16426_none_0a3058c3f52d15d6\AcXtrnal.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16426_none_0a3058c3f52d15d6:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16426_none_0a3058c3f52d15d6\AcLayers.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16426_none_0a3058c3f52d15d6\drvmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16426_none_0a2c579bf530b07a\sysmain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16426_none_0a2c579bf530b07a:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16426_none_0a2c579bf530b07a\AcRes.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16426_none_0a2d57e5f52fc9d1\msimain.sdb:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16426_none_0a2d57e5f52fc9d1:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16426_none_0a2f5879f52dfc7f\AcSpecfc.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16426_none_0a2f5879f52dfc7f:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16426_none_0a2e582ff52ee328\AcGenral.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16426_none_0a2e582ff52ee328:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16397_none_f95184b96edab0ad\ieapfltr.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16397_none_f95184b96edab0ad:$TXF_DATA
Hidden: file C:\Windows\System32\mshtml.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90_mshtml.tlb_fab8f577:$TXF_DATA
Hidden: file C:\Windows\winsxs\Backup\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16397_none_110280fe25459f90_mshtml.dll_fab8f891:$TXF_DATA
Hidden: file C:\Windows\winsxs\cleanup.xml:$TXF_DATA
Hidden: file C:\Windows\System32\DWWIN.EXE:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.0.6000.16416_none_fcb494b2f860da20:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\$$.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\_0000000000000000.cdf-ms:$TXF_DATA
Hidden: file C:\Program Files\Windows Mail\OESpamFilter.dat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16420_none_f08c37da6e63ffca:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\msxml4.dll:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat:$TXF_DATA
Hidden: file C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff:$TXF_DATA
Hidden: file C:\Windows\winsxs\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.manifest:$TXF_DATA
Hidden: file C:\Windows\winsxs\Manifests\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat:$TXF_DATA
Stopped logging on 07-04-04 at 09:18

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 04 April 2007 - 08:40 AM

There's nothing wrong there at all,but the one thing thats puzzling me is why are all the following processes running from a folder called XPPRO,can you put me in the picture why that is please.

C:\WINDOWS\XPPRO\System32\smss.exe
C:\WINDOWS\XPPRO\system32\winlogon.exe
C:\WINDOWS\XPPRO\system32\services.exe
C:\WINDOWS\XPPRO\system32\lsass.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\WINDOWS\XPPRO\system32\spoolsv.exe
C:\WINDOWS\XPPRO\system32\RunDLL32.exe
C:\WINDOWS\XPPRO\system32\wuauclt.exe
C:\WINDOWS\XPPRO\system32\svchost.exe

How is your pc running,exactly what programs are not opening.
Posted Image
Posted Image

#9 Eclipse

Eclipse
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 04 April 2007 - 09:01 AM

thanks so much for your help...everything looks like it is working fine now...

the XPPRO thing is the folder i created when i was installing the Windows XP Pro on machine...i previously had Windows Vista...so i was trying to do a dual boot and so i created XPPRO folder to install windows XP

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 04 April 2007 - 09:58 AM

Thats good news :thumbsup:
If all's ok,please do the following:

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u1'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
Posted Image
Posted Image

#11 Eclipse

Eclipse
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 06 April 2007 - 06:33 AM

sorry, I did not know that I can continue posting in the already completed tasks...


But any ways, as I said everything looks fine...But whenever I run yahoo messenger, the other applications like task manager, control panel and other are flashing and disappearing...i dont see what could be the problem...i reinstalled the yahoo messenger and it did the same thing...so currently i have removed messenger from my computer and I have no problems...

but can you tell me what the problem is with using yahoo messenger...

do you want me to post new hijackthis log?

thanks

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 06 April 2007 - 06:42 AM

If you're now able to do the following please do:

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt,and a new Hijackthis log into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Posted Image

#13 Eclipse

Eclipse
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 06 April 2007 - 07:17 AM

Thank again, I ran the combofix.exe and got the following message

Process cannot access the file as it been used by another process...

any ways below is the hijackThis log file...

Logfile of HijackThis v1.99.1
Scan saved at 08:08, on 07-04-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\XPPRO\System32\smss.exe
C:\WINDOWS\XPPRO\system32\winlogon.exe
C:\WINDOWS\XPPRO\system32\services.exe
C:\WINDOWS\XPPRO\system32\lsass.exe
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\XPPRO\system32\spoolsv.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\XPPRO\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\XPPRO\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\XPPRO\stsystra.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\XPPRO\system32\RunDLL32.exe
C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\XPPRO\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\WINDOWS\XPPRO\system32\svchost.exe
C:\WINDOWS\XPPRO\system32\wscntfy.exe
C:\ComboFix\TSF\15474.cfexe
C:\Documents and Settings\bindu.VIJAY143BINDU\Desktop\drivers\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\XPPRO\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\XPPRO\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (B&W)] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P32 "EPSON Stylus CX3800 Series (B&W)" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P57 "Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810" /O22 "\\VDUPATID810\Printer3" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on VDUPATID810] C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P46 "Auto EPSON Stylus CX3800 Series on VDUPATID810" /O22 "\\VDUPATID810\Printer4" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\XPPRO\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\XPPRO\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\XPPRO\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\XPPRO\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 06 April 2007 - 07:36 AM

Download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

******************************

Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.vbs
Save it to the desktop and double-click on it.
If you get any kind of warning message about scripts,please choose to allow the script to run.
When the scan is finished it will create a logfile on your desktop.
Please post the entire contents of this logfile into your next reply.
Posted Image
Posted Image

#15 Eclipse

Eclipse
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 06 April 2007 - 03:45 PM

OK i did everything you said....

1. Dr.Web Cureit did not find any viruses...so there was no log file or report....

2. log file for the second one....

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\XPPRO\system32\ctfmon.exe" [MS]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\XPPRO\system32\NvCpl.dll,NvStartup" [MS]
"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s" ["Panda Software International"]
"SCANINICIO" = ""C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"" ["Panda Software International"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]
"CTSVolFE.exe" = ""C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r" ["Creative Technology Ltd"]
"PD0630 STISvc" = "RunDLL32.exe P0630Pin.dll,RunDLL32EP 513" [MS]
"DLA" = "C:\WINDOWS\XPPRO\System32\DLA\DLACTRLW.EXE" ["Sonic Solutions"]
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" ["InstallShield Software Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"EPSON Stylus CX3800 Series (B&W)" = "C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P32 "EPSON Stylus CX3800 Series (B&W)" /O6 "USB001" /M "Stylus CX3800"" ["SEIKO EPSON CORPORATION"]
"Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810" = "C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P57 "Auto EPSON Stylus CX3800 Series_Black Only on VDUPATID810" /O22 "\\VDUPATID810\Printer3" /M "Stylus CX3800"" ["SEIKO EPSON CORPORATION"]
"Auto EPSON Stylus CX3800 Series on VDUPATID810" = "C:\WINDOWS\XPPRO\system32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P46 "Auto EPSON Stylus CX3800 Series on VDUPATID810" /O22 "\\VDUPATID810\Printer4" /M "Stylus CX3800"" ["SEIKO EPSON CORPORATION"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\XPPRO\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\XPPRO\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\XPPRO\system32\shdocvw.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\XPPRO\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\XPPRO\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{65756541-C65C-11CD-0000-4B656E696100}" = "Panda Antivirus"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\XPPRO\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> avldr\DLLName = "avldr.dll" ["Panda Software"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
<<!>> Logo1_.exe\Debugger = "nircmd execmd del /a/f c:\windows\Logo1_.exe" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = "{65756541-C65C-11CD-0000-4B656E696100}"
-> {HKLM...CLSID} = "Panda Antivirus"
\InProcServer32\(Default) = "C:\Program Files\Panda Software\Panda Internet Security 2007\PAVOLE.DLL" ["Panda Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\XPPRO\web\wallpaper\Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\XPPRO\web\wallpaper\Bliss.bmp"


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
c:\program files\panda software\panda internet security 2007\pavlsp.dll ["Panda Software International"], 01 - 03, 17
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Cisco Systems, Inc. VPN Service, CVPND, ""C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"" ["Cisco Systems, Inc."]
Creative Labs Licensing Service, Creative Labs Licensing Service, ""C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe"" ["Creative Labs"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\XPPRO\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Panda anti-virus service, PAVSRV, ""C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe"" ["Panda Software International"]
Panda Antispam Engine, pmshellsrv, "C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe" ["Panda Software International"]
Panda Function Service, PAVFNSVR, ""C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe"" ["Panda Software International"]
Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe"" ["Panda Software"]
Panda Network Manager, PNMSRV, ""c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE"" ["Panda Software International"]
Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]
Panda TPSrv, TPSrv, ""C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe"" ["Panda Software"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
EPSON Stylus CX3800 Series 2KMonitor5A\Driver = "E_FLMACA.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 43 seconds, including 18 seconds for message boxes)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users