|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
DanP
Corporal
Joined: Jan 24, 2008
Posts: 61
Location: Philippines
|
 Posted: Sun Jun 29, 2008 2:31 am Post subject: Malicious Infection |
|
|
I need help.
My PC's running very slow, Task Manager was disabled, IE or Firefox could not connect to any server, and some weird ie alert says I have to download an antispyware. This PC's offline and will remain so until the problems goes away.
Seems like the trouble all started when the kids downloaded and installed a file sent via YM.
I'm using a laptop now to connect. Ran Hijackthis and these are the results.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:23 AM, on 6/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\General User.DUALCORE.000\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A80C5BD1-660C-41B1-A2B5-5D359BF1A674} - C:\WINDOWS\system32\nnnKbbax.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\General User.DUALCORE.000\Application Data\Microsoft\dtsc\26655.exe
O4 - HKUS\S-1-5-18\..\Run: [IEUpdate] C:\WINDOWS\system32\adsldpo.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [IEUpdate] C:\WINDOWS\system32\adsldpo.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IEUpdate] C:\WINDOWS\system32\adsldpo.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [IEUpdate] C:\WINDOWS\system32\adsldpo.exe (User 'Default user')
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207369913765
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 5006 bytes
Thanks in advance....
|
|
| Back to top |
|
 |
Prince_Serendip
Site Moderator
Joined: Sep 07, 2002
Posts: 17542
|
|
| Back to top |
|
|
DanP
Corporal
Joined: Jan 24, 2008
Posts: 61
Location: Philippines
|
| Posted: Tue Jul 01, 2008 10:55 am Post subject: |
|
|
| Prince_Serendip wrote: | You're Ready for cleaning. 
At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts. Now you wait for one of them to come help you. |
Thanks a lot. I'll wait.
|
|
| Back to top |
|
|
DanP
Corporal
Joined: Jan 24, 2008
Posts: 61
Location: Philippines
|
| Posted: Tue Jul 08, 2008 7:51 am Post subject: |
|
|
Prince Serendip,
I had to work on my PC last night (without need to connect to the internet), so I downloaded the then latest versions of Dr Web Cureit and Hijack this.
DrWeb caught two trojans (Vundo and another one). Unfortunately, I was unable to copy thelogfile.
I also ran HHT and here's the latest logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:15 PM, on 7/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207369913765
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 3980 bytes
|
|
| Back to top |
|
|
markamus
1st Responder
Premium Member
Joined: May 06, 2004
Posts: 1002
|
| Posted: Tue Jul 22, 2008 4:21 pm Post subject: |
|
|
Hi DanP,
We apologize for the delay. As you can see, our helpers have been quite busy. If you still need assitance, please do the following:
Using Windows Explorer
(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Navigate to your Hijackthis folder:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Right click on HijackThis.exe. Select Rename, and rename it to scanner.exe. Re-run HijackThis using scanner.exe, and post a fresh log for me to review.
Thanks,
markamus
_________________
Proud UNITE and ASAP member
|
|
| Back to top |
|
|
DanP
Corporal
Joined: Jan 24, 2008
Posts: 61
Location: Philippines
|
| Posted: Wed Jul 23, 2008 1:56 pm Post subject: |
|
|
| wrote: | Hi DanP,
We apologize for the delay. As you can see, our helpers have been quite busy. If you still need assitance, please do the following:
Using Windows Explorer
(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Navigate to your Hijackthis folder:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Right click on HijackThis.exe. Select Rename, and rename it to scanner.exe. Re-run HijackThis using scanner.exe, and post a fresh log for me to review.
Thanks,
markamus |
Hi markamus,
No need for apologies, as I am only grateful that my case moved up a notch. I understand the delay, as I've seen a deluge of help requests over the past few weeks.
Eversince my last post, I had the occasional need to be online. I can't remember how many times I've done this, but I've always downloaded DrWeb Cureit and ran it (with fix option) before proceeding to use the PC online. A few bugs were reportedly fixed, but I failed to save any log.
I've used Eset about 4 days ago, but no bug was reportedly found.
I'm now able to update my NAV and Spybot and seem to be able to access the net freely without a hint of those nagging malware.
I'm not sure if my PC is now bug-free, though. So, I guess, should I modify my request to that of confirming that my PC is clean?
Here's the latest HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:45 PM, on 7/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\General User.DUALCORE.000\Desktop\scanner.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207369913765
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 4751 bytes
|
|
| Back to top |
|
|
markamus
1st Responder
Premium Member
Joined: May 06, 2004
Posts: 1002
|
| Posted: Wed Jul 23, 2008 2:13 pm Post subject: |
|
|
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
Thanks,
markamus
_________________
Proud UNITE and ASAP member
|
|
| Back to top |
|
|
DanP
Corporal
Joined: Jan 24, 2008
Posts: 61
Location: Philippines
|
| Posted: Fri Jul 25, 2008 7:11 am Post subject: |
|
|
Markamus, here is the main.txt log:
Deckard's System Scanner v20071014.68
Run by General User on 2008-07-24 20:08:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-07-24 12:08:33 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as General User.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:00 PM, on 7/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\General User.DUALCORE.000\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\GENERA~1.000\Desktop\General User.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207369913765
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 4782 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\GENERA~1.000\Desktop\backups\) --------
backup-20080629-100437-105 O2 - BHO: (no name) - {DBF5A6A4-A7A9-4312-B705-16EEEFE1FA25} - C:\WINDOWS\system32\nnnKbbax.dll
backup-20080629-100437-188 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080629-100437-508 O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\General User.DUALCORE.000\Application Data\Microsoft\dtsc\26655.exe
backup-20080629-100437-903 O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
backup-20080629-100438-729 O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
backup-20080629-100523-769 O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
backup-20080629-100710-115 O2 - BHO: (no name) - {DBF5A6A4-A7A9-4312-B705-16EEEFE1FA25} - C:\WINDOWS\system32\nnnKbbax.dll
backup-20080629-100727-750 O2 - BHO: (no name) - {DBF5A6A4-A7A9-4312-B705-16EEEFE1FA25} - C:\WINDOWS\system32\nnnKbbax.dll
backup-20080629-102153-332 O2 - BHO: (no name) - {A80C5BD1-660C-41B1-A2B5-5D359BF1A674} - C:\WINDOWS\system32\nnnKbbax.dll
backup-20080629-102153-777 O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
backup-20080629-102153-934 O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\General User.DUALCORE.000\Application Data\Microsoft\dtsc\26655.exe
backup-20080629-113434-201 O2 - BHO: (no name) - {A80C5BD1-660C-41B1-A2B5-5D359BF1A674} - C:\WINDOWS\system32\nnnKbbax.dll
backup-20080629-113442-837 O2 - BHO: (no name) - {A80C5BD1-660C-41B1-A2B5-5D359BF1A674} - C:\WINDOWS\system32\nnnKbbax.dll
backup-20080629-113617-393 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20080629-113617-498 O2 - BHO: (no name) - {A80C5BD1-660C-41B1-A2B5-5D359BF1A674} - C:\WINDOWS\system32\nnnKbbax.dll
backup-20080629-113617-898 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080629-113617-956 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080629-113618-435 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
backup-20080629-113708-136 O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
backup-20080629-113708-467 O2 - BHO: (no name) - {A80C5BD1-660C-41B1-A2B5-5D359BF1A674} - C:\WINDOWS\system32\nnnKbbax.dll
backup-20080629-113708-687 O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
backup-20080629-113826-593 O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
backup-20080629-113826-856 O2 - BHO: (no name) - {A80C5BD1-660C-41B1-A2B5-5D359BF1A674} - C:\WINDOWS\system32\nnnKbbax.dll
backup-20080629-113906-518 O4 - HKUS\S-1-5-18\..\Run: [IEUpdate] C:\WINDOWS\system32\adsldpo.exe (User 'SYSTEM')
backup-20080629-113906-679 O4 - HKUS\.DEFAULT\..\Run: [IEUpdate] C:\WINDOWS\system32\adsldpo.exe (User 'Default user')
backup-20080629-113906-760 O4 - HKUS\S-1-5-18\..\RunServices: [IEUpdate] C:\WINDOWS\system32\adsldpo.exe (User 'SYSTEM')
backup-20080629-114610-128 O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
backup-20080629-114610-588 O2 - BHO: (no name) - {CE5418C1-7562-4FF5-AF17-D2097C25B2B9} - C:\WINDOWS\system32\nnnKbbax.dll
backup-20080629-215515-753 O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 GMSIPCI - g:\install\gmsipci.sys (file missing)
S3 MSICPL - g:\install4\msicpl.sys (file missing)
S3 NTACCESS - g:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - g:\ntglm7x.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\444.471 service (file missing)
S3 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S3 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 PlugPlayRPC (Plug and Play (RPC)) - c:\windows\portsv.exe service (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-24 07:09:52 362 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
-- Files created between 2008-06-24 and 2008-07-24 -----------------------------
2008-07-22 23:42:08 0 d-------- C:\Program Files\HP
2008-07-20 16:16:10 1039 -----n--- C:\WINDOWS\hpomdl15.dat
2008-07-20 16:16:10 139561 --a------ C:\WINDOWS\hpoins15.dat
2008-07-20 15:40:41 0 d-------- C:\Program Files\ColorVision
2008-07-20 13:40:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-07-20 12:53:44 0 d-------- C:\Documents and Settings\General User.DUALCORE.000\Application Data\HP
2008-07-20 11:51:13 0 d-------- C:\Documents and Settings\General User.DUALCORE.000\Application Data\Image Zone Express
2008-07-13 18:39:01 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-13 16:32:46 262144 --a------ C:\Documents and Settings\All Users.WINDOWS\ntuser.dat
2008-07-13 16:32:45 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2008-07-13 16:02:06 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
2008-07-13 16:00:54 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hewlett-Packard
2008-07-12 23:03:27 0 d-------- C:\Documents and Settings\General User.DUALCORE.000\Application Data\HouseCall 6.6
2008-07-12 20:10:38 0 d-------- C:\WINDOWS\BDOSCAN8
2008-07-01 20:23:44 0 d-------- C:\Documents and Settings\Jake\Application Data\WinPatrol
2008-06-29 21:37:08 0 d-------- C:\Program Files\VS Revo Group
2008-06-29 12:32:49 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-29 10:10:28 1723 --a------ C:\WINDOWS\system32\clbinit.dll
2008-06-28 19:12:09 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-28 09:40:19 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-28 00:08:37 0 d--hs---- C:\WINDOWS\CSC
2008-06-27 23:52:54 0 d-------- C:\WINDOWS\system32\2449
2008-06-27 22:48:51 0 d-------- C:\WINDOWS\system32\netrax06
2008-06-27 22:48:28 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Macromedia
2008-06-27 22:48:25 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Adobe
2008-06-27 22:48:13 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Favorites
2008-06-27 22:47:43 0 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLbx.DAT
2008-06-27 21:56:55 0 d-------- C:\Documents and Settings\General User.DUALCORE.000\Application Data\DNA
-- Find3M Report ---------------------------------------------------------------
2008-07-20 11:16:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-20 11:15:06 0 d-------- C:\Program Files\vp5e
2008-07-20 11:15:06 0 d-------- C:\Program Files\Messenger
2008-07-20 11:15:06 0 d-------- C:\Program Files\hp deskjet 840c series
2008-07-19 15:12:18 0 d-------- C:\Program Files\Nikon
2008-07-18 19:47:10 0 d-------- C:\Documents and Settings\General User.DUALCORE.000\Application Data\Nikon
2008-07-18 19:47:07 0 d-------- C:\Program Files\Common Files\Nikon
2008-07-18 19:05:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-13 21:43:06 0 d-------- C:\Program Files\PhotoScape
2008-07-13 13:45:27 0 d-------- C:\Program Files\Panda Security
2008-07-12 20:33:23 0 d-------- C:\Program Files\Common Files
2008-07-12 20:33:19 0 d-------- C:\Program Files\Lavasoft
2008-07-07 22:14:53 0 d-------- C:\Program Files\Trend Micro
2008-06-29 22:20:21 0 d-------- C:\Program Files\Yahoo!
2008-06-17 20:38:55 0 d-------- C:\Documents and Settings\General User.DUALCORE.000\Application Data\Mozilla
2008-06-17 20:19:24 0 d-------- C:\Program Files\PicLensIE
2008-06-06 21:00:31 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-05 19:46:31 0 d-------- C:\Program Files\Norton AntiVirus
2008-06-05 19:34:28 0 d-------- C:\Program Files\Symantec
2008-06-05 19:33:53 0 d-------- C:\Program Files\SymNetDrv
2008-06-01 23:31:29 0 d-------- C:\Documents and Settings\General User.DUALCORE.000\Application Data\Adobe
2008-05-30 19:37:15 0 d-------- C:\Program Files\Norton Security Scan
2008-05-29 20:27:08 0 d-------- C:\Program Files\Neat Image
2008-05-26 23:45:18 0 d-------- C:\Program Files\SpywareBlaster
2008-05-01 22:05:20 40960 --a------ C:\WINDOWS\system32\RBShell400.dll
2008-05-01 22:05:20 73728 --a------ C:\WINDOWS\system32\RBRegEx350.dll
2008-05-01 22:05:20 61952 --a------ C:\WINDOWS\system32\rbap350.dll
2008-05-01 22:05:20 28160 --a------ C:\WINDOWS\system32\MBSRegPlugin.DLL
2008-05-01 22:05:20 37888 --a------ C:\WINDOWS\system32\MBSRegistryPlugin.DLL
2008-05-01 22:05:20 41472 --a------ C:\WINDOWS\system32\MBSPlugin.DLL
2008-05-01 22:05:20 31744 --a------ C:\WINDOWS\system32\MBSMacTTPlugin.DLL
2008-05-01 22:05:20 35328 --a------ C:\WINDOWS\system32\MBSFolderPlugin.DLL
2008-05-01 22:05:20 67072 --a------ C:\WINDOWS\system32\LP0310.dll
2008-05-01 22:05:20 28160 --a------ C:\WINDOWS\system32\LP0301ResFork.dll
2008-05-01 22:05:20 27648 --a------ C:\WINDOWS\system32\LP0301LinkFile.dll
2008-05-01 22:05:20 29184 --a------ C:\WINDOWS\system32\LP0301Gestalt.dll
2008-05-01 12:31:45 1773568 --a------ C:\WINDOWS\system32\msgdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-01 01:10:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-30 04:16:21 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-30 04:09:49 88 -rahs---- C:\WINDOWS\system32\3C1AC67B20.sys
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [04/26/2008 01:31 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 05:32 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 08:12 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnKbbax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-07-24 20:16:43 ------------
|
|
| Back to top |
|
|
DanP
Corporal
Joined: Jan 24, 2008
Posts: 61
Location: Philippines
|
| Posted: Fri Jul 25, 2008 7:14 am Post subject: |
|
|
And here's the extra.txt log:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Percentage of Memory in Use: 18%
Physical Memory (total/avail): 2047.36 MiB / 1659.6 MiB
Pagefile Memory (total/avail): 3941.28 MiB / 3682.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1943.8 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 76.22 GiB total, 37.95 GiB free.
D: is Fixed (NTFS) - 118.74 GiB total, 9.96 GiB free.
E: is Fixed (NTFS) - 0.11 GiB total, 0.1 GiB free.
F: is Fixed (NTFS) - 114.14 GiB total, 1.51 GiB free.
G: is CDROM (No Media)
\\.\PHYSICALDRIVE1 - Maxtor 6Y080L0 - 76.33 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 76.22 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 109.82 MiB - E:
\\.\PHYSICALDRIVE0 - ST3250310AS - 232.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 118.74 GiB - D:
\PARTITION1 - Extended w/Extended Int 13 - 114.14 GiB - F:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\General User.DUALCORE.000\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DUALCORE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\General User.DUALCORE.000
LOGONSERVER=\\DUALCORE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GENERA~1.000\LOCALS~1\Temp
TMP=C:\DOCUME~1\GENERA~1.000\LOCALS~1\Temp
USERDOMAIN=DUALCORE
USERNAME=General User
USERPROFILE=C:\Documents and Settings\General User.DUALCORE.000
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
General User.DUALCORE.000 (admin)
Dave & Paola (admin)
Jake (admin)
Oliver.DUALCORE (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs --> MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6e6f
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Capture NX --> C:\Program Files\Nikon\Capture NX1dot3\uninstall.exe
Catalyst Control Center - Branding --> MsiExec.exe /I{65C49E8C-2F21-4A3E-9399-EE18B7833F65}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"
Currency Converter 2 --> "C:\Program Files\Currency Converter 2\unins000.exe"
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
FastStone Image Viewer 3.5 --> C:\Program Files\FastStone Image Viewer\uninst.exe
Flock 1.1 --> C:\Program Files\Flock\uninst.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\General User.DUALCORE.000\Application Data\HouseCall 6.6\uninstaller.exe"
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment, SE v1.4.2_15 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142150}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Neat Image v5.85 Pro+ --> "C:\Program Files\Neat Image\unins000.exe"
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Opanda IExif 2.3 --> "C:\Program Files\Opanda\IExif 2.3\unins000.exe"
Opanda PowerExif 1.2 Professional Trial --> "C:\Program Files\Opanda\PowerExif 1.2\unins000.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoScape --> "C:\Program Files\PhotoScape\uninstall.exe"
PicLens for Internet Explorer --> MsiExec.exe /X{82AA5D60-D11A-3EAB-A777-9007DF4721CE}
Picture Control Utility --> MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.71 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyder2PRO --> C:\WINDOWS\unvise32.exe C:\Program Files\ColorVision\Spyder2PRO\uninstal.log
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2008 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type4598 / Warning
Event Submitted/Written: 07/22/2008 11:42:12 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}', feature 'Destinations' failed during request for component '{436D7A23-36BE-11D2-ACBB-0080C7FCBB84}'
Event Record #/Type4596 / Warning
Event Submitted/Written: 07/22/2008 11:42:03 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}', feature 'Destinations' failed during request for component '{436D7A23-36BE-11D2-ACBB-0080C7FCBB84}'
Event Record #/Type4595 / Warning
Event Submitted/Written: 07/22/2008 11:42:03 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}', feature 'Destinations', component '{26B7A0B4-7051-4C8E-9723-96222086F305}' failed. The resource 'C:\Program Files\HP\Digital Imaging\Bin\hpqacdse.exe' does not exist.
Event Record #/Type4560 / Error
Event Submitted/Written: 07/20/2008 09:20:51 PM
Event ID/Source: 11316 / MsiInstaller
Event Description:
Product: Destination Component -- Error 1316. A network error occurred while attempting to read from the file: C:\WINDOWS\Installer\Destinations.msi
Event Record #/Type4558 / Error
Event Submitted/Written: 07/20/2008 09:19:55 PM
Event ID/Source: 11316 / MsiInstaller
Event Description:
Product: PS_AIO_Software -- Error 1316. A network error occurred while attempting to read from the file: C:\WINDOWS\Installer\PS_AIO_Software.msi
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type9343 / Error
Event Submitted/Written: 07/24/2008 08:15:21 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer WINXP-PRO
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9A4ED29B-0D67-4101.
The master browser is stopping or an election is being forced.
Event Record #/Type9326 / Warning
Event Submitted/Written: 07/24/2008 08:05:37 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address B29D041C4B38. The IP address being used is 169.254.201.15.
Event Record #/Type9317 / Error
Event Submitted/Written: 07/24/2008 08:05:22 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The HP CUE DeviceDiscovery Service service terminated with the following error:
%%2
Event Record #/Type9316 / Error
Event Submitted/Written: 07/24/2008 08:05:22 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Symantec Password Validation service to connect.
Event Record #/Type9315 / Warning
Event Submitted/Written: 07/24/2008 08:05:15 PM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share Gossen because the directory D:\Installers\Gossen no longer exists. Please run "net share Gossen /delete" to delete the share, or recreate the directory D:\Installers\Gossen.
-- End of Deckard's System Scanner: finished at 2008-07-24 20:16:43 ------------
|
|
| Back to top |
|
|
markamus
1st Responder
Premium Member
Joined: May 06, 2004
Posts: 1002
|
| Posted: Fri Jul 25, 2008 2:21 pm Post subject: |
|
|
Please visit this webpage for download links, and instructions for running Combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
_________________
Proud UNITE and ASAP member
|
|
| Back to top |
|
|
DanP
Corporal
Joined: Jan 24, 2008
Posts: 61
Location: Philippines
|
| Posted: Sat Jul 26, 2008 1:01 pm Post subject: |
|
|
Hi markamus, here's the combofix log:
ComboFix 08-07-25.4 - General User 2008-07-26 20:16:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1554 [GMT 8:00]
Running from: C:\Documents and Settings\General User.DUALCORE.000\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\General User.DUALCORE.000\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\General User.DUALCORE.000\Application Data\Microsoft\dtsc
C:\Documents and Settings\General User.DUALCORE.000\Application Data\Microsoft\dtsc\~bundle.DDF
C:\Documents and Settings\General User.DUALCORE.000\Application Data\Microsoft\dtsc\s
C:\Documents and Settings\General User.DUALCORE.000\Application Data\Microsoft\dtsc\Ulead VideoStudio v8.00.100.torrent
C:\Documents and Settings\General User.DUALCORE.000\Application Data\Microsoft\dtsc\Ulead VideoStudio v8.00.100.zip
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\MSINET.oca
----- BITS: Possible infected sites -----
http://ftp.hp.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CLBDRIVER
-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4
((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.
2008-07-25 20:07 . 2008-07-25 20:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-25 20:07 . 2008-07-25 20:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-24 20:08 . 2008-07-24 20:08 <DIR> d-------- C:\Deckard
2008-07-22 23:42 . 2008-07-22 23:42 <DIR> d-------- C:\Program Files\HP
2008-07-20 16:16 . 2008-07-20 16:33 139,561 --a------ C:\WINDOWS\hpoins15.dat
2008-07-20 16:16 . 2007-09-21 20:46 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-07-20 15:40 . 2008-07-20 15:41 <DIR> d-------- C:\Program Files\ColorVision
2008-07-20 13:40 . 2008-07-20 13:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-07-20 12:53 . 2008-07-20 12:53 <DIR> d-------- C:\Documents and Settings\General User.DUALCORE.000\Application Data\HP
2008-07-20 11:55 . 2008-07-20 12:46 139,680 --------- C:\WINDOWS\hpoins15.dat.temp
2008-07-20 11:55 . 2007-09-21 04:05 1,039 --------- C:\WINDOWS\hpomdl15.dat.temp
2008-07-20 11:51 . 2008-07-20 11:51 <DIR> d-------- C:\Documents and Settings\General User.DUALCORE.000\Application Data\Image Zone Express
2008-07-13 18:41 . 2008-07-13 18:42 <DIR> d-------- C:\Temp\FixEngine
2008-07-13 18:39 . 2008-07-13 18:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-13 16:02 . 2008-07-20 21:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
2008-07-13 16:00 . 2008-07-13 16:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hewlett-Packard
2008-07-13 16:00 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-07-13 13:45 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-12 23:05 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-12 23:03 . 2008-07-13 08:50 <DIR> d-------- C:\Documents and Settings\General User.DUALCORE.000\Application Data\HouseCall 6.6
2008-07-12 20:10 . 2008-07-12 20:18 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-12 20:02 . 2008-07-12 20:02 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-08 20:29 . 2008-07-08 20:29 250 --a------ C:\WINDOWS\gmer.ini
2008-07-01 20:23 . 2008-07-01 20:23 <DIR> d-------- C:\Documents and Settings\Jake\Application Data\WinPatrol
2008-06-29 21:37 . 2008-07-18 19:33 <DIR> d-------- C:\Program Files\VS Revo Group
2008-06-29 09:07 . 2008-07-20 13:40 13,646 --a------ C:\WINDOWS\system32\wpa.dbl
2008-06-28 19:12 . 2008-06-28 19:12 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-28 09:40 . 2008-06-28 09:40 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-27 23:52 . 2008-06-29 20:43 <DIR> d-------- C:\WINDOWS\system32\2449
2008-06-27 22:48 . 2008-06-27 22:48 <DIR> d-------- C:\WINDOWS\system32\netrax06
2008-06-27 22:48 . 2002-08-29 20:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-27 22:47 . 2008-06-27 22:47 0 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLbx.DAT
2008-06-27 21:56 . 2008-06-27 21:56 <DIR> d-------- C:\Documents and Settings\General User.DUALCORE.000\Application Data\DNA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 13:58 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLbz.DAT
2008-07-24 15:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-20 03:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-20 03:15 --------- d-----w C:\Program Files\vp5e
2008-07-20 03:15 --------- d-----w C:\Program Files\hp deskjet 840c series
2008-07-19 07:12 --------- d-----w C:\Program Files\Nikon
2008-07-18 11:47 --------- d-----w C:\Program Files\Common Files\Nikon
2008-07-18 11:47 --------- d-----w C:\Documents and Settings\General User.DUALCORE.000\Application Data\Nikon
2008-07-13 13:43 --------- d-----w C:\Program Files\PhotoScape
2008-07-13 05:45 --------- d-----w C:\Program Files\Panda Security
2008-07-12 12:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-07-12 12:33 --------- d-----w C:\Program Files\Lavasoft
2008-07-07 14:14 --------- d-----w C:\Program Files\Trend Micro
2008-06-29 14:20 --------- d-----w C:\Program Files\Yahoo!
2008-06-29 13:28 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-27 14:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ultima_T15
2008-06-27 14:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\EnterNHelp
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 12:19 --------- d-----w C:\Program Files\PicLensIE
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 06:54 --------- d-----w C:\Documents and Settings\Jake\Application Data\Flock
2008-06-06 13:00 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-06-05 11:46 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-05 11:34 --------- d-----w C:\Program Files\Symantec
2008-06-05 11:33 --------- d-----w C:\Program Files\SymNetDrv
2008-06-03 16:50 --------- d-----w C:\Documents and Settings\Jake\Application Data\Nikon
2008-05-30 11:37 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-29 12:27 --------- d-----w C:\Program Files\Neat Image
2008-05-26 15:45 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-13 12:21 25,216 ----a-w C:\Documents and Settings\General User.DUALCORE.000\Application Data\GDIPFONTCACHEV1.DAT
2006-03-24 05:45 2,018,570 ----a-w C:\Documents and Settings\Dave & Paola\BionicleToa_PC.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-26 01:31 333120]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-09 17:32 58984 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 08:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--------- 2008-04-26 01:31 333120 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2008-01-29 15:47 16859648 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirew | | |
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
