Hidden Rootkit Issue, Help Needed
BitDefender is reporting 4 hidden rootkits and I've tried several "removers" and have had no luck. Anyone have suggestions?
BitDefender Log File !!!!!
Product : BitDefender Internet Security 2008
Version : BitDefender UIScanner v.11
Log date : 11:19:03 30/06/2008
Log path : C:\Documents and Settings\Venture\Application Data\BitDefender\Desktop\Profiles\Logs\user_0001\1214839143_1_02.xml
Scan Paths:Path0000: C:\Documents and Settings\Venture\Application Data\Macromedia\Flash Player
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Scan engines summaryNumber of virus signatures : 1297656
Archive plugins : 42
Email plugins : 6
Scan plugins : 12
Archive plugins : 42
System plugins : 4
Unpack plugins : 7
Overall scan summaryScanned items : 709
Infected items : 0
Suspicious items : 0
Resolved items : 0
Individual viruses found : 0
Scanned directories : 44
Scanned boot sectors : 4
Scanned archives : 4
Input-output errors : 0
Scan time : 00:00:02:25
Files per second : 1
Scanned processes summaryScanned : 68
Infected : 0
Scanned registry keys summaryScanned : 466
Infected : 0
Scanned cookies summaryScanned : 0
Infected : 0
Remaining issues:Object Name Threat Name Final Status
C:\Documents and Settings\Venture\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.phonezoo.com.\settings.sol.bd.ren.bd.ren.bd.ren.bd.ren Rootkit-Hidden Items Hidden
C:\Documents and Settings\Venture\Application Data\Macromedia\Flash Player\#SharedObjects\LMUUG3AP\www.phonezoo.com.\flash.bd.ren.bd.ren.bd.ren.bd.ren\whoZoo.swf.bd.ren.bd.ren.bd.ren.bd.ren\wPos.sol.bd.ren.bd.ren.bd.ren.bd.ren Rootkit-Hidden Items Hidden
C:\Documents and Settings\Venture\Application Data\Macromedia\Flash Player\#SharedObjects\LMUUG3AP\www.phonezoo.com.\flash.bd.ren.bd.ren.bd.ren.bd.ren\whoZoo.swf.bd.ren.bd.ren.bd.ren.bd.ren Rootkit-Hidden Items Hidden
C:\Documents and Settings\Venture\Application Data\Macromedia\Flash Player\#SharedObjects\LMUUG3AP\www.phonezoo.com.\flash.bd.ren.bd.ren.bd.ren.bd.ren Rootkit-Hidden Items Hidden
Resolved issues:Object Name Threat Name Final Status
Objects that were not scanned:Object Name Reason Final Status
Comments
-
Make a log with hijackthis ( http://www.trendsecure.com/portal/en-US/to...ools/hijackthis ) and post it here for the proes to look into it.
0 -
Make a log with hijackthis ( http://www.trendsecure.com/portal/en-US/to...ools/hijackthis ) and post it here for the proes to look into it.
Thanks for any help you can provide!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:58 PM, on 7/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\Imgtask.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\Program Files\Brother\Brmfl05c\FAXRX.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06647158-359E-4D10-A8DE-E6145DA90BE9} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file)
O2 - BHO: PxToolbarHelper Class - {21276F44-27FC-440E-A99E-A72324740419} - C:\Program Files\eGrabber\eGrabber ResumeFinder 2008\PxRFToolbarHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: eGrabber - {9E7E32DD-9584-4265-B223-43AA0D6E4E8C} - C:\Program Files\eGrabber\ResumeGrabber Pro\PxInternetExplorer.dll
O3 - Toolbar: ResumeFinder - {8A2B3DEC-D8A5-4199-BB0F-1180993826FF} - C:\Program Files\eGrabber\eGrabber ResumeFinder 2008\ResumeFinder.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\System32\bgswitch.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [imgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\Brmfl05c\FAXRX.exe
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WD Anywhere Backup Launcher.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138282894203
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://careerbuilderevents.webex.com/clien...ent/ieatgpc.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Venture\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 17771 bytes0 -
Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.
At the end ComboFix will generate a log file. Save it and post it here.0 -
Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.
At the end ComboFix will generate a log file. Save it and post it here.
ComboFix 08-07-05.1 - Business 2008-07-06 10:02:53.1 - NTFSx86
Running from: C:\Documents and Settings\Venture\My Documents\Downloads\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Venture\g2mdlhlpx.exe
C:\WINDOWS\system32\BrWebIns.dll
C:\WINDOWS\system32\uninstall.exe
.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.
2008-07-05 18:15 . 2008-07-05 18:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-02 10:23 . 2008-07-02 10:23 86,792 --a------ C:\WINDOWS\system32\drivers\bdfndisf.sys.avxpnd
2008-06-30 13:55 . 2008-06-30 13:55 <DIR> d-------- C:\Program Files\Panda Security
2008-06-30 12:42 . 2008-06-30 13:35 250 --a------ C:\WINDOWS\gmer.ini
2008-06-28 15:23 . 2008-06-28 15:23 <DIR> d-------- C:\Program Files\Pakon
2008-06-23 11:24 . 2008-06-23 11:24 <DIR> d-------- C:\Program Files\Sophos
2008-06-21 10:04 . 2008-06-21 10:04 <DIR> d-------- C:\Program Files\HiddenFinder
2008-06-21 10:04 . 2006-02-23 22:03 8,576 --a------ C:\WINDOWS\system32\drivers\KProcWatch.sys
2008-06-20 20:54 . 2008-06-20 20:54 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-20 20:49 . 2008-06-20 20:49 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-06-20 20:08 . 2008-06-20 20:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-19 08:56 . 2008-06-19 08:56 <DIR> d-------- C:\Documents and Settings\Venture\Application Data\The Labyrinth Plus! Edition
2008-06-18 16:41 . 2008-06-18 16:41 <DIR> d-------- C:\Program Files\Bonjour
2008-06-18 14:48 . 2008-06-18 14:48 <DIR> d-------- C:\Program Files\PowerISO
2008-06-17 18:05 . 2008-06-17 18:05 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-17 18:05 . 2008-06-17 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-17 14:02 . 2008-06-17 14:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-06-17 13:50 . 2008-06-17 14:19 <DIR> d-------- C:\Documents and Settings\Venture\Application Data\Roxio
2008-06-17 13:34 . 2008-06-17 13:35 <DIR> d-------- C:\Program Files\InterActual
2008-06-17 13:14 . 2008-06-17 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-06-17 12:58 . 2008-06-17 13:18 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-17 12:57 . 2008-06-17 12:57 <DIR> d-------- C:\Program Files\SmartSound Software
2008-06-17 12:57 . 2008-06-17 13:19 <DIR> d-------- C:\Program Files\Roxio
2008-06-17 12:57 . 2008-06-17 13:18 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-17 12:57 . 2008-06-17 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-06-17 12:56 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-17 12:56 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-06-17 12:56 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-06-17 12:04 . 2008-06-18 15:01 <DIR> d-------- C:\Program Files\MagicISO
2008-06-17 08:51 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-17 08:51 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-17 08:51 . 2008-06-17 08:51 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-17 08:12 . 2008-06-17 08:12 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-06-17 08:09 . 2008-06-17 08:09 <DIR> d-------- C:\Documents and Settings\Venture\Application Data\Nero
2008-06-17 08:04 . 2008-06-17 08:52 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-17 08:04 . 2008-06-17 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-16 18:53 . 2008-06-16 18:57 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-16 18:53 . 2008-06-16 18:55 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-16 18:53 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-16 18:09 . 2008-06-18 15:14 <DIR> d-------- C:\Documents and Settings\Venture\Application Data\BitTorrent
2008-06-16 18:08 . 2008-06-16 18:08 <DIR> d-------- C:\Program Files\DNA
2008-06-16 18:08 . 2008-06-16 18:08 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-16 18:08 . 2008-06-17 17:12 <DIR> d-------- C:\Documents and Settings\Venture\Application Data\DNA
2008-06-10 19:55 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 19:55 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 21:20 621,392 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP
2008-06-18 22:30 27,262,976 ---ha-w C:\VIRTPART.DAT
2008-06-18 20:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-17 22:16 --------- d-----w C:\Program Files\Viewpoint
2008-06-17 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-17 21:12 --------- d-----w C:\Program Files\Canon
2008-06-17 17:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-17 17:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-17 14:39 --------- d-----w C:\Documents and Settings\Venture\Application Data\AdobeUM
2008-06-17 00:19 --------- d-----w C:\Program Files\Ahead
2008-06-16 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ResumeGrabber Pro
2008-06-13 11:05 272,128 ---h--w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-05 13:40 --------- d-----w C:\Program Files\Yahoo!
2008-05-22 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-22 20:54 --------- d-----w C:\Documents and Settings\Guest\Application Data\WD
2008-05-22 20:53 --------- d-----w C:\Documents and Settings\Guest\Application Data\BitDefender
2008-05-22 20:43 --------- d-----w C:\Documents and Settings\Yaki\Application Data\WD
2008-05-21 17:05 --------- d-----w C:\Program Files\Citrix
2008-05-16 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\MemeoCommon
2008-05-16 17:58 --------- d-----w C:\Program Files\WD
2008-05-16 17:58 --------- d-----w C:\Program Files\Common Files\eSellerate
2008-05-16 17:58 --------- d-----w C:\Documents and Settings\Venture\Application Data\WD
2008-05-16 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Memeo
2008-05-16 15:06 --------- d-----w C:\Program Files\Western Digital
2008-05-16 15:04 --------- d-----w C:\Program Files\Western Digital Technologies
2008-05-16 13:55 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-14 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-05-14 19:36 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-05-14 19:35 --------- d-----w C:\Program Files\Google
2008-05-14 19:31 --------- d-----w C:\Program Files\Common Files\Intuit
2008-05-14 19:29 --------- d-----w C:\Program Files\Intuit
2008-05-14 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\COMMON FILES
2008-05-14 19:23 --------- d-----w C:\Documents and Settings\Venture\Application Data\Download Manager
2008-05-14 19:15 --------- d-----w C:\Program Files\Akamai
2008-05-14 18:50 --------- d-----w C:\Program Files\Microsoft Small Business
2008-05-14 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\eGrabber ResumeFinder 2008
2008-05-14 15:54 --------- d-----w C:\Program Files\eGrabber
2008-05-14 14:41 --------- d-----w C:\Program Files\Microsoft Research
2008-05-08 14:02 203,136 ---ha-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ---ha-w C:\WINDOWS\system32\quartz.dll
2008-05-06 06:30 104,704 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-04-30 21:27 442,368 ---ha-w C:\WINDOWS\system32\NVUninst.exe
2008-04-23 04:16 826,368 ---ha-w C:\WINDOWS\system32\wininet.dll
2008-04-22 16:23 41,848 ----a-w C:\Documents and Settings\Venture\Application Data\GDIPFONTCACHEV1.DAT
2008-04-14 09:42 985,088 ---ha-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ---h--w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ---ha-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ---ha-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ---ha-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ---ha-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ---ha-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ---ha-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ---ha-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ---ha-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ---ha-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ---ha-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ---ha-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ---ha-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ---ha-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ---h--w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ---ha-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ---ha-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ---ha-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ---ha-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ---h--w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ---ha-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ---ha-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ---ha-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ---ha-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ---ha-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ---ha-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ---ha-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ---ha-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ---ha-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ---ha-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ---ha-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ---ha-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ---ha-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ---ha-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ---ha-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ---ha-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ---ha-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ---ha-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ---ha-w C:\WINDOWS\system32\msimsg.dll
2007-05-27 14:34 43,200 ----a-w C:\Documents and Settings\Yaki\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21276F44-27FC-440E-A99E-A72324740419}]
2007-08-18 19:40 32768 --a------ C:\Program Files\eGrabber\eGrabber ResumeFinder 2008\PxRFToolbarHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8A2B3DEC-D8A5-4199-BB0F-1180993826FF}"= "C:\Program Files\eGrabber\eGrabber ResumeFinder 2008\ResumeFinder.dll" [2008-04-18 18:13 2125824]
[HKEY_CLASSES_ROOT\clsid\{8a2b3dec-d8a5-4199-bb0f-1180993826ff}]
[HKEY_CLASSES_ROOT\KBBar.KBBarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{37686C62-D497-42E3-BAAB-78D89A74E151}]
[HKEY_CLASSES_ROOT\KBBar.KBBarBand]
C:\Documents and Settings\Venture\Start Menu\Programs\Startup\
FAXRX.lnk - C:\Program Files\Brother\Brmfl05c\FAXRX.exe [2007-07-05 18:36:51 499712]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ImageMixer HDD Camera Monitor.lnk - C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe [2007-08-23 00:30:27 2117632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-27 09:00:46 972064]
WD Anywhere Backup Launcher.lnk - C:\WINDOWS\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2008-05-16 13:59:00 9662]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 16:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I263"= i263_32.drv
"msacm.enc"= ITIG726.acm
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Update Grokster.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Update Grokster.lnk
backup=C:\WINDOWS\pss\Update Grokster.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Deep.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3Deep.lnk
backup=C:\WINDOWS\pss\3Deep.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kontiki Delivery Manager 2.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kontiki Delivery Manager 2.0.lnk
backup=C:\WINDOWS\pss\Kontiki Delivery Manager 2.0.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SonnReg.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SonnReg.lnk
backup=C:\WINDOWS\pss\SonnReg.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^True Internet Color Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\True Internet Color Icon.lnk
backup=C:\WINDOWS\pss\True Internet Color Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-29 14:55 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--ah----- 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kazaa Lite\\KazaaLite.kpp"=
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\WINDOWS\\system32\\svcnet.exe"=
"C:\\Program Files\\Warez P2P Client\\warez.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"=
"C:\\Program Files\\EA GAMES\\Command and Conquer Generals\\patchget.dat"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2002-10-10 01:31]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [2007-09-03 20:14]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 20:12]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 04:52]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 22:44]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 03:17]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-16 18:55]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2006-09-07 21:16]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S1 RapNet;RapNet;C:\WINDOWS\System32\drivers\RapNet.sys []
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-03-05 16:07]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 15:53]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 15:52]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 15:52]
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\Venture\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\System32\drivers\ASUSHWIO.sys []
S3 black;BlackICE driver, version 1.0, by Internet Security Systems, Inc.;C:\WINDOWS\System32\drivers\BlackDrv.sys []
S3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys []
S3 KProcWatch;KProcWatch;C:\WINDOWS\system32\drivers\KProcWatch.sys [2006-02-23 22:03]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\23B.tmp []
S3 nvsmbus;Service for NVIDIA nForce PCI System Management;C:\WINDOWS\system32\DRIVERS\nvsmbus.sys []
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2003-03-05 16:07]
S3 RivaTuner;RivaTuner;C:\Documents and Settings\Yaki\My Documents\PC Related\Drivers\RivaTuner\RivaTuner.sys []
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 15:53]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 15:52]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e47237f-d4c4-11db-89bf-000129f10ccd}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d275afd-b299-11dc-811b-000129f10ccd}]
\Shell\AutoRun\command - G:\Imageviewer.exe
*Newly Created Service* - 6A5EEA38
*Newly Created Service* - 716932BB
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-06 14:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-07-01 23:37:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-19 02:11:49 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
"2007-11-19 02:11:49 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
"2008-07-06 06:06:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2005-02-21 19:04:08 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-ElbyCheckElbyCDFL - C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 10:10:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\23B.tmp"
.
Completion time: 2008-07-06 10:15:06
ComboFix-quarantined-files.txt 2008-07-06 14:14:29
Pre-Run: 45,250,580,480 bytes free
Post-Run: 48,431,087,616 bytes free
346 --- E O F --- 2008-07-05 22:03:100 -
Hello HDHNTER,
Can you please download sdfix from here. Double click on it allow it to install in C:\SDFIX
Now reboot your pc into safe by pressing several times on the F8 button before the windows splash screen select safe mode press enter. Log in with your account. Now go to C:\SDFIX and double click on RunThis.bat Type y to start the cleaning process. When it finishes you will be prompted to press any key on your keyboard do that. Once you are in normal mode wait till you see finished and press again any key now you will get back on your desktop. Please post the content of Report into your next reply.
After you ran SDFix please run combofix again.
Kind regards,
Niels0 -
Hello HDHNTER,
Can you please download sdfix from here. Double click on it allow it to install in C:\SDFIX
Now reboot your pc into safe by pressing several times on the F8 button before the windows splash screen select safe mode press enter. Log in with your account. Now go to C:\SDFIX and double click on RunThis.bat Type y to start the cleaning process. When it finishes you will be prompted to press any key on your keyboard do that. Once you are in normal mode wait till you see finished and press again any key now you will get back on your desktop. Please post the content of Report into your next reply.
After you ran SDFix please run combofix again.
Kind regards,
Niels
Thanks for your help, the problem persist. I was unable to located a log file for SDFix, posting the new new log file for combofix:
ComboFix 08-07-31.01 - Business 2008-07-31 14:43:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1295 [GMT -4:00]
Running from: C:\Documents and Settings\Venture\My Documents\Downloads\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Venture\Application Data\macromedia\Flash Player\#SharedObjects\LMUUG3AP\interclick.com
C:\Documents and Settings\Venture\Application Data\macromedia\Flash Player\#SharedObjects\LMUUG3AP\interclick.com\ud.sol
C:\Documents and Settings\Venture\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Venture\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
F:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.
2008-07-31 14:11 . 2008-07-31 14:11 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-07-31 14:07 . 2008-07-31 14:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-31 14:02 . 2008-07-31 14:02 <DIR> d-------- C:\SDFIX
2008-07-29 20:11 . 2008-07-29 20:11 <DIR> d-------- C:\Program Files\iTunes
2008-07-29 20:11 . 2008-07-29 20:11 <DIR> d-------- C:\Program Files\iPod
2008-07-22 13:37 . 2008-07-22 13:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-22 13:37 . 2008-07-22 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-22 13:05 . 2008-07-22 13:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-22 13:05 . 2008-07-22 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-22 11:40 . 2008-07-24 12:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-22 11:40 . 2008-07-22 11:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-15 20:21 . 2008-07-15 20:22 <DIR> d-------- C:\Program Files\Safari
2008-07-09 18:04 . 2008-07-09 18:04 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-06 10:26 . 2008-07-31 14:58 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-05 18:15 . 2008-07-05 18:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-30 13:55 . 2008-06-30 13:55 <DIR> d-------- C:\Program Files\Panda Security
2008-06-30 12:42 . 2008-06-30 13:35 250 --a------ C:\WINDOWS\gmer.ini
2008-06-28 15:23 . 2008-06-28 15:23 <DIR> d-------- C:\Program Files\Pakon
2008-06-23 11:24 . 2008-06-23 11:24 <DIR> d-------- C:\Program Files\Sophos
2008-06-21 10:04 . 2008-06-21 10:04 <DIR> d-------- C:\Program Files\HiddenFinder
2008-06-21 10:04 . 2006-02-23 22:03 8,576 --a------ C:\WINDOWS\system32\drivers\KProcWatch.sys
2008-06-20 20:54 . 2008-06-20 20:54 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-20 20:49 . 2008-06-20 20:49 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-06-20 20:08 . 2008-06-20 20:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 13:46 . 2008-06-20 13:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 13:46 . 2008-06-20 13:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 07:51 . 2008-06-20 07:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 07:40 . 2008-06-20 07:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 07:08 . 2008-06-20 07:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 08:56 . 2008-06-19 08:56 <DIR> d-------- C:\Documents and Settings\Venture\Application Data\The Labyrinth Plus! Edition
2008-06-18 16:41 . 2008-07-29 20:10 <DIR> d-------- C:\Program Files\Bonjour
2008-06-18 14:48 . 2008-06-18 14:48 <DIR> d-------- C:\Program Files\PowerISO
2008-06-17 18:05 . 2008-06-17 18:05 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-17 18:05 . 2008-06-17 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-17 14:02 . 2008-06-17 14:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-06-17 13:50 . 2008-06-17 14:19 <DIR> d-------- C:\Documents and Settings\Venture\Application Data\Roxio
2008-06-17 13:34 . 2008-06-17 13:35 <DIR> d-------- C:\Program Files\InterActual
2008-06-17 13:14 . 2008-06-17 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-06-17 12:58 . 2008-06-17 13:18 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-17 12:57 . 2008-06-17 12:57 <DIR> d-------- C:\Program Files\SmartSound Software
2008-06-17 12:57 . 2008-06-17 13:19 <DIR> d-------- C:\Program Files\Roxio
2008-06-17 12:57 . 2008-06-17 13:18 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-17 12:57 . 2008-06-17 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-06-17 12:56 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-17 12:56 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-06-17 12:56 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-06-17 12:04 . 2008-06-18 15:01 <DIR> d-------- C:\Program Files\MagicISO
2008-06-17 08:51 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-17 08:51 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-17 08:51 . 2008-06-17 08:51 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-17 08:12 . 2008-06-17 08:12 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-06-17 08:09 . 2008-06-17 08:09 <DIR> d-------- C:\Documents and Settings\Venture\Application Data\Nero
2008-06-17 08:04 . 2008-06-17 08:52 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-17 08:04 . 2008-06-17 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-16 18:53 . 2008-07-22 14:21 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-16 18:53 . 2008-07-08 08:08 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-16 18:53 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-16 18:09 . 2008-06-18 15:14 <DIR> d-------- C:\Documents and Settings\Venture\Application Data\BitTorrent
2008-06-16 18:08 . 2008-06-16 18:08 <DIR> d-------- C:\Program Files\DNA
2008-06-16 18:08 . 2008-06-16 18:08 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-16 18:08 . 2008-06-17 17:12 <DIR> d-------- C:\Documents and Settings\Venture\Application Data\DNA
2008-06-10 19:55 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 19:55 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-05 09:43 . 2008-06-05 09:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 00:09 --------- d-----w C:\Program Files\QuickTime
2008-07-23 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\eGrabber ResumeFinder 2008
2008-07-22 20:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-22 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\ResumeGrabber Pro
2008-07-22 17:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-16 17:21 --------- d-----w C:\Documents and Settings\Venture\Application Data\Apple Computer
2008-07-15 20:20 621,392 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP
2008-07-11 22:51 27,262,976 ---ha-w C:\VIRTPART.DAT
2008-07-10 16:04 59,584 ----a-w C:\Documents and Settings\Venture\Application Data\GDIPFONTCACHEV1.DAT
2008-07-02 14:23 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-06-20 17:46 245,248 ---ha-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ---ha-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ---ha-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ---ha-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 20:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-17 22:16 --------- d-----w C:\Program Files\Viewpoint
2008-06-17 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-17 21:12 --------- d-----w C:\Program Files\Canon
2008-06-17 17:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-17 17:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-06-17 14:39 --------- d-----w C:\Documents and Settings\Venture\Application Data\AdobeUM
2008-06-17 00:19 --------- d-----w C:\Program Files\Ahead
2008-06-13 11:05 272,128 ---h--w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 13:40 --------- d-----w C:\Program Files\Yahoo!
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ---ha-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ---ha-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ---ha-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ---ha-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ---ha-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ---ha-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ---ha-w C:\WINDOWS\system32\quartz.dll
2008-04-30 21:27 442,368 ---ha-w C:\WINDOWS\system32\NVUninst.exe
2008-04-23 04:16 826,368 ---ha-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ---ha-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ---h--w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ---ha-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ---ha-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ---ha-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ---ha-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ---ha-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ---ha-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ---ha-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ---ha-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ---ha-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ---ha-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ---ha-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ---ha-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ---ha-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ---h--w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ---ha-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ---ha-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ---ha-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ---ha-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ---h--w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ---ha-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ---ha-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ---ha-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ---ha-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ---ha-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ---ha-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ---ha-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ---ha-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ---ha-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ---ha-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ---ha-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ---ha-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ---ha-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ---ha-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ---ha-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ---ha-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ---ha-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ---ha-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ---ha-w C:\WINDOWS\system32\msimsg.dll
2007-05-27 14:34 43,200 ----a-w C:\Documents and Settings\Yaki\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-07-06_10.13.25.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-10 17:01:06 160,488 ----a-w C:\WINDOWS\Downloaded Program Files\contactx.dll
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-07-30 16:50:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-31 18:07:10 9,093,120 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-07-31 18:07:10 249,856 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-07-30 16:50:58 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-31 18:07:07 9,093,120 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-07-31 18:07:07 249,856 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2006-10-27 01:55:38 138,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119310000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 20:16:36 46,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119310000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2008-07-30 00:10:30 86,016 ----a-r C:\WINDOWS\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe
- 2008-05-14 22:04:52 20,240 ---ha-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-22 20:19:17 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-14 22:04:52 217,864 ---ha-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-22 20:19:17 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-14 22:04:52 18,704 ---ha-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-22 20:19:17 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-14 22:04:52 35,088 ---ha-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-22 20:19:17 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-14 22:04:52 845,584 ---ha-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-07-22 20:19:17 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-14 22:04:52 888,080 ---ha-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-22 20:19:17 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-14 22:04:51 1,172,240 ---ha-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-22 20:19:17 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-16 00:22:26 307,200 ----a-r C:\WINDOWS\Installer\{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}\SafariIco.exe
+ 2008-07-30 00:11:33 102,400 ----a-r C:\WINDOWS\Installer\{EF6C4600-306D-4F6A-A119-C2A877D25B4A}\iTunesIco.exe
+ 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2008-05-09 10:53:39 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-05-09 10:53:39 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53:40 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll
- 2006-02-28 16:41:34 61,440 ----a-w C:\WINDOWS\system32\dns-sd.exe
+ 2007-07-24 19:17:08 81,920 ----a-w C:\WINDOWS\system32\dns-sd.exe
- 2008-04-14 00:11:52 147,968 ---ha-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:46:57 147,968 ---ha-w C:\WINDOWS\system32\dnsapi.dll
- 2006-02-28 16:41:22 53,248 ----a-w C:\WINDOWS\system32\dnssd.dll
+ 2007-07-24 19:17:08 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
+ 2008-04-29 15:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
+ 2008-04-29 15:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
+ 2008-04-29 15:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2008-07-10 13:35:22 32,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_97B931EF204A3188AFFD15A9A5337268E8B6F312\usbaapl.sys
- 2008-06-30 21:51:50 213,788 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-31 18:53:56 213,788 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2008-04-14 00:11:56 512,000 ---ha-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ---ha-w C:\WINDOWS\system32\jscript.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-07-25 17:16:34 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-07-31 18:49:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_688.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
C:\Documents and Settings\Venture\Start Menu\Programs\Startup\
FAXRX.lnk - C:\Program Files\Brother\Brmfl05c\FAXRX.exe [2007-07-05 18:36:51 499712]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WD Anywhere Backup Launcher.lnk - C:\WINDOWS\Installer\{649C4B1A-6A76-499A-9AEC-0C9530FA7D2C}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2008-05-16 13:59:00 9662]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 16:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I263"= i263_32.drv
"msacm.enc"= ITIG726.acm
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Update Grokster.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Update Grokster.lnk
backup=C:\WINDOWS\pss\Update Grokster.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Deep.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3Deep.lnk
backup=C:\WINDOWS\pss\3Deep.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kontiki Delivery Manager 2.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kontiki Delivery Manager 2.0.lnk
backup=C:\WINDOWS\pss\Kontiki Delivery Manager 2.0.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SonnReg.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SonnReg.lnk
backup=C:\WINDOWS\pss\SonnReg.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^True Internet Color Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\True Internet Color Icon.lnk
backup=C:\WINDOWS\pss\True Internet Color Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-29 14:55 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--ah----- 2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe"
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"CoolSwitch"=C:\WINDOWS\System32\taskswitch.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2002-10-10 01:31]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 15:11]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [2007-09-03 20:14]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 20:12]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 04:52]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-02 10:23]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 22:44]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 03:17]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2006-09-07 21:16]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S1 RapNet;RapNet;C:\WINDOWS\System32\drivers\RapNet.sys []
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2003-03-05 16:07]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 15:53]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 15:52]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 15:52]
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\Venture\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 ASUSHWIO;ASUSHWIO;C:\WINDOWS\System32\drivers\ASUSHWIO.sys []
S3 black;BlackICE driver, version 1.0, by Internet Security Systems, Inc.;C:\WINDOWS\System32\drivers\BlackDrv.sys []
S3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys []
S3 KProcWatch;KProcWatch;C:\WINDOWS\system32\drivers\KProcWatch.sys [2006-02-23 22:03]
S3 nvsmbus;Service for NVIDIA nForce PCI System Management;C:\WINDOWS\system32\DRIVERS\nvsmbus.sys []
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2003-03-05 16:07]
S3 RivaTuner;RivaTuner;C:\Documents and Settings\Yaki\My Documents\PC Related\Drivers\RivaTuner\RivaTuner.sys []
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 15:53]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 15:52]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-08 08:08]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e47237f-d4c4-11db-89bf-000129f10ccd}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d275afd-b299-11dc-811b-000129f10ccd}]
\Shell\AutoRun\command - G:\Imageviewer.exe
.
Contents of the 'Scheduled Tasks' folder
2008-07-31 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
2008-07-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2007-11-19 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-21 21:08]
2008-07-31 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2005-02-21 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 13:24]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Venture\Application Data\Mozilla\Firefox\Profiles\o1wrthf4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig?hl=en
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 14:51:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\Imgtask.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
.
**************************************************************************
.
Completion time: 2008-07-31 15:05:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 19:05:03
ComboFix2.txt 2008-07-06 14:15:07
Pre-Run: 47,355,617,280 bytes free
Post-Run: 47,225,610,240 bytes free
431 --- E O F --- 2008-07-30 22:00:510 -
BitDefender Log File !!!!!
Product : BitDefender Internet Security 2008
Version : BitDefender UIScanner v.11
Log date : 15:31:56 31/07/2008
Log path : C:\Documents and Settings\Venture\Application Data\BitDefender\Desktop\Profiles\Logs\user_0001\1217532716_1_02.xml
Scan Paths:Path0000: C:\Documents and Settings\Venture\Application Data\Macromedia\Flash Player
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Scan engines summaryNumber of virus signatures : 1411482
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
Archive plugins : 43
System plugins : 4
Unpack plugins : 7
Overall scan summaryScanned items : 745
Infected items : 0
Suspicious items : 0
Resolved items : 0
Individual viruses found : 0
Scanned directories : 121
Scanned boot sectors : 4
Scanned archives : 4
Input-output errors : 0
Scan time : 00:00:01:07
Files per second : 3
Scanned processes summaryScanned : 64
Infected : 0
Scanned registry keys summaryScanned : 466
Infected : 0
Scanned cookies summaryScanned : 0
Infected : 0
Remaining issues:Object Name Threat Name Final Status
C:\Documents and Settings\Venture\Application Data\Macromedia\Flash Player\#SharedObjects\LMUUG3AP\www.phonezoo.com.\flash.bd.ren.bd.ren.bd.ren.bd.ren.bd.ren.bd.ren\whoZoo.swf.bd.ren.bd.ren.bd.ren.bd.ren.bd.ren.bd.ren Rootkit-Hidden Items Hidden
C:\Documents and Settings\Venture\Application Data\Macromedia\Flash Player\#SharedObjects\LMUUG3AP\www.phonezoo.com.\flash.bd.ren.bd.ren.bd.ren.bd.ren.bd.ren.bd.ren Rootkit-Hidden Items Hidden
Resolved issues:Object Name Threat Name Final Status
Objects that were not scanned:Object Name Reason Final Status0
