Tech Support Forum - View Single Post

AWSOME · 08-08-2007, 10:55 AM

Pretty good for a guy who can't spell awesome, eh?

Ok, I got the results!

ComboFix 07-08-04.3 - "X" 08/08/2007 7:25:50.2 [GMT -5:00] - NTFS
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\X\Desktop\CFScript.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINNT\system32\blqnfcmi.dll
C:\WINNT\system32\ysrhfgfd.exe

((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))

2007-08-08 07:25 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_468.dat
2007-08-08 07:14 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2cc.dat
2007-08-07 17:17 <DIR> d-------- C:\Program Files\HC
2007-08-07 08:30 <DIR> d-------- C:\DOCUME~1\X\APPLIC~1\fretsonfire
2007-08-06 14:37 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-06 11:47 4,470 --a------ C:\WINNT\system32\tmp.reg
2007-08-06 11:46 53,248 --a------ C:\WINNT\system32\Process.exe
2007-08-06 11:46 51,200 --a------ C:\WINNT\system32\dumphive.exe
2007-08-06 11:46 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-08-06 10:53 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-08-06 10:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-06 09:30 <DIR> d-------- C:\Deckard
2007-08-03 15:06 <DIR> d-------- C:\Program Files\Pinnacle Systems
2007-08-03 13:58 <DIR> d-------- C:\Program Files\SmartSound Software
2007-08-03 13:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
2007-08-03 13:19 81,920 --a------ C:\WINNT\system32\vdrmux.dll
2007-08-03 13:19 76,800 --a------ C:\WINNT\system32\Lfwmf13n.dll
2007-08-03 13:19 73,728 --a------ C:\WINNT\system32\MMAviAx.dll
2007-08-03 13:19 73,728 --a------ C:\WINNT\system32\lffax13n.dll
2007-08-03 13:19 65,536 --a------ C:\WINNT\system32\Lfpct13n.dll
2007-08-03 13:19 46,592 --a------ C:\WINNT\system32\vdrcodec.dll
2007-08-03 13:19 453,120 --a------ C:\WINNT\system32\ltkrn13n.dll
2007-08-03 13:19 44,544 --a------ C:\WINNT\system32\msxml4a.dll
2007-08-03 13:19 40,960 --a------ C:\WINNT\system32\langserv.dll
2007-08-03 13:19 393,216 --a------ C:\WINNT\system32\LFCMP13n.DLL
2007-08-03 13:19 32,768 --a------ C:\WINNT\system32\MLPagAx.dll
2007-08-03 13:19 30,208 --a------ C:\WINNT\system32\lfbmp13n.dll
2007-08-03 13:19 294,912 --a------ C:\WINNT\system32\pvmjpg21.dll
2007-08-03 13:19 278,016 --a------ C:\WINNT\system32\LFJ2K13n.dll
2007-08-03 13:19 24,576 --a------ C:\WINNT\system32\lftga13n.dll
2007-08-03 13:19 204,881 --a------ C:\WINNT\system32\DiskIO.dll
2007-08-03 13:19 18,432 --a------ C:\WINNT\system32\Cachex.dll
2007-08-03 13:19 155,721 --a------ C:\WINNT\system32\RALMain.dll
2007-08-03 13:19 153,088 --a------ C:\WINNT\system32\ltfil13n.DLL
2007-08-03 13:19 143,360 --a------ C:\WINNT\system32\lftif13n.dll
2007-08-03 13:19 114,759 --a------ C:\WINNT\system32\Aviprax.dll
2007-08-03 13:19 1,693,696 --a------ C:\WINNT\system32\LTCLR13n.dll
2007-08-03 13:12 61,440 --a------ C:\WINNT\system32\pclepim1.dll
2007-08-03 13:12 49,152 --a------ C:\WINNT\system32\PCLEGetGuid.dll
2007-08-03 13:12 406,016 --a------ C:\WINNT\system32\PSDrvCheck.exe
2007-08-03 13:12 19,456 --a------ C:\WINNT\system32\asapi.dll
2007-08-03 13:12 11,264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys
2007-08-03 10:49 125,504 --a------ C:\WINNT\system32\cdcuscnb.dll
2007-08-03 09:59 <DIR> d-------- C:\Program Files\SmartSound Software Inc
2007-08-03 08:58 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$
2007-08-02 11:18 1,110,528 --a------ C:\WINNT\system32\msxml3.dll
2007-08-02 11:16 33,340 --a------ C:\WINNT\system32\dbmsqlgc.dll
2007-08-02 11:15 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-08-02 11:11 94,208 --a--c--- C:\WINNT\system32\dllcache\odbcint.dll
2007-08-02 11:11 94,208 --a------ C:\WINNT\system32\odbcint.dll
2007-08-02 11:11 90,112 --a--c--- C:\WINNT\system32\dllcache\msjro.dll
2007-08-02 11:11 73,728 --a--c--- C:\WINNT\system32\dllcache\msdaosp.dll
2007-08-02 11:11 73,728 --a------ C:\WINNT\system32\DBnetlib.dll
2007-08-02 11:11 73,728 --a------ C:\WINNT\system32\cliconfg.dll
2007-08-02 11:11 69,632 --a--c--- C:\WINNT\system32\dllcache\oledb32r.dll
2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\odbccu32.dll
2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\odbccr32.dll
2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\msadcf.dll
2007-08-02 11:11 61,440 --a------ C:\WINNT\system32\odbccu32.dll
2007-08-02 11:11 61,440 --a------ C:\WINNT\system32\odbccr32.dll
2007-08-02 11:11 53,248 --a--c--- C:\WINNT\system32\dllcache\msadrh15.dll
2007-08-02 11:11 53,248 --a--c--- C:\WINNT\system32\dllcache\msador15.dll
2007-08-02 11:11 507,904 --a--c--- C:\WINNT\system32\dllcache\msado15.dll
2007-08-02 11:11 49,152 --a--c--- C:\WINNT\system32\dllcache\msadcs.dll
2007-08-02 11:11 442,368 --a--c--- C:\WINNT\system32\dllcache\oledb32.dll
2007-08-02 11:11 44,032 --a--c--- C:\WINNT\system32\dllcache\msxml3r.dll
2007-08-02 11:11 44,032 --a------ C:\WINNT\system32\msxml3r.dll
2007-08-02 11:11 4,656 --a--c--- C:\WINNT\system32\dllcache\ds16gt.dll
2007-08-02 11:11 4,656 --a------ C:\WINNT\system32\ds16gt.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaurl.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdasc.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaer.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaenum.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdadc.dll
2007-08-02 11:11 36,864 --a--c--- C:\WINNT\system32\dllcache\mscpxl32.dll
2007-08-02 11:11 36,864 --a------ C:\WINNT\system32\mscpxl32.dll
2007-08-02 11:11 32,768 --a--c--- C:\WINNT\system32\dllcache\odbcad32.exe
2007-08-02 11:11 32,768 --a--c--- C:\WINNT\system32\dllcache\msdfmap.dll
2007-08-02 11:11 32,768 --a------ C:\WINNT\system32\odbcad32.exe
2007-08-02 11:11 315,392 --a--c--- C:\WINNT\system32\dllcache\msadce.dll
2007-08-02 11:11 303,104 --a--c--- C:\WINNT\system32\dllcache\msdasql.dll
2007-08-02 11:11 28,672 --a------ C:\WINNT\system32\DBnmpntw.dll
2007-08-02 11:11 28,672 --a------ C:\WINNT\system32\dbmsgnet.dll
2007-08-02 11:11 26,224 --a--c--- C:\WINNT\system32\dllcache\odbc16gt.dll
2007-08-02 11:11 26,224 --a------ C:\WINNT\system32\odbc16gt.dll
2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msxactps.dll
2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msader15.dll
2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msaddsr.dll
2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsvinn.dll
2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsrpcn.dll
2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsadsn.dll
2007-08-02 11:11 225,280 --a--c--- C:\WINNT\system32\dllcache\msdaora.dll
2007-08-02 11:11 221,184 --a--c--- C:\WINNT\system32\dllcache\ODBC32.dll
2007-08-02 11:11 221,184 --a------ C:\WINNT\system32\ODBC32.dll
2007-08-02 11:11 20,480 --a--c--- C:\WINNT\system32\dllcache\msdatt.dll
2007-08-02 11:11 20,480 --a--c--- C:\WINNT\system32\dllcache\msadcer.dll
2007-08-02 11:11 20,480 --a------ C:\WINNT\system32\msorc32r.dll
2007-08-02 11:11 20,480 --a------ C:\WINNT\system32\cliconfg.exe
2007-08-02 11:11 192,512 --a--c--- C:\WINNT\system32\dllcache\msdaprst.dll
2007-08-02 11:11 188,416 --a--c--- C:\WINNT\system32\dllcache\msdaps.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

12/10/06 10:01p 271 ---h----- C:\Program Files\desktop.ini
12/10/06 10:01p 21952 ---h----- C:\Program Files\folder.htt
08/07/07 05:02p --------- d-------- C:\Program Files\Common Files\Symantec Shared
08/06/07 06:31p 504551 --a------ C:\WINNT\system32\Line Rider Theater.scr
08/03/07 12:19p --------- d-------- C:\Program Files\Pinnacle
08/03/07 01:58p --------- d--h----- C:\Program Files\InstallShield Installation Information
08/02/07 09:05p --------- d-------- C:\Program Files\Bethesda Softworks
08/02/07 06:44p --------- d-------- C:\DOCUME~1\X\APPLIC~1\CoreFTP
08/01/07 06:48p 17250 --a------ C:\WINNT\mozver.dat
07/23/07 08:30p --------- d-------- C:\Program Files\Canon
07/18/07 02:25p --------- d-------- C:\Program Files\EA GAMES
07/16/07 06:40p --------- d-------- C:\Program Files\Norton Internet Security
07/10/07 05:57p --------- d-------- C:\Program Files\WMV9_VCM
06/28/07 12:15p --------- d-------- C:\DOCUME~1\X\APPLIC~1\IBP
06/28/07 11:27p 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
06/28/07 11:27p 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe
06/28/07 11:27p --------- d-------- C:\Program Files\Illustrate
06/28/07 11:21p --------- d-------- C:\Program Files\Audacity
06/28/07 11:21p --------- d-------- C:\DOCUME~1\X\APPLIC~1\Audacity
06/28/07 10:45a --------- d-------- C:\Program Files\CamStudio
06/26/07 10:24p --------- d-------- C:\Program Files\POP Peeper
06/25/07 09:05a --------- d-------- C:\Program Files\Real
06/22/07 11:59a --------- d-------- C:\DOCUME~1\X\APPLIC~1\MSNInstaller
06/14/07 11:19a --------- d-------- C:\DOCUME~1\X\APPLIC~1\Atari
06/14/07 09:10a --------- d-------- C:\Program Files\AIM6
06/12/07 10:37a --------- d-------- C:\DOCUME~1\X\APPLIC~1\POP Peeper
06/12/07 09:23p --------- d-------- C:\DOCUME~1\X\APPLIC~1\Netscape
06/12/07 09:22p --------- d-------- C:\Program Files\Netscape
05/20/07 09:58a 65536 --a------ C:\WINNT\IFinst27.exe
05/12/07 09:22p 169 --a------ C:\WINNT\system32\EUSOFT.SYS
01/01/25 06:38p --------- d-------- C:\DOCUME~1\X\APPLIC~1\Symantec
2007-03-16 15:16:46 56 --sha-r C:\WINNT\system32\E8D8992D70.sys
2007-03-20 01:23:33 1,890 --sha-w C:\WINNT\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [08/11/06 08:43p]
"nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [08/11/06 08:43p]
"Logitech Utility"="Logi_MwX.Exe" [11/07/03 04:50a C:\WINNT\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 12:50p]
"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/16/03 05:25p]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 07:44p]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/16/03 09:15p]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 01:38p]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/01 10:11a]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/07 06:03p]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 12:59p]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/04 10:19a]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/04 10:19a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/07 11:54a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 04:00a]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/01 11:23a]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/03 11:38a]
"PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [03/10/04 04:26p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [06/02/05 05:03p]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/06 11:02p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys
R1 DVDVRRdr;DVDVRRdr;C:\WINNT\system32\drivers\DVDVRRdr.sys
R1 ppmoucls;ppmoucls;C:\WINNT\system32\DRIVERS\ppmoucls.sys
R1 pptchpad;PenPower Touchpad;C:\WINNT\system32\DRIVERS\pptchpd5.sys
R1 pwd_2k;pwd_2k;C:\WINNT\system32\drivers\pwd_2k.sys
R1 UdfReadr;UdfReadr;C:\WINNT\system32\drivers\UdfReadr.sys
R2 enodpl;enodpl;C:\WINNT\system32\drivers\enodpl.sys
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR
R2 tandpl;tandpl;C:\WINNT\system32\drivers\tandpl.sys
R3 Cap7134;TVFM 503 WDM Video Capture;C:\WINNT\system32\DRIVERS\Cap7134.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINNT\system32\drivers\cmuda.sys
R3 dvd_2K;dvd_2K;C:\WINNT\system32\drivers\dvd_2K.sys
R3 Icam4USB;Intel PC Camera Pro;C:\WINNT\system32\Drivers\Icam4USB.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINNT\system32\DRIVERS\itchfltr.sys
R3 LCcfltr;Logitech USB Filter Driver;C:\WINNT\system32\Drivers\LCcFltr.Sys
R3 mmc_2K;mmc_2K;C:\WINNT\system32\drivers\mmc_2K.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINNT\system32\drivers\msmpu401.sys
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys
R3 SaiClass;SaiClass;C:\WINNT\system32\drivers\SaiNtBus.sys
R3 SaiMini;SaiMini;C:\WINNT\system32\drivers\SaiMini.sys
S3 EagleNT;EagleNT;\??\C:\WINNT\system32\drivers\EagleNT.sys
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys
S3 NCHSSVAD;SoundTap Recorder;C:\WINNT\system32\drivers\nchssvad.sys
S3 SaiNtHid;SaiNtHid;C:\WINNT\system32\DRIVERS\SaiNtHid.sys
S3 SaiNtSub;SaiNtSub;C:\WINNT\system32\DRIVERS\SaiNtSub.sys
S3 scrcap;scrcap;C:\WINNT\system32\DRIVERS\scrcap.sys
S3 SiS630;SiS630;C:\WINNT\system32\DRIVERS\sis630p.sys
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR
S3 StillCam;Still Serial Digital Camera Driver;C:\WINNT\system32\DRIVERS\serscan.sys

Contents of the 'Scheduled Tasks' folder
2006-12-17 12:07:14 C:\WINNT\Tasks\Norton AntiVirus - Scan my computer - Stan Siu.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 07:30:52
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 08/08/2007 7:32:18
C:\ComboFix-quarantined-files.txt ... 08/08/07 07:31a
C:\ComboFix2.txt ... 08/07/07 02:40p

--- E O F ---

Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.go.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.com.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.overture.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.atwola.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\X\Cookies\X@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Cookies\X@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\X\Cookies\X@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\X\Cookies\X@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\X\Cookies\X@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\X\Cookies\X@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\X\Cookies\X@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\X\Cookies\X@mediaplex[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\X\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\nircmd.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINNT\system32\cdcuscnb.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINNT\system32\Process.exe

Deckard's System Scanner v20070804.61
Run by X on 2007-08-08 at 11:59:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as X.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:28 AM, on 8/8/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\WINNT\explorer.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Internet download\Other\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\X.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176860841987
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9547 bytes

-- Files created between 2007-07-08 and 2007-08-08 -----------------------------

2025-01-01 18:38:16 0 d-------- C:\Documents and Settings\X\Application Data\Symantec
2007-08-08 07:39:14 0 d-------- C:\WINNT\system32\ActiveScan
2007-08-08 07:25:50 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_468.dat
2007-08-08 07:14:38 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2cc.dat
2007-08-07 17:17:49 0 d-------- C:\Program Files\HC
2007-08-07 08:30:33 0 d-------- C:\Documents and Settings\X\Application Data\fretsonfire
2007-08-06 11:47:00 4470 --a------ C:\WINNT\system32\tmp.reg
2007-08-06 11:46:34 288417 --a------ C:\WINNT\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-06 11:46:34 53248 --a------ C:\WINNT\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-06 11:46:34 51200 --a------ C:\WINNT\system32\dumphive.exe
2007-08-06 11:22:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-06 10:53:37 0 d-------- C:\Program Files\Trend Micro
2007-08-03 15

14 0 d-------- C:\Program Files\Pinnacle Systems
2007-08-03 13:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-08-03 13:58:09 0 d-------- C:\Program Files\SmartSound Software
2007-08-03 13:19:36 155721 --a------ C:\WINNT\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer>
2007-08-03 13:19:36 204881 --a------ C:\WINNT\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer>
2007-08-03 13:19:35 81920 --a------ C:\WINNT\system32\vdrmux.dll <Not Verified; Pinnacle Systems; Pinnacle Systems vdrmux>
2007-08-03 13:19:35 46592 --a------ C:\WINNT\system32\vdrcodec.dll <Not Verified; Pinnacle Systems; Studio 600>
2007-08-03 13:19:35 294912 --a------ C:\WINNT\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo>
2007-08-03 13:19:34 44544 --a------ C:\WINNT\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-08-03 13:19:34 73728 --a------ C:\WINNT\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP>
2007-08-03 13:19:34 32768 --a------ C:\WINNT\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL>
2007-08-03 13:19:34 40960 --a------ C:\WINNT\system32\langserv.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO LangServ>
2007-08-03 13:19:34 18432 --a------ C:\WINNT\system32\Cachex.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL>
2007-08-03 13:19:34 114759 --a------ C:\WINNT\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP>
2007-08-03 13:12:56 11264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
2007-08-03 13:12:54 406016 --a------ C:\WINNT\system32\PSDrvCheck.exe
2007-08-03 13:12:53 19456 --a------ C:\WINNT\system32\asapi.dll <Not Verified; VoB Computersysteme GmbH; >
2007-08-03 13:12:12 61440 --a------ C:\WINNT\system32\pclepim1.dll <Not Verified; Pinnacle Systems; Microsoft Windows>
2007-08-03 13:12:09 49152 --a------ C:\WINNT\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2007-08-03 10:49:09 125504 --a------ C:\WINNT\system32\cdcuscnb.dll
2007-08-03 09:59:13 0 d-------- C:\Program Files\SmartSound Software Inc
2007-08-03 08:58:47 0 d--h---c- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$
2007-08-02 11:45:41 0 --a------ C:\WINNT\2
2007-08-02 11:42:16 18 --a------ C:\WINNT\?
2007-08-02 11:15:29 0 d-------- C:\Program Files\Microsoft SQL Server
2007-07-27 09:35:33 0 d-------- C:\Program Files\notepad2
2007-07-24 16:26:17 0 d-------- C:\Program Files\Qualcomm
2007-07-22 16:57:47 0 d-------- C:\Program Files\Virtools
2007-07-21 22:17:38 0 d-------- C:\WINNT\Simpson Backround
2007-07-18 18:38:16 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-07-18 14:36:00 595 --a------ C:\WINNT\eReg.dat
2007-07-15 23

24 0 d-------- C:\Program Files\Three Rings Design
2007-07-15 23:00:02 0 d-------- C:\Documents and Settings\X\Application Data\yoclient
2007-07-13 20:22:13 0 d-------- C:\Program Files\DivX
2007-07-12 10:01:55 83968 --a------ C:\WINNT\UnGins.exe
2007-07-11 09:19:22 0 d-------- C:\Program Files\Toolkit3
2007-07-11 08:38:47 283862 --a------ C:\WINNT\system32\smpeg.dll
2007-07-11 08:38:47 310849 --a------ C:\WINNT\system32\SDL_ttf.dll
2007-07-11 08:38:47 396903 --a------ C:\WINNT\system32\SDL_mixer.dll
2007-07-11 08:38:47 211033 --a------ C:\WINNT\system32\SDL_image.dll
2007-07-11 08:38:47 335629 --a------ C:\WINNT\system32\SDL.dll
2007-07-10 17:51:18 53248 --a------ C:\WINNT\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2007-07-10 17:51:18 356352 --a------ C:\WINNT\system32\SciLexer.dll <Not Verified; Neil Hodgson neilh@scintilla.org; Scintilla>
2007-07-10 17:51:18 352256 --a------ C:\WINNT\system32\libmng.dll
2007-07-10 17:51:18 368640 --a------ C:\WINNT\system32\js32.dll
2007-07-10 17:51:18 233472 --a------ C:\WINNT\system32\corona.dll
2007-07-10 17:51:18 618496 --a------ C:\WINNT\system32\audiere.dll <Not Verified; http://aegisknight.org/; audiere>
2007-07-10 17:17:43 0 --a------ C:\WINNT\a
2007-07-10 17:17:23 317952 -ra------ C:\WINNT\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2007-07-10 17:17:23 48640 -ra------ C:\WINNT\system32\INETWH32.DLL <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32>

-- Find3M Report ---------------------------------------------------------------

2007-08-08 10:18:14 0 d-------- C:\Program Files\QuickTime
2007-08-08 10:11:41 0 d-------- C:\Program Files\Norton Internet Security
2007-08-08 09:53:34 0 d-------- C:\Program Files\inXile entertainment
2007-08-08 09:53:33 504551 --a------ C:\WINNT\system32\Line Rider Theater.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2007-08-08 09:36:05 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-07 21:15:08 1100842 ---h----- C:\WINNT\ShellIconCache
2007-08-03 13:58:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 12:19:17 0 d-------- C:\Program Files\Pinnacle
2007-08-02 22:28:47 18 --a------ C:\WINNT\?
2007-08-02 21:05:24 0 d-------- C:\Program Files\Bethesda Softworks
2007-08-02 18:44:57 0 d-------- C:\Documents and Settings\X\Application Data\CoreFTP
2007-08-01 18:48:23 17250 --a------ C:\WINNT\mozver.dat
2007-07-25 13:34:21 0 d-------- C:\Program Files\Java
2007-07-23 20:30:27 0 d-------- C:\Program Files\Canon
2007-07-18 14:25:48 0 d-------- C:\Program Files\EA GAMES
2007-07-10 17:57:12 0 d-------- C:\Program Files\WMV9_VCM
2007-06-28 23:27:59 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-06-28 23:27:59 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe
2007-06-28 23:27:51 0 d-------- C:\Program Files\Illustrate
2007-06-28 23:21:15 0 d-------- C:\Program Files\Audacity
2007-06-28 23:21:15 0 d-------- C:\Documents and Settings\X\Application Data\Audacity
2007-06-28 12:15:32 0 d-------- C:\Documents and Settings\X\Application Data\IBP
2007-06-28 10:45:24 0 d-------- C:\Program Files\CamStudio
2007-06-26 22:24:59 0 d-------- C:\Program Files\POP Peeper
2007-06-25 09:05:58 0 d-------- C:\Program Files\Real
2007-06-22 11:59:16 0 d-------- C:\Documents and Settings\X\Application Data\MSNInstaller
2007-06-14 11:19:15 0 d-------- C:\Documents and Settings\X\Application Data\Atari
2007-06-14 09:10:52 0 d-------- C:\Program Files\AIM6
2007-06-12 21:23:26 0 d-a------ C:\Program Files\Common Files
2007-06-12 21:23:26 0 d-------- C:\Documents and Settings\X\Application Data\Netscape
2007-06-12 21:22:17 0 d-------- C:\Program Files\Netscape
2007-06-12 10:37:57 0 d-------- C:\Documents and Settings\X\Application Data\POP Peeper
2007-05-20 09:58:30 65536 --a------ C:\WINNT\IFinst27.exe
2007-05-12 21:22:33 169 --a------ C:\WINNT\system32\EUSOFT.SYS

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [08/11/06 08:43p]
"nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [08/11/06 08:43p]
"Logitech Utility"="Logi_MwX.Exe" [11/07/03 04:50a C:\WINNT\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 12:50p]
"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/16/03 05:25p]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 07:44p]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/16/03 09:15p]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 01:38p]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/01 10:11a]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/07 06:03p]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 12:59p]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/04 10:19a]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/04 10:19a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/07 11:54a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 04:00a]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/01 11:23a]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/03 11:38a]
"PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [03/10/04 04:26p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [06/02/05 05:03p]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/06 11:02p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

-- End of Deckard's System Scanner: finished at 2007-08-08 at 12:00:32 ---------

08-08-2007, 10:55 AM	#6 (permalink)
AWSOME Registered User Join Date: Oct 2006 Posts: 12 OS: Win2000	Re: Viruses and Trojans, Oh My! Pretty good for a guy who can't spell awesome, eh? Ok, I got the results! ComboFix 07-08-04.3 - "X" 08/08/2007 7:25:50.2 [GMT -5:00] - NTFS Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.True Command switches used :: C:\Documents and Settings\X\Desktop\CFScript.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINNT\system32\blqnfcmi.dll C:\WINNT\system32\ysrhfgfd.exe ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 ))))))))))))))))))))))))))))))) 2007-08-08 07:25 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_468.dat 2007-08-08 07:14 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2cc.dat 2007-08-07 17:17 <DIR> d-------- C:\Program Files\HC 2007-08-07 08:30 <DIR> d-------- C:\DOCUME~1\X\APPLIC~1\fretsonfire 2007-08-06 14:37 51,200 --a------ C:\WINNT\nircmd.exe 2007-08-06 11:47 4,470 --a------ C:\WINNT\system32\tmp.reg 2007-08-06 11:46 53,248 --a------ C:\WINNT\system32\Process.exe 2007-08-06 11:46 51,200 --a------ C:\WINNT\system32\dumphive.exe 2007-08-06 11:46 288,417 --a------ C:\WINNT\system32\SrchSTS.exe 2007-08-06 10:53 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2007-08-06 10:53 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-06 09:30 <DIR> d-------- C:\Deckard 2007-08-03 15:06 <DIR> d-------- C:\Program Files\Pinnacle Systems 2007-08-03 13:58 <DIR> d-------- C:\Program Files\SmartSound Software 2007-08-03 13:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc 2007-08-03 13:19 81,920 --a------ C:\WINNT\system32\vdrmux.dll 2007-08-03 13:19 76,800 --a------ C:\WINNT\system32\Lfwmf13n.dll 2007-08-03 13:19 73,728 --a------ C:\WINNT\system32\MMAviAx.dll 2007-08-03 13:19 73,728 --a------ C:\WINNT\system32\lffax13n.dll 2007-08-03 13:19 65,536 --a------ C:\WINNT\system32\Lfpct13n.dll 2007-08-03 13:19 46,592 --a------ C:\WINNT\system32\vdrcodec.dll 2007-08-03 13:19 453,120 --a------ C:\WINNT\system32\ltkrn13n.dll 2007-08-03 13:19 44,544 --a------ C:\WINNT\system32\msxml4a.dll 2007-08-03 13:19 40,960 --a------ C:\WINNT\system32\langserv.dll 2007-08-03 13:19 393,216 --a------ C:\WINNT\system32\LFCMP13n.DLL 2007-08-03 13:19 32,768 --a------ C:\WINNT\system32\MLPagAx.dll 2007-08-03 13:19 30,208 --a------ C:\WINNT\system32\lfbmp13n.dll 2007-08-03 13:19 294,912 --a------ C:\WINNT\system32\pvmjpg21.dll 2007-08-03 13:19 278,016 --a------ C:\WINNT\system32\LFJ2K13n.dll 2007-08-03 13:19 24,576 --a------ C:\WINNT\system32\lftga13n.dll 2007-08-03 13:19 204,881 --a------ C:\WINNT\system32\DiskIO.dll 2007-08-03 13:19 18,432 --a------ C:\WINNT\system32\Cachex.dll 2007-08-03 13:19 155,721 --a------ C:\WINNT\system32\RALMain.dll 2007-08-03 13:19 153,088 --a------ C:\WINNT\system32\ltfil13n.DLL 2007-08-03 13:19 143,360 --a------ C:\WINNT\system32\lftif13n.dll 2007-08-03 13:19 114,759 --a------ C:\WINNT\system32\Aviprax.dll 2007-08-03 13:19 1,693,696 --a------ C:\WINNT\system32\LTCLR13n.dll 2007-08-03 13:12 61,440 --a------ C:\WINNT\system32\pclepim1.dll 2007-08-03 13:12 49,152 --a------ C:\WINNT\system32\PCLEGetGuid.dll 2007-08-03 13:12 406,016 --a------ C:\WINNT\system32\PSDrvCheck.exe 2007-08-03 13:12 19,456 --a------ C:\WINNT\system32\asapi.dll 2007-08-03 13:12 11,264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys 2007-08-03 10:49 125,504 --a------ C:\WINNT\system32\cdcuscnb.dll 2007-08-03 09:59 <DIR> d-------- C:\Program Files\SmartSound Software Inc 2007-08-03 08:58 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$ 2007-08-02 11:18 1,110,528 --a------ C:\WINNT\system32\msxml3.dll 2007-08-02 11:16 33,340 --a------ C:\WINNT\system32\dbmsqlgc.dll 2007-08-02 11:15 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2007-08-02 11:11 94,208 --a--c--- C:\WINNT\system32\dllcache\odbcint.dll 2007-08-02 11:11 94,208 --a------ C:\WINNT\system32\odbcint.dll 2007-08-02 11:11 90,112 --a--c--- C:\WINNT\system32\dllcache\msjro.dll 2007-08-02 11:11 73,728 --a--c--- C:\WINNT\system32\dllcache\msdaosp.dll 2007-08-02 11:11 73,728 --a------ C:\WINNT\system32\DBnetlib.dll 2007-08-02 11:11 73,728 --a------ C:\WINNT\system32\cliconfg.dll 2007-08-02 11:11 69,632 --a--c--- C:\WINNT\system32\dllcache\oledb32r.dll 2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\odbccu32.dll 2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\odbccr32.dll 2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\msadcf.dll 2007-08-02 11:11 61,440 --a------ C:\WINNT\system32\odbccu32.dll 2007-08-02 11:11 61,440 --a------ C:\WINNT\system32\odbccr32.dll 2007-08-02 11:11 53,248 --a--c--- C:\WINNT\system32\dllcache\msadrh15.dll 2007-08-02 11:11 53,248 --a--c--- C:\WINNT\system32\dllcache\msador15.dll 2007-08-02 11:11 507,904 --a--c--- C:\WINNT\system32\dllcache\msado15.dll 2007-08-02 11:11 49,152 --a--c--- C:\WINNT\system32\dllcache\msadcs.dll 2007-08-02 11:11 442,368 --a--c--- C:\WINNT\system32\dllcache\oledb32.dll 2007-08-02 11:11 44,032 --a--c--- C:\WINNT\system32\dllcache\msxml3r.dll 2007-08-02 11:11 44,032 --a------ C:\WINNT\system32\msxml3r.dll 2007-08-02 11:11 4,656 --a--c--- C:\WINNT\system32\dllcache\ds16gt.dll 2007-08-02 11:11 4,656 --a------ C:\WINNT\system32\ds16gt.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaurl.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdasc.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaer.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaenum.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdadc.dll 2007-08-02 11:11 36,864 --a--c--- C:\WINNT\system32\dllcache\mscpxl32.dll 2007-08-02 11:11 36,864 --a------ C:\WINNT\system32\mscpxl32.dll 2007-08-02 11:11 32,768 --a--c--- C:\WINNT\system32\dllcache\odbcad32.exe 2007-08-02 11:11 32,768 --a--c--- C:\WINNT\system32\dllcache\msdfmap.dll 2007-08-02 11:11 32,768 --a------ C:\WINNT\system32\odbcad32.exe 2007-08-02 11:11 315,392 --a--c--- C:\WINNT\system32\dllcache\msadce.dll 2007-08-02 11:11 303,104 --a--c--- C:\WINNT\system32\dllcache\msdasql.dll 2007-08-02 11:11 28,672 --a------ C:\WINNT\system32\DBnmpntw.dll 2007-08-02 11:11 28,672 --a------ C:\WINNT\system32\dbmsgnet.dll 2007-08-02 11:11 26,224 --a--c--- C:\WINNT\system32\dllcache\odbc16gt.dll 2007-08-02 11:11 26,224 --a------ C:\WINNT\system32\odbc16gt.dll 2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msxactps.dll 2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msader15.dll 2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msaddsr.dll 2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsvinn.dll 2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsrpcn.dll 2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsadsn.dll 2007-08-02 11:11 225,280 --a--c--- C:\WINNT\system32\dllcache\msdaora.dll 2007-08-02 11:11 221,184 --a--c--- C:\WINNT\system32\dllcache\ODBC32.dll 2007-08-02 11:11 221,184 --a------ C:\WINNT\system32\ODBC32.dll 2007-08-02 11:11 20,480 --a--c--- C:\WINNT\system32\dllcache\msdatt.dll 2007-08-02 11:11 20,480 --a--c--- C:\WINNT\system32\dllcache\msadcer.dll 2007-08-02 11:11 20,480 --a------ C:\WINNT\system32\msorc32r.dll 2007-08-02 11:11 20,480 --a------ C:\WINNT\system32\cliconfg.exe 2007-08-02 11:11 192,512 --a--c--- C:\WINNT\system32\dllcache\msdaprst.dll 2007-08-02 11:11 188,416 --a--c--- C:\WINNT\system32\dllcache\msdaps.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 12/10/06 10:01p 271 ---h----- C:\Program Files\desktop.ini 12/10/06 10:01p 21952 ---h----- C:\Program Files\folder.htt 08/07/07 05:02p --------- d-------- C:\Program Files\Common Files\Symantec Shared 08/06/07 06:31p 504551 --a------ C:\WINNT\system32\Line Rider Theater.scr 08/03/07 12:19p --------- d-------- C:\Program Files\Pinnacle 08/03/07 01:58p --------- d--h----- C:\Program Files\InstallShield Installation Information 08/02/07 09:05p --------- d-------- C:\Program Files\Bethesda Softworks 08/02/07 06:44p --------- d-------- C:\DOCUME~1\X\APPLIC~1\CoreFTP 08/01/07 06:48p 17250 --a------ C:\WINNT\mozver.dat 07/23/07 08:30p --------- d-------- C:\Program Files\Canon 07/18/07 02:25p --------- d-------- C:\Program Files\EA GAMES 07/16/07 06:40p --------- d-------- C:\Program Files\Norton Internet Security 07/10/07 05:57p --------- d-------- C:\Program Files\WMV9_VCM 06/28/07 12:15p --------- d-------- C:\DOCUME~1\X\APPLIC~1\IBP 06/28/07 11:27p 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat 06/28/07 11:27p 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe 06/28/07 11:27p --------- d-------- C:\Program Files\Illustrate 06/28/07 11:21p --------- d-------- C:\Program Files\Audacity 06/28/07 11:21p --------- d-------- C:\DOCUME~1\X\APPLIC~1\Audacity 06/28/07 10:45a --------- d-------- C:\Program Files\CamStudio 06/26/07 10:24p --------- d-------- C:\Program Files\POP Peeper 06/25/07 09:05a --------- d-------- C:\Program Files\Real 06/22/07 11:59a --------- d-------- C:\DOCUME~1\X\APPLIC~1\MSNInstaller 06/14/07 11:19a --------- d-------- C:\DOCUME~1\X\APPLIC~1\Atari 06/14/07 09:10a --------- d-------- C:\Program Files\AIM6 06/12/07 10:37a --------- d-------- C:\DOCUME~1\X\APPLIC~1\POP Peeper 06/12/07 09:23p --------- d-------- C:\DOCUME~1\X\APPLIC~1\Netscape 06/12/07 09:22p --------- d-------- C:\Program Files\Netscape 05/20/07 09:58a 65536 --a------ C:\WINNT\IFinst27.exe 05/12/07 09:22p 169 --a------ C:\WINNT\system32\EUSOFT.SYS 01/01/25 06:38p --------- d-------- C:\DOCUME~1\X\APPLIC~1\Symantec 2007-03-16 15:16:46 56 --sha-r C:\WINNT\system32\E8D8992D70.sys 2007-03-20 01:23:33 1,890 --sha-w C:\WINNT\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [08/11/06 08:43p] "nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe] "NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [08/11/06 08:43p] "Logitech Utility"="Logi_MwX.Exe" [11/07/03 04:50a C:\WINNT\LOGI_MWX.EXE] "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 12:50p] "projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/16/03 05:25p] "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 07:44p] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/16/03 09:15p] "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 01:38p] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/01 10:11a] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/07 06:03p] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 12:59p] "Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/04 10:19a] "SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/04 10:19a] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/07 11:54a] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 04:00a] "PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/01 11:23a] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/03 11:38a] "PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [03/10/04 04:26p] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [06/02/05 05:03p] "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/06 11:02p] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys R1 DVDVRRdr;DVDVRRdr;C:\WINNT\system32\drivers\DVDVRRdr.sys R1 ppmoucls;ppmoucls;C:\WINNT\system32\DRIVERS\ppmoucls.sys R1 pptchpad;PenPower Touchpad;C:\WINNT\system32\DRIVERS\pptchpd5.sys R1 pwd_2k;pwd_2k;C:\WINNT\system32\drivers\pwd_2k.sys R1 UdfReadr;UdfReadr;C:\WINNT\system32\drivers\UdfReadr.sys R2 enodpl;enodpl;C:\WINNT\system32\drivers\enodpl.sys R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR R2 tandpl;tandpl;C:\WINNT\system32\drivers\tandpl.sys R3 Cap7134;TVFM 503 WDM Video Capture;C:\WINNT\system32\DRIVERS\Cap7134.sys R3 cmuda;C-Media WDM Audio Interface;C:\WINNT\system32\drivers\cmuda.sys R3 dvd_2K;dvd_2K;C:\WINNT\system32\drivers\dvd_2K.sys R3 Icam4USB;Intel PC Camera Pro;C:\WINNT\system32\Drivers\Icam4USB.sys R3 itchfltr;iTouch Keyboard Filter;C:\WINNT\system32\DRIVERS\itchfltr.sys R3 LCcfltr;Logitech USB Filter Driver;C:\WINNT\system32\Drivers\LCcFltr.Sys R3 mmc_2K;mmc_2K;C:\WINNT\system32\drivers\mmc_2K.sys R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINNT\system32\drivers\msmpu401.sys R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys R3 SaiClass;SaiClass;C:\WINNT\system32\drivers\SaiNtBus.sys R3 SaiMini;SaiMini;C:\WINNT\system32\drivers\SaiMini.sys S3 EagleNT;EagleNT;\??\C:\WINNT\system32\drivers\EagleNT.sys S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys S3 NCHSSVAD;SoundTap Recorder;C:\WINNT\system32\drivers\nchssvad.sys S3 SaiNtHid;SaiNtHid;C:\WINNT\system32\DRIVERS\SaiNtHid.sys S3 SaiNtSub;SaiNtSub;C:\WINNT\system32\DRIVERS\SaiNtSub.sys S3 scrcap;scrcap;C:\WINNT\system32\DRIVERS\scrcap.sys S3 SiS630;SiS630;C:\WINNT\system32\DRIVERS\sis630p.sys S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR S3 StillCam;Still Serial Digital Camera Driver;C:\WINNT\system32\DRIVERS\serscan.sys Contents of the 'Scheduled Tasks' folder 2006-12-17 12:07:14 C:\WINNT\Tasks\Norton AntiVirus - Scan my computer - Stan Siu.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-08 07:30:52 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 08/08/2007 7:32:18 C:\ComboFix-quarantined-files.txt ... 08/08/07 07:31a C:\ComboFix2.txt ... 08/07/07 02:40p --- E O F --- Incident Status Location Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.go.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.ehg-dig.hitbox.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.com.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.2o7.net/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.advertising.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.statcounter.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.overture.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.zedo.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.atwola.com/] Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.hotlog.ru/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.realmedia.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.toplist.cz/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.bravenet.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\X\Cookies\X@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Cookies\X@ad.yieldmanager[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\X\Cookies\X@ads.pointroll[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\X\Cookies\X@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\X\Cookies\X@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\X\Cookies\X@atwola[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\X\Cookies\X@doubleclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\X\Cookies\X@mediaplex[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\X\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\nircmd.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINNT\system32\cdcuscnb.dll Potentially unwanted tool:Application/Processor Not disinfected C:\WINNT\system32\Process.exe Deckard's System Scanner v20070804.61 Run by X on 2007-08-08 at 11:59:21 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as X.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:59:28 AM, on 8/8/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\svchost.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiSmart.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINPENJR\Win32\pphidpad.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\WINNT\explorer.exe C:\Program Files\Netscape\Navigator 9\navigator.exe C:\Internet download\Other\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\X.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - http://plug-in.reallusion.com/CrazyTalk4.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176860841987 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9547 bytes -- Files created between 2007-07-08 and 2007-08-08 ----------------------------- 2025-01-01 18:38:16 0 d-------- C:\Documents and Settings\X\Application Data\Symantec 2007-08-08 07:39:14 0 d-------- C:\WINNT\system32\ActiveScan 2007-08-08 07:25:50 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_468.dat 2007-08-08 07:14:38 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2cc.dat 2007-08-07 17:17:49 0 d-------- C:\Program Files\HC 2007-08-07 08:30:33 0 d-------- C:\Documents and Settings\X\Application Data\fretsonfire 2007-08-06 11:47:00 4470 --a------ C:\WINNT\system32\tmp.reg 2007-08-06 11:46:34 288417 --a------ C:\WINNT\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-08-06 11:46:34 53248 --a------ C:\WINNT\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-08-06 11:46:34 51200 --a------ C:\WINNT\system32\dumphive.exe 2007-08-06 11:22:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-08-06 10:53:37 0 d-------- C:\Program Files\Trend Micro 2007-08-03 1514 0 d-------- C:\Program Files\Pinnacle Systems 2007-08-03 13:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2007-08-03 13:58:09 0 d-------- C:\Program Files\SmartSound Software 2007-08-03 13:19:36 155721 --a------ C:\WINNT\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer> 2007-08-03 13:19:36 204881 --a------ C:\WINNT\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer> 2007-08-03 13:19:35 81920 --a------ C:\WINNT\system32\vdrmux.dll <Not Verified; Pinnacle Systems; Pinnacle Systems vdrmux> 2007-08-03 13:19:35 46592 --a------ C:\WINNT\system32\vdrcodec.dll <Not Verified; Pinnacle Systems; Studio 600> 2007-08-03 13:19:35 294912 --a------ C:\WINNT\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo> 2007-08-03 13:19:34 44544 --a------ C:\WINNT\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1> 2007-08-03 13:19:34 73728 --a------ C:\WINNT\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP> 2007-08-03 13:19:34 32768 --a------ C:\WINNT\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL> 2007-08-03 13:19:34 40960 --a------ C:\WINNT\system32\langserv.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO LangServ> 2007-08-03 13:19:34 18432 --a------ C:\WINNT\system32\Cachex.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL> 2007-08-03 13:19:34 114759 --a------ C:\WINNT\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP> 2007-08-03 13:12:56 11264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys <Not Verified; Pinnacle Systems GmbH; asapi> 2007-08-03 13:12:54 406016 --a------ C:\WINNT\system32\PSDrvCheck.exe 2007-08-03 13:12:53 19456 --a------ C:\WINNT\system32\asapi.dll <Not Verified; VoB Computersysteme GmbH; > 2007-08-03 13:12:12 61440 --a------ C:\WINNT\system32\pclepim1.dll <Not Verified; Pinnacle Systems; Microsoft Windows> 2007-08-03 13:12:09 49152 --a------ C:\WINNT\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll> 2007-08-03 10:49:09 125504 --a------ C:\WINNT\system32\cdcuscnb.dll 2007-08-03 09:59:13 0 d-------- C:\Program Files\SmartSound Software Inc 2007-08-03 08:58:47 0 d--h---c- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$ 2007-08-02 11:45:41 0 --a------ C:\WINNT\2 2007-08-02 11:42:16 18 --a------ C:\WINNT\? 2007-08-02 11:15:29 0 d-------- C:\Program Files\Microsoft SQL Server 2007-07-27 09:35:33 0 d-------- C:\Program Files\notepad2 2007-07-24 16:26:17 0 d-------- C:\Program Files\Qualcomm 2007-07-22 16:57:47 0 d-------- C:\Program Files\Virtools 2007-07-21 22:17:38 0 d-------- C:\WINNT\Simpson Backround 2007-07-18 18:38:16 0 d-------- C:\Program Files\Mozilla Thunderbird 2007-07-18 14:36:00 595 --a------ C:\WINNT\eReg.dat 2007-07-15 2324 0 d-------- C:\Program Files\Three Rings Design 2007-07-15 23:00:02 0 d-------- C:\Documents and Settings\X\Application Data\yoclient 2007-07-13 20:22:13 0 d-------- C:\Program Files\DivX 2007-07-12 10:01:55 83968 --a------ C:\WINNT\UnGins.exe 2007-07-11 09:19:22 0 d-------- C:\Program Files\Toolkit3 2007-07-11 08:38:47 283862 --a------ C:\WINNT\system32\smpeg.dll 2007-07-11 08:38:47 310849 --a------ C:\WINNT\system32\SDL_ttf.dll 2007-07-11 08:38:47 396903 --a------ C:\WINNT\system32\SDL_mixer.dll 2007-07-11 08:38:47 211033 --a------ C:\WINNT\system32\SDL_image.dll 2007-07-11 08:38:47 335629 --a------ C:\WINNT\system32\SDL.dll 2007-07-10 17:51:18 53248 --a------ C:\WINNT\system32\zlib.dll <Not Verified; ; ZLib.DLL> 2007-07-10 17:51:18 356352 --a------ C:\WINNT\system32\SciLexer.dll <Not Verified; Neil Hodgson neilh@scintilla.org; Scintilla> 2007-07-10 17:51:18 352256 --a------ C:\WINNT\system32\libmng.dll 2007-07-10 17:51:18 368640 --a------ C:\WINNT\system32\js32.dll 2007-07-10 17:51:18 233472 --a------ C:\WINNT\system32\corona.dll 2007-07-10 17:51:18 618496 --a------ C:\WINNT\system32\audiere.dll <Not Verified; http://aegisknight.org/; audiere> 2007-07-10 17:17:43 0 --a------ C:\WINNT\a 2007-07-10 17:17:23 317952 -ra------ C:\WINNT\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic> 2007-07-10 17:17:23 48640 -ra------ C:\WINNT\system32\INETWH32.DLL <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32> -- Find3M Report --------------------------------------------------------------- 2007-08-08 10:18:14 0 d-------- C:\Program Files\QuickTime 2007-08-08 10:11:41 0 d-------- C:\Program Files\Norton Internet Security 2007-08-08 09:53:34 0 d-------- C:\Program Files\inXile entertainment 2007-08-08 09:53:33 504551 --a------ C:\WINNT\system32\Line Rider Theater.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer> 2007-08-08 09:36:05 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-07 21:15:08 1100842 ---h----- C:\WINNT\ShellIconCache 2007-08-03 13:58:22 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-03 12:19:17 0 d-------- C:\Program Files\Pinnacle 2007-08-02 22:28:47 18 --a------ C:\WINNT\? 2007-08-02 21:05:24 0 d-------- C:\Program Files\Bethesda Softworks 2007-08-02 18:44:57 0 d-------- C:\Documents and Settings\X\Application Data\CoreFTP 2007-08-01 18:48:23 17250 --a------ C:\WINNT\mozver.dat 2007-07-25 13:34:21 0 d-------- C:\Program Files\Java 2007-07-23 20:30:27 0 d-------- C:\Program Files\Canon 2007-07-18 14:25:48 0 d-------- C:\Program Files\EA GAMES 2007-07-10 17:57:12 0 d-------- C:\Program Files\WMV9_VCM 2007-06-28 23:27:59 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat 2007-06-28 23:27:59 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe 2007-06-28 23:27:51 0 d-------- C:\Program Files\Illustrate 2007-06-28 23:21:15 0 d-------- C:\Program Files\Audacity 2007-06-28 23:21:15 0 d-------- C:\Documents and Settings\X\Application Data\Audacity 2007-06-28 12:15:32 0 d-------- C:\Documents and Settings\X\Application Data\IBP 2007-06-28 10:45:24 0 d-------- C:\Program Files\CamStudio 2007-06-26 22:24:59 0 d-------- C:\Program Files\POP Peeper 2007-06-25 09:05:58 0 d-------- C:\Program Files\Real 2007-06-22 11:59:16 0 d-------- C:\Documents and Settings\X\Application Data\MSNInstaller 2007-06-14 11:19:15 0 d-------- C:\Documents and Settings\X\Application Data\Atari 2007-06-14 09:10:52 0 d-------- C:\Program Files\AIM6 2007-06-12 21:23:26 0 d-a------ C:\Program Files\Common Files 2007-06-12 21:23:26 0 d-------- C:\Documents and Settings\X\Application Data\Netscape 2007-06-12 21:22:17 0 d-------- C:\Program Files\Netscape 2007-06-12 10:37:57 0 d-------- C:\Documents and Settings\X\Application Data\POP Peeper 2007-05-20 09:58:30 65536 --a------ C:\WINNT\IFinst27.exe 2007-05-12 21:22:33 169 --a------ C:\WINNT\system32\EUSOFT.SYS -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [08/11/06 08:43p] "nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe] "NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [08/11/06 08:43p] "Logitech Utility"="Logi_MwX.Exe" [11/07/03 04:50a C:\WINNT\LOGI_MWX.EXE] "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 12:50p] "projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/16/03 05:25p] "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 07:44p] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/16/03 09:15p] "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 01:38p] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/01 10:11a] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/07 06:03p] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 12:59p] "Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/04 10:19a] "SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/04 10:19a] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/07 11:54a] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 04:00a] "PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/01 11:23a] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/03 11:38a] "PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [03/10/04 04:26p] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [06/02/05 05:03p] "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/06 11:02p] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" -- End of Deckard's System Scanner: finished at 2007-08-08 at 12:00:32 ---------