Tech Support Forum - View Single Post

hangthisup · 10-09-2007, 03:01 PM

ComboFix 07-10-10.1 - jason 2007-10-10 13:46:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.468 [GMT -7:00]
Running from: C:\Documents and Settings\jason\My Documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode
C:\Documents and Settings\jason\Application Data\SystemDoctor Free
C:\Documents and Settings\jason\Application Data\SystemDoctor Free\Logs\update.log
C:\Documents and Settings\jason\Application Data\SystemDoctor Free\Logs\update.log
C:\Program Files\Common Files\SystemDoctor
C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe
C:\Program Files\Common Files\SystemDoctor\err.log
C:\Program Files\Common Files\SystemDoctor\up.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\setup.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 13:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 11:34 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-09 11:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-09 11:34 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-09 11:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-09 11:34 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Google
2007-10-09 08:54 <DIR> d-------- C:\Program Files\CCleaner
2007-10-09 08:00 <DIR> d-------- C:\Deckard
2007-10-09 05:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-09 05:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-09 05:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-09 04:52 266,240 --a------ C:\WINDOWS\bndsrsvk.dll
2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Comodo
2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-08 22:22 <DIR> d-------- C:\WINDOWS\My Games
2007-10-08 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 20:45 <DIR> d-------- C:\Program Files\Comodo
2007-10-08 20:39 <DIR> d-------- C:\Program Files\SpywareGuard
2007-10-08 20:35 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-10-08 20:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-08 18:30 4,220 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-08 18:21 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\jason\Application Data\eGames
2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eGames
2007-10-08 16:35 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-08 11:37 <DIR> d-------- C:\Program Files\SystemDefender
2007-10-08 11:30 286,720 --a------ C:\WINDOWS\bndsrvqt.dll
2007-10-07 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CWFXCEJTXG
2007-10-07 08:23 <DIR> d-------- C:\Program Files\Super Granny 3
2007-10-05 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LSFXCEJTXG
2007-10-04 19:52 7 --a------ C:\WINDOWS\system32\cpahrider.reg
2007-10-02 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JZFXCEJTXG
2007-10-01 10:23 26,008 -ra------ C:\WINDOWS\system32\drivers\RimUsb.sys
2007-10-01 10:21 26,752 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2007-10-01 10:20 <DIR> d-------- C:\Program Files\Research In Motion
2007-09-26 09:04 7 --a------ C:\WINDOWS\system32\btrasher3.reg
2007-09-26 08:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FOFXCEJTXG
2007-09-25 17:42 <DIR> d-------- C:\Program Files\Quirty Buddy
2007-09-25 15:23 <DIR> d-------- C:\Program Files\Snowy - Treasure Hunter 3
2007-09-24 16:27 <DIR> d-------- C:\Program Files\Zoo Empire
2007-09-24 15:57 <DIR> d-------- C:\Downloads
2007-09-24 14:45 <DIR> d-------- C:\Program Files\Freecell Buddy Pogo
2007-09-23 14:17 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Jane s Hotel
2007-09-22 18:11 <DIR> d-------- C:\Program Files\Cake Mania 2
2007-09-22 09:33 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-09-14 21:44 <DIR> d-------- C:\Program Files\Paradise Pet Salon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 19:59 --------- d-----w C:\Program Files\Trend Micro
2007-10-09 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-10-09 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-09 01:20 --------- d-----w C:\Program Files\Yahoo! Games
2007-10-08 23:06 --------- d-----w C:\Program Files\Oberon Media
2007-10-08 22:59 --------- d-----w C:\Program Files\Coupons
2007-10-08 22:57 --------- d-----w C:\Program Files\Smiley Arcade
2007-10-08 22:56 --------- d-----w C:\Program Files\BurgerRush_at
2007-10-08 18:39 --------- d-----w C:\Program Files\ArcticQuest2_at
2007-10-08 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-08 01:52 --------- d-----w C:\Program Files\BadgeHelp
2007-10-07 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-05 16:14 --------- d-----w C:\Documents and Settings\jason\Application Data\AweSEM
2007-10-03 04:20 30,976 ----a-w C:\WINDOWS\rascntrl.dll
2007-10-03 04:20 23,104 ----a-w C:\WINDOWS\system32\svcprmpt.dll
2007-10-03 03:06 --------- d-----w C:\Program Files\Google
2007-09-30 01:13 --------- d-----w C:\Program Files\Nick Arcade
2007-09-25 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Aliasworlds
2007-09-24 23:33 --------- d-----w C:\Program Files\SallysSalon_at
2007-09-24 23:12 --------- d-----w C:\Documents and Settings\jason\Application Data\PlayFirst
2007-09-24 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-09-20 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-14 02:44 --------- d-----w C:\Program Files\MySpace
2007-09-09 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2007-09-07 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SGFXCEJTXG
2007-09-05 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\VXFXCEJTXG
2007-09-02 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\TUFXCEJTXG
2007-08-28 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Online Entertainment
2007-08-23 04:06 --------- d-----w C:\Documents and Settings\jason\Application Data\MySpace
2007-08-22 10:54 --------- d-----w C:\Program Files\Doras Carnival 2 At the Boardwalk
2007-08-15 23:44 --------- d-----w C:\Documents and Settings\jason\Application Data\Magus
2007-08-15 15:54 --------- d-----w C:\Documents and Settings\jason\Application Data\gemsweeperextractedgfx
2007-08-13 18:34 --------- d-----w C:\Program Files\Real
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-16 19:09 28,672 ----a-w C:\WINDOWS\system32\UnInsPup.exe
2007-07-08 22:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-06-20 01:51 0 ----a-w C:\Documents and Settings\jason\Application Data\wklnhst.dat
2006-02-19 11:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05F79890-CFA6-4D53-87BC-2F390DA6645E}]
2007-10-09 03:22 266240 --a------ C:\WINDOWS\bndsrsvk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 10:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 10:57]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 10:56]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 10:56]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 20:47]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 23:07]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 15:12]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 22:36]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 03:20]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 00:27]
"PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-10 23:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-08 20:37]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-08 20:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 17:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

C:\Documents and Settings\jason\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-19 10:25:25]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;C:\WINDOWS\system32\DRIVERS\kwusbnt.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d7930d-566c-11dc-b09e-00014af7e659}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654333842770338

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-07 23:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-09 19:13:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 13:48:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 13:49:35
.
--- E O F ---

10-09-2007, 03:01 PM	#22 (permalink)
hangthisup Registered User Join Date: Oct 2007 Posts: 31 OS: xp	Re: netadv.dll ComboFix 07-10-10.1 - jason 2007-10-10 13:46:04.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.468 [GMT -7:00] Running from: C:\Documents and Settings\jason\My Documents\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\All Users\Application Data\SystemDoctor Free C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode C:\Documents and Settings\jason\Application Data\SystemDoctor Free C:\Documents and Settings\jason\Application Data\SystemDoctor Free\Logs\update.log C:\Documents and Settings\jason\Application Data\SystemDoctor Free\Logs\update.log C:\Program Files\Common Files\SystemDoctor C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe C:\Program Files\Common Files\SystemDoctor\err.log C:\Program Files\Common Files\SystemDoctor\up.dat C:\WINDOWS\dat.txt C:\WINDOWS\search_res.txt C:\WINDOWS\setup.exe . ((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 ))))))))))))))))))))))))))))))) . 2007-10-09 13:43 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-09 11:34 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-09 11:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-09 11:34 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-09 11:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-09 11:34 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation 2007-10-09 09:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Google 2007-10-09 08:54 <DIR> d-------- C:\Program Files\CCleaner 2007-10-09 08:00 <DIR> d-------- C:\Deckard 2007-10-09 05:30 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-10-09 05:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-09 05:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-09 04:52 266,240 --a------ C:\WINDOWS\bndsrsvk.dll 2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Comodo 2007-10-09 04:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2007-10-08 22:22 <DIR> d-------- C:\WINDOWS\My Games 2007-10-08 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-08 20:45 <DIR> d-------- C:\Program Files\Comodo 2007-10-08 20:39 <DIR> d-------- C:\Program Files\SpywareGuard 2007-10-08 20:35 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-10-08 20:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-10-08 18:30 4,220 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-08 18:21 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\jason\Application Data\eGames 2007-10-08 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eGames 2007-10-08 16:35 <DIR> d-------- C:\Program Files\Windows Defender 2007-10-08 11:37 <DIR> d-------- C:\Program Files\SystemDefender 2007-10-08 11:30 286,720 --a------ C:\WINDOWS\bndsrvqt.dll 2007-10-07 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CWFXCEJTXG 2007-10-07 08:23 <DIR> d-------- C:\Program Files\Super Granny 3 2007-10-05 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LSFXCEJTXG 2007-10-04 19:52 7 --a------ C:\WINDOWS\system32\cpahrider.reg 2007-10-02 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\JZFXCEJTXG 2007-10-01 10:23 26,008 -ra------ C:\WINDOWS\system32\drivers\RimUsb.sys 2007-10-01 10:21 26,752 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys 2007-10-01 10:20 <DIR> d-------- C:\Program Files\Research In Motion 2007-09-26 09:04 7 --a------ C:\WINDOWS\system32\btrasher3.reg 2007-09-26 08:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FOFXCEJTXG 2007-09-25 17:42 <DIR> d-------- C:\Program Files\Quirty Buddy 2007-09-25 15:23 <DIR> d-------- C:\Program Files\Snowy - Treasure Hunter 3 2007-09-24 16:27 <DIR> d-------- C:\Program Files\Zoo Empire 2007-09-24 15:57 <DIR> d-------- C:\Downloads 2007-09-24 14:45 <DIR> d-------- C:\Program Files\Freecell Buddy Pogo 2007-09-23 14:17 <DIR> d-------- C:\Documents and Settings\jason\Application Data\Jane s Hotel 2007-09-22 18:11 <DIR> d-------- C:\Program Files\Cake Mania 2 2007-09-22 09:33 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2007-09-14 21:44 <DIR> d-------- C:\Program Files\Paradise Pet Salon . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-09 19:59 --------- d-----w C:\Program Files\Trend Micro 2007-10-09 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity 2007-10-09 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-10-09 01:20 --------- d-----w C:\Program Files\Yahoo! Games 2007-10-08 23:06 --------- d-----w C:\Program Files\Oberon Media 2007-10-08 22:59 --------- d-----w C:\Program Files\Coupons 2007-10-08 22:57 --------- d-----w C:\Program Files\Smiley Arcade 2007-10-08 22:56 --------- d-----w C:\Program Files\BurgerRush_at 2007-10-08 18:39 --------- d-----w C:\Program Files\ArcticQuest2_at 2007-10-08 17:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-08 01:52 --------- d-----w C:\Program Files\BadgeHelp 2007-10-07 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2007-10-05 16:14 --------- d-----w C:\Documents and Settings\jason\Application Data\AweSEM 2007-10-03 04:20 30,976 ----a-w C:\WINDOWS\rascntrl.dll 2007-10-03 04:20 23,104 ----a-w C:\WINDOWS\system32\svcprmpt.dll 2007-10-03 03:06 --------- d-----w C:\Program Files\Google 2007-09-30 01:13 --------- d-----w C:\Program Files\Nick Arcade 2007-09-25 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Aliasworlds 2007-09-24 23:33 --------- d-----w C:\Program Files\SallysSalon_at 2007-09-24 23:12 --------- d-----w C:\Documents and Settings\jason\Application Data\PlayFirst 2007-09-24 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-09-20 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-09-14 02:44 --------- d-----w C:\Program Files\MySpace 2007-09-09 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Alawar Stargaze 2007-09-07 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\SGFXCEJTXG 2007-09-05 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\VXFXCEJTXG 2007-09-02 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\TUFXCEJTXG 2007-08-28 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Online Entertainment 2007-08-23 04:06 --------- d-----w C:\Documents and Settings\jason\Application Data\MySpace 2007-08-22 10:54 --------- d-----w C:\Program Files\Doras Carnival 2 At the Boardwalk 2007-08-15 23:44 --------- d-----w C:\Documents and Settings\jason\Application Data\Magus 2007-08-15 15:54 --------- d-----w C:\Documents and Settings\jason\Application Data\gemsweeperextractedgfx 2007-08-13 18:34 --------- d-----w C:\Program Files\Real 2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-16 19:09 28,672 ----a-w C:\WINDOWS\system32\UnInsPup.exe 2007-07-08 22:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-06-20 01:51 0 ----a-w C:\Documents and Settings\jason\Application Data\wklnhst.dat 2006-02-19 11:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05F79890-CFA6-4D53-87BC-2F390DA6645E}] 2007-10-09 03:22 266240 --a------ C:\WINDOWS\bndsrsvk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}] 2005-10-14 10:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 10:57] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 10:56] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 10:56] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 20:47] "RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 C:\WINDOWS\RTHDCPL.EXE] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51] "Mouse Suite 98 Daemon"="ICO.EXE" [] "VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-19 23:07] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 15:12] "VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 22:36] "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 03:20] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 00:27] "PartSeal"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41] "eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-09-10 23:40] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-08 20:37] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-10-08 20:45] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 17:22] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] C:\Documents and Settings\jason\Start Menu\Programs\Startup\ SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-19 10:25:25] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22] HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"=0 (0x0) "NoMovingBands"=0 (0x0) "NoCloseDragDropBands"=0 (0x0) "NoToolbarsOnTaskbar"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe S3 kwkpcusb;Kyocera CDMA Wireless Modem Driver for KPC;C:\WINDOWS\system32\DRIVERS\kwusbnt.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d7930d-566c-11dc-b09e-00014af7e659}] AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654333842770338 Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-10-07 23:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-10-09 19:13:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-10 13:48:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-10 13:49:35 . --- E O F ---