Ok
Sorry about delay, work day, sort of, here
I have redone all the gmer scans one by one and these are the true results.
Kept getting messages re: "gmer has found no system modifications" as I went through each scan.
Have attached the combofix file and the HJT log (Was run as sgc.exe) with the gmer results: ISR.exe is part of FDISR from Raxco.
HJT:
Logfile of HijackThis v1.99.1
Scan saved at 5:51:22 PM, on 22/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\NSClean\BOClean\BOCORE.exe
C:\WINDOWS\System32\GEARSec.exe
C:\$ISR\0\ISRService.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\$ISR\$APP\ISRMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\NSClean\BOClean\BOC421.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\NOTEPAD.EXE
C:\hijackthis\sgc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = (value not set)
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GW Port Controller] "C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [Easy-PrintToolBox] "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" /logon
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Samurai] "C:\Documents and Settings\Stephen\Desktop\SGC\Downloads\ROOTKIT TOOLBOX\SAMURAI\SAMURAI INSTALL\Samurai.exe" samurai.dat
O4 - HKLM\..\Run: [ISR_MONITOR] C:\$ISR\$APP\ISRMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [BOC-421] C:\PROGRA~1\NSClean\BOClean\BOC421.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Startup: Hosts Manager.lnk = C:\Program Files\HOSTS File Manager\HOSTS_Back.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\CsinsmNT.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
O15 - Trusted Zone:
http://www.national.com.au
O15 - Trusted Zone:
http://www.kaspersky.com
O15 - Trusted Zone:
http://www.symantec.com
O15 - Trusted Zone:
http://housecall65.trendmicro.com
O16 - DPF: ppctlcab -
http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} -
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -
http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -
http://www.trendsecure.com/service_c...ex/TmHcmsX.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -
https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) -
http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsu...?1120318750897
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1136416244625
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
https://www-secure.symantec.com/tech...ActiveData.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: APRJLLLBWOR - Unknown owner - C:\DOCUME~1\Stephen\LOCALS~1\Temp\APRJLLLBWOR.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BOCore - Privacy Software Corporation - C:\Program Files\NSClean\BOClean\BOCORE.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: FirstDefense-ISR Service (ISRService) - Raxco Software, Inc. - C:\$ISR\0\ISRService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WVE - Unknown owner - C:\DOCUME~1\Stephen\LOCALS~1\Temp\WVE.exe (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
Combofix:
Stephen - 06-09-22 17:45:46.10 Service Pack 2
ComboFix 06.09.21 - Running from: "C:\Documents and Settings\Stephen\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((( Files Created from 2006-08-22 to 2006-09-22 ))))))))))))))))))))))))))))))))))
2006-09-21 22:58 336 --a------ C:\reboot.bat
2006-09-21 22:58 194 --a------ C:\avexport.bat
2006-09-21 22:58 19,814 --a------ C:\reboot.exe
2006-09-21 22:58 126,976 --a------ C:\zip.exe
2006-09-21 22:58 1,080 --a------ C:\dbflqxta.bat
2006-09-21 18:39 11,254 --a------ C:\WINDOWS\system32\locate.com
2006-09-21 12:32 159,744 --a------ C:\WINDOWS\system32\hasher.dll
2006-09-20 19:28 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-20 19:28 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-20 19:28 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-20 16:05 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe
2006-09-20 16:05 6,020 --a------ C:\clean.bat
2006-09-20 16:05 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-20 16:05 4,096 --a------ C:\WINDOWS\system32\reboot.exe
2006-09-20 16:05 38,400 --a------ C:\WINDOWS\system32\moveex.exe
2006-09-07 13:28 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-08-25 10:06 99,344 --a------ C:\WINDOWS\system32\PDBoot.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-22 17:42 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-22 17:39 -------- d-------- C:\Program Files\Common Files
2006-09-22 14:47 -------- d-------- C:\Program Files\WinZip
2006-09-22 14:47 -------- d-------- C:\Program Files\Windows Defender
2006-09-22 14:45 -------- d-------- C:\Program Files\Symantec
2006-09-22 14:45 -------- d-------- C:\Program Files\SpywareGuard
2006-09-22 14:42 -------- d-------- C:\Program Files\Outlook Express
2006-09-22 14:42 -------- d-------- C:\Program Files\Norton Internet Security
2006-09-22 14:39 -------- d-------- C:\Program Files\LeechGet 2006
2006-09-22 14:38 -------- d-------- C:\Program Files\Internet Explorer
2006-09-22 14:38 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-22 14:37 -------- d-------- C:\Program Files\Eraser
2006-09-22 14:37 -------- d-------- C:\Program Files\Common Files\Webroot Shared
2006-09-22 14:37 -------- d-------- C:\Program Files\Common Files\System
2006-09-22 14:37 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-22 14:34 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-09-22 14:32 -------- d-------- C:\Program Files\a-squared Free
2006-09-22 14:32 -------- d-------- C:\Program Files\7-Zip
2006-09-22 07:14 -------- d-------- C:\Program Files\Java
2006-09-22 06:12 -------- d-------- C:\Program Files\HOSTS File Manager
2006-09-22 01:09 14976 --a------ C:\WINDOWS\system32\drivers\rkhdrv10.sys
2006-09-21 22:58 60416 --a------ C:\WINDOWS\system32\drivers\bltjppgx.sys
2006-09-21 22:20 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2006-09-21 16:50 -------- d-------- C:\Program Files\GRISOFT
2006-09-21 12:31 -------- d-------- C:\Program Files\Trisnap Technologies
2006-09-19 18:35 -------- d-------- C:\Program Files\RAXCO
2006-09-19 18:35 -------- d-------- C:\Program Files\Common Files\Raxco
2006-09-19 17:25 -------- d-------- C:\Documents and Settings\Stephen\Application Data\Ahead
2006-09-19 16:03 -------- d-------- C:\Program Files\Image for Windows
2006-09-18 16:11 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-18 14:39 -------- d-------- C:\Program Files\Security Task Manager
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-13 14:43 -------- d-------- C:\Program Files\Adobe
2006-09-09 01:10 -------- d-------- C:\Program Files\InCtrl5
2006-09-07 23:40 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-09-07 23:40 -------- d-------- C:\Program Files\LG Software Innovations
2006-09-07 16:14 -------- d-------- C:\Program Files\Eusing Free Registry Cleaner
2006-09-07 16:08 -------- d-------- C:\Program Files\CleanUp!
2006-09-04 13:32 -------- d-------- C:\Program Files\Softwin
2006-08-30 23:16 -------- d-------- C:\Program Files\HPSW
2006-08-27 20:06 -------- d-------- C:\Program Files\LEGO Media
2006-08-12 14:06 -------- d-------- C:\Documents and Settings\Stephen\Application Data\Webroot
2006-08-10 14:34 62480 --a------ C:\WINDOWS\system32\drivers\DefragFs.sys
2006-08-10 13:18 -------- d-------- C:\Program Files\NSClean
2006-08-08 20:34 -------- d-------- C:\Program Files\Webroot
2006-08-07 15:53 -------- d-------- C:\Program Files\DVDFab Decrypter
2006-08-06 20:18 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-06 20:18 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-06 20:13 -------- d-------- C:\Program Files\Activision
2006-08-06 00:35 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-03 19:33 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-08-03 19:33 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-08-03 19:33 13824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-08-03 19:33 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-07-30 00:27 -------- d-------- C:\Program Files\Investintech.com Inc
2006-07-27 23:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-24 23:51 -------- d-------- C:\Program Files\ERUNT
2006-07-21 18:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-13 23:39 120 --a------ C:\Documents and Settings\Stephen\Application Data\FixVTS.ini
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="\"C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe\""
"PowerBar"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"GW Port Controller"="\"C:\\Program Files\\Samsung\\SmarThru\\PORTCTRL.EXE\""
"zBrowser Launcher"="\"C:\\Program Files\\Logitech\\iTouch\\iTouch.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"Norton Ghost 9.0"="\"C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe\""
"Symantec NetDriver Monitor"="\"C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe\" /Consumer"
"Easy-PrintToolBox"="\"C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE\" /logon"
"BigPondCable"="\"C:\\Program Files\\Telstra\\Cable Login\\bpcable.exe\" /r"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Samurai"="\"C:\\Documents and Settings\\Stephen\\Desktop\\SGC\\Downloads\\ROOTKIT TOOLBOX\\SAMURAI\\SAMURAI INSTALL\\Samurai.exe\" samurai.dat"
"ISR_MONITOR"="C:\\$ISR\\$APP\\ISRMonitor.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="\"C:\\Program Files\\Ahead\\InCD\\InCD.exe\""
"BOC-421"="C:\\PROGRA~1\\NSClean\\BOClean\\BOC421.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About
:Home"
"SubscribedURL"="About
:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,d8,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,d8,02,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoAutoUpdate"=dword:00000001
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoBrowserOptions"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\DisallowRun]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\RestrictRun]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoBrowserOptions"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20060920-235921-724
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
backup-20060920-235921-735
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
backup-20060920-235921-910
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
backup-20060920-235921-514
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
backup-20060920-235921-755
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Stephen.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
Completion time: Fri 22/09/2006 17:46:52.54
ComboFix.txt
Looking forward to hearing from
BTW the new version of Gmer caused a hang in my system which required hard reboot. At reboot NAV restarted disenabled. ??
Salut.
Five over