Thread: Where to begin?
View Single Post
Old 02-18-2007, 04:45 PM   #7 (permalink)
christinelydia
Registered User
 
Join Date: Feb 2007
Posts: 13
OS: Windows XP Professional


c:\vundo.txt, Comboscan.txt and Supplementary file
I downloaded vundofix to my desktop but my computer would not let me run it. The error signature is as follows:

AppName: vundofix.exe AppVer: 6.3.0.6 ModName: unknown
ModVer: 0.0.0.0 Offset: 0032083d

I went ahead and downloaded the vundo fix from symantec, here is the result:

Symantec Trojan.Vundo Removal Tool 1.5.0
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been terminated.
The process "iexplore.exe" might be affected by the threat. It has been terminated.

C:\System Volume Information: (not scanned)

Trojan.Vundo has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 41471
The number of deleted files: 0
The number of viral processes terminated: 2
The number of viral processes suspended: 2
The number of viral threads terminated: 0
The number of registry entries fixed: 0


Here is the combo scan result:

Combo Scan:

ComboScan v20070212.14 run by Kyle Hicks on 2007-02-18 at 17:35:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Restore was disabled; re-enabling.
Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.


-- HijackThis log (run as Kyle Hicks.com) --------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:36:11 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kyle Hicks\Desktop\comboscan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\KYLEHI~1\LOCALS~1\Temp\~hpckopa.tmp\Kyle Hicks.com

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: McAfee Wi-FiScan - http://download.mcafee.com/molbin/is...cannerCtrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107w.bay107.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S3lsZSAgSGlja3M\command.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- HijackThis Fixed Entries (C:\Documents and Settings\Kyle Hicks\Desktop\hijackthis\backups\) --------------------------------------------------------------------------------

backup-20070204-174850-105 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
backup-20070204-174850-176 O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"
backup-20070204-174850-710 O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
backup-20070204-174850-865 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
backup-20070204-174850-887 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
backup-20070204-174850-900 O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
backup-20070204-174850-907 O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
backup-20070204-174850-977 O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
backup-20070204-174851-282 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20070204-174851-669 O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
backup-20070204-174851-680 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20070204-174851-986 O14 - IERESET.INF: START_PAGE_URL=http://my.netzero.net/s/sp
backup-20070217-014137-302 O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
backup-20070217-014137-362 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
backup-20070217-014138-121 O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
backup-20070217-014138-125 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20070217-014138-370 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
backup-20070217-014138-377 O2 - BHO: (no name) - {CED2991B-0BCA-4D9D-ADDC-2C789D7C16A1} - C:\WINDOWS\system32\yaywuvv.dll (file missing)
backup-20070217-014138-435 O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll (file missing)
backup-20070217-014138-535 O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
backup-20070217-014138-572 O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll
backup-20070217-014138-608 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
backup-20070217-014138-708 O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
backup-20070217-014138-758 O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
backup-20070217-014138-862 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
backup-20070217-014138-936 O2 - BHO: (no name) - {9B98D3DF-405C-4F33-8D49-587DEAAAE75B} - C:\WINDOWS\system32\jkkli.dll (file missing)
backup-20070217-014138-965 O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\livwgchk.dll (file missing)
backup-20070217-014139-636 O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
backup-20070217-014139-700 O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
backup-20070217-014139-971 O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
backup-20070217-014139-993 O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
backup-20070217-014334-546 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
backup-20070217-014408-117 R3 - Default URLSearchHook is missing
backup-20070217-014408-764 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20070217-014408-882 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070217-014408-931 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20070217-014601-541 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20070217-014705-675 O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
backup-20070217-014738-664 O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
backup-20070217-014738-777 O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
backup-20070217-014738-958 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
backup-20070217-014839-256 O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
backup-20070217-014902-337 O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
backup-20070217-014912-436 O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

0 ACPIEC (Microsoft Embedded Controller Driver) - system32\DRIVERS\ACPIEC.sys
2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.0.0.5) - system32\DRIVERS\AegisP.sys
3 ALCXSENS (Service for WDM 3D Audio Driver) - system32\drivers\ALCXSENS.SYS
3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - system32\drivers\ALCXWDM.SYS
3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
3 ATKXPDisplayName - system32\DRIVERS\ATKACPI.sys
3 Cam5603C (BisonCam, USB2.0) - System32\Drivers\Bs350u2.sys
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
1 eeCtrl (Symantec Eraser Control driver) - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3 EraserUtilRebootDrv - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
3 gv3 (Intel GV3 Processor Driver) - system32\DRIVERS\gv3.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys
3 HSFHWICH - system32\DRIVERS\HSFHWICH.sys
3 HSF_DP - system32\DRIVERS\HSF_DP.sys
1 huy32 (Win23 lzx files loader) - \??\C:\WINDOWS\system32:huy32.sys
3 ialm - system32\DRIVERS\ialmnt5.sys
1 ikhfile (File Security Kernel Anti-Spyware Driver) - system32\drivers\ikhfile.sys
1 ikhlayer (Kernel Anti-Spyware Driver) - system32\drivers\ikhlayer.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
2 irda (IrDA Protocol) - system32\DRIVERS\irda.sys
3 irsir (Microsoft Serial Infrared Driver) - system32\DRIVERS\irsir.sys
4 mchInjDrv - \??\C:\WINDOWS\TEMP\mc21.tmp
2 mdmxsdk - system32\DRIVERS\mdmxsdk.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070218.016\NAVENG.Sys
3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070218.016\NavEx15.Sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
3 nm (Network Monitor Driver) - system32\DRIVERS\NMnt.sys
2 NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - system32\DRIVERS\nwlnkipx.sys
2 NwlnkNb (NWLink NetBIOS) - system32\DRIVERS\nwlnknb.sys
2 NwlnkSpx (NWLink SPX/SPXII Protocol) - system32\DRIVERS\nwlnkspx.sys
3 NWRDR (NetWare Rdr) - system32\DRIVERS\nwrdr.sys
0 ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
0 PCIIde - system32\DRIVERS\pciide.sys
0 Pcmcia - system32\DRIVERS\pcmcia.sys
3 Rasirda (WAN Miniport (IrDA)) - system32\DRIVERS\rasirda.sys
3 RIOUNIV (Rio universal USB driver) - System32\Drivers\RIOUNIV.sys
3 RTL8023xp (Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver) - system32\DRIVERS\Rtlnicxp.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - system32\DRIVERS\RTL8139.SYS
2 s24trans (WLAN Transport) - system32\DRIVERS\s24trans.sys
1 SAVRT - \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS
1 SAVRTPEL - \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
3 Sfloppy (High-Capacity Floppy Disk Drive) - system32\DRIVERS\sfloppy.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
1 SPBBCDrv - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3 StillCam (Still Serial Digital Camera Driver) - system32\DRIVERS\serscan.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMIDSCO - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20070214.003\symidsco.sys
2 symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
3 SynTP (Synaptics TouchPad Driver) - system32\DRIVERS\SynTP.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
3 Video3D (ASUS Video3D Service) - System32\Drivers\Video3D.sys
3 w22n51 (Intel(R) PRO/Wireless 2200 Adapter Driver for Windows XP) - system32\DRIVERS\w22n51.sys
3 winachsf - system32\DRIVERS\HSF_CNXT.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
2 ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
2 cmdService (Command Service) - C:\WINDOWS\S3lsZSAgSGlja3M\command.exe
4 COM+ Messages - "C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272
2 Irmon (Infrared Monitor) - %SystemRoot%\system32\svchost.exe -k netsvcs
3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
2 MsaSvc (Microsoft authenticate service) - C:\WINDOWS\system32\msasvc.exe
2 navapsvc (Norton AntiVirus Auto-Protect Service) - "C:\Program Files\Norton AntiVirus\navapsvc.exe"
4 Network Monitor - C:\Program Files\Network Monitor\netmon.exe service
2 NPFMntor (Norton AntiVirus Firewall Monitor Service) - "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"
3 NSCService (Norton Protection Center Service) - "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"
2 NWCWorkstation (Client Service for NetWare) - %SystemRoot%\system32\svchost.exe -k netsvcs
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
4 Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
4 RegSrvc - C:\WINDOWS\system32\RegSrvc.exe
2 S24EventMonitor (Spectrum24 Event Monitor) - C:\WINDOWS\system32\S24EvMon.exe
3 SAVScan (Symantec AVScan) - "C:\Program Files\Norton AntiVirus\SAVScan.exe"
2 SDhelper (PC Tools Spyware Doctor) - C:\Program Files\Spyware Doctor\sdhelp.exe
2 SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2 SPBBCSvc - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
2 Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe


-- Scheduled Tasks --------------------------------------------------------------

2007-02-14 09:40:08 542 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Kyle Hicks.job<NORTON~1.JOB>


-- Files created between 2007-01-18 and 2007-02-18 ------------------------------

2007-02-18 15:03:31 0 d-------- C:\WINDOWS\LastGood
2007-02-14 17:14:03 1046592 ---hs---- C:\WINDOWS\system32\ilkkj.ini2<ILKKJ~1.INI>
2007-02-14 11:58:16 23040 --a------ C:\WINDOWS\system32\mszsrn32.dll<Unsigned: n/a>
2007-02-14 09:37:54 0 d-------- C:\Documents and Settings\Kyle Hicks\Application Data\Symantec
2007-02-14 09:27:52 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1>
2007-02-14 09:27:22 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys<Signed: Symantec Corporation>
2007-02-14 09:27:11 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL<Signed: Symantec Corporation>
2007-02-14 09:27:11 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS<Signed: Symantec Corporation>
2007-02-14 09:26:21 0 d-------- C:\Program Files\Symantec
2007-02-14 09:26:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-02-14 09:25:57 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-12 15:42:26 86016 --a------ C:\WINDOWS\unvise32.exe<Unsigned: MindVision Software>
2007-02-12 15:41:52 0 d-------- C:\Program Files\The Princeton Review<THEPRI~1>
2007-02-09 16:19:41 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-02-09 16:19:35 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys<Unsigned: PCTools Research Pty Ltd.>
2007-02-09 16:19:33 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys<Unsigned: PCTools Research Pty Ltd.>
2007-02-09 16:18:48 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-02-09 16:18:48 0 d-------- C:\Documents and Settings\Kyle Hicks\Application Data\PC Tools<PCTOOL~1>
2007-02-08 2055 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-08 00:12:48 0 d-------- C:\WINDOWS\SxsCaPendDel<SXSCAP~1>
2007-02-07 23:27:08 9136 --a------ C:\WINDOWS\system\INETWH16.DLL<Unsigned: n/a>
2007-02-07 23:27:07 177216 --a------ C:\WINDOWS\system\TYPELIB.DLL<Unsigned: Microsoft Corporation>
2007-02-07 23:27:07 14128 --a------ C:\WINDOWS\system\TOOLHELP.DLL<Unsigned: Microsoft Corporation>
2007-02-07 23:27:07 157696 --a------ C:\WINDOWS\system\STORAGE.DLL<Unsigned: n/a>
2007-02-07 23:27:04 51712 --a------ C:\WINDOWS\system\OLE2PROX.DLL<Unsigned: Microsoft Corporation>
2007-02-07 23:27:02 164832 --a------ C:\WINDOWS\system\OLE2DISP.DLL<Unsigned: Microsoft Corporation>
2007-02-07 23:27:02 57328 --a------ C:\WINDOWS\system\OLE2CONV.DLL<Unsigned: Microsoft Corporation>
2007-02-07 23:27:02 27026 --a------ C:\WINDOWS\system\OLE2.REG
2007-02-07 23:27:01 302592 --a------ C:\WINDOWS\system\OLE2.DLL<Unsigned: Microsoft Corporation>
2007-02-07 23:27:01 146976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL<Unsigned: Microsoft Corporation>
2007-02-07 23:27:00 125856 --a------ C:\WINDOWS\system\MFCO250.DLL<Unsigned: Microsoft Corporation>
2007-02-07 23:26:59 322384 --a------ C:\WINDOWS\system\MFC250.DLL<Unsigned: Microsoft Corporation>
2007-02-07 23:26:59 36864 --a------ C:\WINDOWS\system\DDEML.DLL<Unsigned: Microsoft Corporation>
2007-02-07 23:26:58 108544 --a------ C:\WINDOWS\system\COMPOBJ.DLL<Unsigned: Microsoft Corporation>
2007-02-07 23:26:57 150976 --a------ C:\WINDOWS\system\OLE2NLS.DLL<Unsigned: Microsoft Corporation>
2007-02-07 23:26:15 0 d-------- C:\Program Files\ETS
2007-02-07 11:37:31 0 d-------- C:\Program Files\RegistryCleaner<REGIST~1>
2007-02-07 11:37:28 620129 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe<REGIST~1.EXE><Unsigned: n/a>
2007-02-05 08:40:37 3408 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-04 17:11:47 79360 --a------ C:\WINDOWS\system32\swxcacls.exe<Unsigned: SteelWerX>
2007-02-04 17:11:46 40960 --a------ C:\WINDOWS\system32\swsc.exe<Unsigned: n/a>
2007-02-04 17:11:46 135168 --a------ C:\WINDOWS\system32\swreg.exe<Unsigned: SteelWerX>
2007-02-04 17:11:46 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe<Unsigned: S!Ri>
2007-02-04 17:11:46 53248 --a------ C:\WINDOWS\system32\Process.exe<Unsigned: http://www.beyondlogic.org>
2007-02-04 17:11:46 51200 --a------ C:\WINDOWS\system32\dumphive.exe<Unsigned: n/a>
2007-02-04 13:15:49 0 d--hs---- C:\found.000
2007-02-03 18:54:46 0 d-------- C:\Documents and Settings\Kyle Hicks\Application Data\Google
2007-02-03 18:54:46 0 d-------- C:\Documents and Settings\Friend\Application Data\Google
2007-02-03 18:54:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-02-02 18:12:30 7864320 -----n--- C:\Documents and Settings\Kyle Hicks\ntuser.dat
2007-01-30 14:53:46 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-01-30 12:33:53 0 d-------- C:\Documents and Settings\Kyle Hicks\Application Data\Uniblue
2007-01-29 17:01:49 1027762 ---hs---- C:\WINDOWS\system32\ilkkj.bak2<ILKKJ~2.BAK>
2007-01-28 17:41:08 0 d-------- C:\Documents and Settings\Kyle Hicks\Application Data\AVG7
2007-01-28 17:40:18 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-01-28 17:32:44 0 d-------- C:\Program Files\Grisoft
2007-01-28 17:20:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-01-28 17:20:10 0 d--hs---- C:\WINDOWS\S3lsZSAgSGlja3M<S3LSZS~1>
2007-01-28 17:01:39 1010437 ---hs---- C:\WINDOWS\system32\ilkkj.bak1<ILKKJ~1.BAK>
2007-01-28 11:45:04 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-01-26 02:53:27 1351680 --a------ C:\WINDOWS\system32\RIOWMSP.DLL<Unsigned: Digital Networks North America, Inc.>
2007-01-26 02:47:37 16128 --a------ C:\WINDOWS\system32\drivers\RIOUNIV.SYS<Signed: Digital Networks North America, Inc.>
2007-01-26 02:47:37 0 d-------- C:\RioDrivers<RIODRI~1>
2007-01-25 23:26:21 0 d-------- C:\Program Files\Real
2007-01-25 23:26:21 0 d-------- C:\Program Files\Common Files\Real
2007-01-25 23:25:42 0 d-------- C:\Documents and Settings\Kyle Hicks\Application Data\Real
2007-01-25 09:28:41 0 d-------- C:\WINDOWS\system32\NtmsData
2007-01-24 02:42:32 69632 --a------ C:\WINDOWS\system32\lfgif13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-24 02:42:31 462848 --a------ C:\WINDOWS\system32\ltkrn13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-24 02:42:31 450560 --a------ C:\WINDOWS\system32\ltimg13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-24 02:42:31 163840 --a------ C:\WINDOWS\system32\ltfil13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-24 02:42:31 206336 --a------ C:\WINDOWS\system32\ltefx13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-24 02:42:31 299008 --a------ C:\WINDOWS\system32\ltdis13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-24 02:42:31 401408 --a------ C:\WINDOWS\system32\lfcmp13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-24 02:42:31 57344 --a------ C:\WINDOWS\system32\lfbmp13n.dll<Unsigned: LEAD Technologies, Inc.>
2007-01-24 02:23:36 0 d-------- C:\Documents and Settings\Kyle Hicks\Application Data\WinRAR
2007-01-22 11:52:59 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-01-22 11:44:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-01-19 12:05:05 1168 --a------ C:\WINDOWS\mozver.dat
2007-01-19 10:50:55 0 d-------- C:\WINDOWS\Sun
2007-01-19 10:50:54 0 d-------- C:\Documents and Settings\Kyle Hicks\Application Data\Sun


-- Find3M Report ----------------------------------------------------------------

2007-02-15 23:07:25 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-05 15:12:22 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-30 15:00:32 0 d-------- C:\Documents and Settings\Kyle Hicks\Application Data\Adobe
2007-01-21 17:18:35 0 d-------- C:\Program Files\Yahoo!
2007-01-21 17:18:34 0 d-------- C:\Documents and Settings\Kyle Hicks\Application Data\Yahoo!
2007-01-21 17:17:16 0 d-------- C:\Program Files\GENERIC
2007-01-20 1839 0 d-------- C:\Documents and Settings\Kyle Hicks\Application Data\Lavasoft
2007-01-17 00:36:22 0 d-------- C:\Documents and Settings\Kyle Hicks\Application Data\Mozilla
2007-01-14 14:52:32 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-01-14 12:07:09 0 d-------- C:\Program Files\QuickTime<QUICKT~1>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Power_Gear"="C:\\Program Files\\GENERIC\\Power4 Gear\\BatteryLife.exe 1"
"PRONoMgr.exe"="C:\\Program Files\\Intel\\PROSetWireless\\NCS\\PROSet\\PRONoMgr.exe"
"SoundMan"="SOUNDMAN.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CED2991B-0BCA-4D9D-ADDC-2C789D7C16A1}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of ComboScan: finished at 2007-02-18 at 17:37:00 -------------------------

The supplementary file is attached. Thanks!
Christine
Attached Files
File Type: txt Supplementary.txt (7.6 KB, 1 views)
christinelydia is offline