Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Spyware/Virtumonde, Rootkit/Booto.C & Bck/VB.XB - kindly help me to remove those Spyware/Virtumonde, Rootkit/Booto.C & Bck/VB.XB - kindly help me to remove those
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 05-03-2008, 08:28 PM   #1 (permalink)
Registered User
 
Join Date: Sep 2007
Posts: 18
OS: xp


Spyware/Virtumonde, Rootkit/Booto.C & Bck/VB.XB - kindly help me to remove those
Hi there,

My laptop become slower.

Kindly assist me in removing those bad guys.

Tq in advance.


Here is the log from main.txt

Deckard's System Scanner v20071014.68
Run by Shahrul Faiz on 2008-05-04 10:26:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
55: 2008-05-04 02:26:12 UTC - RP55 - Deckard's System Scanner Restore Point
54: 2008-05-04 01:41:20 UTC - RP54 - Software Distribution Service 3.0
53: 2008-05-04 00:59:47 UTC - RP53 - Software Distribution Service 3.0
52: 2008-05-03 21:11:05 UTC - RP52 - System Checkpoint
51: 2008-05-02 16:22:17 UTC - RP51 - Removed LiveUpdate Notice (Symantec Corporation)


-- First Restore Point --
1: 2008-04-24 07:28:08 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Shahrul Faiz.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28, on 2008-05-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Shahrul Faiz\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Shahrul Faiz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.60.1.2:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1207469617431
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: yayvSlIY - yayvSlIY.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe

--
End of file - 10531 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 mi-raysat_3dsMax2008_32 (mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit) - "c:\program files\autodesk\3ds max 2008\mentalray\satellite\raysat_3dsmax2008_32server.exe"
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-22 21:23:24 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 10:18:00 0 d-------- C:\Program Files\Trend Micro
2008-05-04 09:46:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-04 08:52:04 0 d-------- C:\ie-spyad_zo
2008-05-04 08:48:38 0 d-------- C:\Program Files\SpywareBlaster
2008-05-03 22:52:25 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-03 00:22:24 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-29 12:09:53 0 d-------- C:\WINDOWS\system32\EWS
2008-04-28 23:48:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Smith Micro
2008-04-28 23:48:30 0 d-------- C:\Program Files\Smith Micro
2008-04-27 02:39:51 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-27 02:35:07 0 d-------- C:\cmdcons
2008-04-27 02:33:41 68096 --a------ C:\WINDOWS\zip.exe
2008-04-27 02:33:41 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-27 02:33:41 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-27 02:33:41 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-27 02:33:41 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-27 02:33:41 98816 --a------ C:\WINDOWS\sed.exe
2008-04-27 02:33:41 80412 --a------ C:\WINDOWS\grep.exe
2008-04-27 02:33:41 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-27 01:55:40 0 d-------- C:\WINDOWS\CSC
2008-04-26 22:58:24 0 d-------- C:\Program Files\Avira
2008-04-26 22:58:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-26 22:52:29 0 d-------- C:\Program Files\Enigma Software Group
2008-04-26 21:57:43 0 d-------- C:\VundoFix Backups
2008-04-26 21:07:11 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-25 16:50:50 0 d-------- C:\Program Files\Panda Security
2008-04-24 03:00:54 0 d-------- C:\Program Files\MSXML 4.0
2008-04-23 07:35:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-23 07:33:29 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-23 07:26:55 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-04-23 00:13:02 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-22 23:02:39 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-04-22 23:02:38 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-22 23:02:38 593920 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-22 23:02:38 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-04-22 23:02:38 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-04-22 23:02:37 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-22 23:02:37 740442 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-22 23:02:34 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-04-22 21:33:09 0 d-------- C:\Program Files\iPod
2008-04-22 21:33:01 0 d-------- C:\Program Files\iTunes
2008-04-22 21:30:28 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-22 21:30:10 0 d-------- C:\Program Files\Common Files\Apple
2008-04-22 21:23:20 0 d-------- C:\Program Files\Apple Software Update
2008-04-22 21:23:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-22 11:24:54 4096 --a------ C:\WINDOWS\d3dx.dat
2008-04-22 11:24:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-21 14:36:09 0 d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-04-21 14:36:06 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\Ahead
2008-04-21 14:35:57 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-21 14:32:30 0 d-------- C:\Program Files\Nero
2008-04-21 14:32:30 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-21 09:35:26 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\vlc
2008-04-21 09:30:16 0 d-------- C:\Program Files\VideoLAN
2008-04-20 20:21:47 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\Pegasys Inc
2008-04-20 20:16:21 0 d-------- C:\Documents and Settings\All Users\Pegasys Inc
2008-04-20 20:15:36 0 d-------- C:\Program Files\Pegasys Inc
2008-04-20 15:18:45 0 d-------- C:\WINDOWS\system32\VMM32
2008-04-20 15:17:30 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-20 15:16:20 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-18 00:31:52 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-04-17 21:16:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-14 08:05:50 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\Talkback
2008-04-14 08:05:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 08:05:27 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\Mozilla
2008-04-13 21:59:13 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\Autodesk
2008-04-13 21:55:37 0 d-------- C:\Program Files\turbo squid tentacles
2008-04-13 21:52:19 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-13 21:51:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-13 21:51:03 0 d-------- C:\Program Files\Autodesk
2008-04-10 16:44:13 0 d-------- C:\Program Files\Common Files\SourceTec
2008-04-10 16:44:12 0 d-------- C:\Program Files\SourceTec
2008-04-10 11:41:08 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\Symantec
2008-04-10 05:26:51 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\CyberLink
2008-04-10 05:26:50 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-10 05:12:17 0 d-------- C:\Program Files\CyberLink
2008-04-10 04:43:43 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-10 04:43:21 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\WinRAR
2008-04-10 02:22:48 0 d-------- C:\Program Files\Winamp
2008-04-10 02:22:48 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\Winamp
2008-04-10 0252 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-10 02:05:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-10 02:02:16 0 d-------- C:\Program Files\Common Files\Control Panels
2008-04-10 02:00:07 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-04-10 01:45:07 0 d-------- C:\shortcuts
2008-04-10 01:38:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-10 01:34:08 0 d-------- C:\Program Files\Bonjour
2008-04-10 01:30:13 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-09 18:34:34 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\U3
2008-04-07 21:20:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-07 21:20:09 0 d-------- C:\Program Files\Yahoo!
2008-04-07 20:55:03 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\Macromedia
2008-04-07 20:55:01 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\Adobe
2008-04-06 23:45:48 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-06 23:45:44 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-06 23:45:43 0 dr------- C:\Program Files
2008-04-06 23:45:43 0 d-------- C:\Program Files\Common Files
2008-04-06 23:45:17 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-06 23:45:17 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-06 23:45:17 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-06 23:45:17 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-06 23:45:17 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-06 23:45:17 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-06 23:45:17 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-06 23:45:17 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-06 23:45:17 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-06 23:45:17 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-06 23:45:17 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-06 23:45:17 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-06 23:45:17 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-06 23:45:17 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-06 23:45:17 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-06 23:45:17 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-06 23:45:05 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-06 23:45:05 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-06 23:45:00 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-06 23:45:00 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-06 23:44:59 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-06 23:44:59 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-06 23:44:36 0 d-------- C:\Documents and Settings
2008-04-06 23:39:03 0 d-------- C:\WINDOWS
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\WinSxS
2008-04-06 23:39:03 0 dr------- C:\WINDOWS\Web
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\twain_32
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\wins
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\wbem
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\usmt
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\spool
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\Setup
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\ras
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\oobe
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\npp
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\mui
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\IME
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\ias
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\export
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\drivers
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-06 23:39:03 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\config
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\3076
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\2052
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\1054
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\1042
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\1041
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\1037
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\1033
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\1031
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\1028
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system32\1025
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\system
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\security
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\Resources
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\repair
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\mui
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\msapps
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\msagent
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\Media
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\java
2008-04-06 23:39:03 0 d--h----- C:\WINDOWS\inf
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\ime
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\Help
2008-04-06 23:39:03 0 dr--s---- C:\WINDOWS\Fonts
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\Driver Cache
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\Debug
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\Cursors
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\Config
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\AppPatch
2008-04-06 23:39:03 0 d-------- C:\WINDOWS\addins
2008-04-06 20:14:39 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-06 20:11:43 0 d-------- C:\Program Files\SPSS
2008-04-06 20:09:52 20569 --a------ C:\WINDOWS\system32\pxc25pm.dll <Not Verified; Tracker Software; PDF-XChange Port Monitor>
2008-04-06 20:09:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Mindjet
2008-04-06 20:09:34 0 d-------- C:\Program Files\Mindjet
2008-04-06 20:08:28 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-06 20:05:40 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\Apple Computer
2008-04-06 20:05:20 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-04-06 20:04:09 0 d-------- C:\Program Files\QuickTime
2008-04-06 20:04:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-06 19:55:02 0 d-------- C:\Program Files\Microsoft Works
2008-04-06 19:53:36 0 d-------- C:\Program Files\Microsoft.NET
2008-04-06 19:51:44 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-06 19:51:05 0 d-------- C:\WINDOWS\SHELLNEW
2008-04-06 19:50:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-06 19:50:11 0 dr-h----- C:\MSOCache
2008-04-06 19:41:51 0 d-------- C:\Program Files\MSXML 6.0
2008-04-06 19:09:19 0 d-------- C:\WINDOWS\network diagnostic
2008-04-06 18:25:50 0 d-------- C:\Program Files\MSBuild
2008-04-06 18:21:47 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-06 18:20:56 0 d-------- C:\Program Files\Reference Assemblies
2008-04-06 18:17:09 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-06 18:16:09 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-06 18:16:09 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-06 18:11:24 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-06 1837 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-04-06 17:32:03 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-06 17:32:01 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-06 17:28:20 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-06 17:26:51 0 d-------- C:\Program Files\Motorola
2008-04-06 17:24:58 0 d-------- C:\Program Files\Atheros
2008-04-06 17:24:37 0 d-------- C:\temp
2008-04-06 17:12:40 0 d-------- C:\WINDOWS\system32\Lang
2008-04-06 17:12:40 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\ATI
2008-04-06 17:03:24 0 d-------- C:\Program Files\ATI Technologies
2008-04-06 17:02:16 0 d-------- C:\Program Files\Synaptics
2008-04-06 17:00:53 0 d-------- C:\WINDOWS\OPTIONS
2008-04-06 17:00:45 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\InstallShield
2008-04-06 16:58:16 0 d-------- C:\Program Files\Toshiba
2008-04-06 16:57:41 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-06 16:57:21 0 d-------- C:\WINDOWS\system32\RTCOM
2008-04-06 16:57:06 0 d-------- C:\Program Files\Realtek
2008-04-06 16:57:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-06 16:56:59 499712 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-06 16:56:55 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-06 16:55:11 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-04-06 16:54:31 0 d-------- C:\WINDOWS\Prefetch
2008-04-06 16:54:30 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-06 16:49:21 0 d-------- C:\WINDOWS\provisioning
2008-04-06 16:49:21 0 d-------- C:\WINDOWS\peernet
2008-04-06 16:48:19 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-06 16:45:35 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-06 16:43:57 0 d-------- C:\WINDOWS\EHome
2008-04-06 16:21:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-06 16:18:18 0 d-------- C:\WINDOWS\system32\bits
2008-04-06 16:13:54 0 d--hs---- C:\Documents and Settings\Shahrul Faiz\UserData
2008-04-06 16:13:49 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-06 16:11:00 0 d-------- C:\WINDOWS\ATK0100
2008-04-06 16:01:05 0 d--hs---- C:\WINDOWS\Installer
2008-04-06 16:01:03 0 d-------- C:\Documents and Settings\Shahrul Faiz\Application Data\Identities
2008-04-06 16:00:56 0 d--h----- C:\Documents and Settings\Shahrul Faiz\Templates
2008-04-06 16:00:56 0 dr------- C:\Documents and Settings\Shahrul Faiz\Start Menu
2008-04-06 16:00:56 0 dr-h----- C:\Documents and Settings\Shahrul Faiz\SendTo
2008-04-06 16:00:56 0 dr-h----- C:\Documents and Settings\Shahrul Faiz\Recent
2008-04-06 16:00:56 0 d--h----- C:\Documents and Settings\Shahrul Faiz\PrintHood
2008-04-06 16:00:56 4980736 --ah----- C:\Documents and Settings\Shahrul Faiz\NTUSER.DAT
2008-04-06 16:00:56 0 d--h----- C:\Documents and Settings\Shahrul Faiz\NetHood
2008-04-06 16:00:56 0 dr------- C:\Documents and Settings\Shahrul Faiz\My Documents
2008-04-06 16:00:56 0 d--h----- C:\Documents and Settings\Shahrul Faiz\Local Settings
2008-04-06 16:00:56 0 dr------- C:\Documents and Settings\Shahrul Faiz\Favorites
2008-04-06 16:00:56 0 d-------- C:\Documents and Settings\Shahrul Faiz\Desktop
2008-04-06 16:00:56 0 d--hs---- C:\Documents and Settings\Shahrul Faiz\Cookies
2008-04-06 16:00:56 0 dr-h----- C:\Documents and Settings\Shahrul Faiz\Application Data
2008-04-06 15:58:48 0 d--hs---- C:\System Volume Information
2008-04-06 15:58:47 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-06 15:58:47 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-06 15:58:47 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-06 15:58:47 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-06 15:58:47 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-06 15:58:46 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-06 15:58:46 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-06 15:58:46 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-04-06 15:58:46 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-06 15:58:46 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-06 15:55:54 0 d-------- C:\WINDOWS\system32\xircom
2008-04-06 15:55:54 0 d-------- C:\Program Files\microsoft frontpage
2008-04-06 15:55:45 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-06 15:55:39 0 -rahs---- C:\MSDOS.SYS
2008-04-06 15:55:39 0 -rahs---- C:\IO.SYS
2008-04-06 15:55:39 0 --a------ C:\CONFIG.SYS
2008-04-06 15:55:39 0 --a------ C:\AUTOEXEC.BAT
2008-04-06 15:54:57 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-06 15:54:50 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-06 15:54:50 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-06 15:54:28 0 d-------- C:\WINDOWS\srchasst
2008-04-06 15:54:21 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-06 15:54:20 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-06 15:54:03 0 d-------- C:\Program Files\Movie Maker
2008-04-06 15:53:30 0 d-------- C:\WINDOWS\system32\Restore
2008-04-06 15:53:23 0 d-------- C:\WINDOWS\PCHEALTH
2008-04-06 15:53:15 0 d---s---- C:\WINDOWS\Tasks
2008-04-06 15:53:12 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-06 15:52:42 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-06 15:52:25 0 d-------- C:\WINDOWS\Registration
2008-04-06 15:52:18 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-06 15:52:18 0 d-------- C:\Program Files\Online Services
2008-04-06 15:52:12 0 d-------- C:\Program Files\Messenger
2008-04-06 15:51:57 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-06 15:51:46 0 d-------- C:\Program Files\Windows NT
2008-04-06 15:51:32 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-06 15:51:30 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-04-06 23:45:17 62 --ahs---- C:\Documents and Settings\Shahrul Faiz\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]
2007-05-18 00:05 71184 -ra------ C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 17:37]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 19:49 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 20:02]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 13:11]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00]
"MMReminderService"="C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe" [2007-05-18 00:05]
"pdfSaver3"="" []
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:56]
"pdfSaver3"="C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 17:20]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06]

C:\Documents and Settings\Shahrul Faiz\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-06-01 10:52:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvSlIY]
yayvSlIY.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30c3dbea-064c-11dd-b9fc-0015af30fa7a}]
AutoRun\command- wscript.exe .\.vbs
open\command- wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{881ca362-0620-11dd-b9fa-0015af30fa7a}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d7bbe90-0af9-11dd-ba12-0015af30fa7a}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL data.exe
explore\Command- data.exe -e
open\Command- data.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7a564d2-095f-11dd-ba0c-0015af30fa7a}]
AutoOpen\command- .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe




-- End of Deckard's System Scanner: finished at 2008-05-04 10:29:15 ------------



Attach are the extra.txt & activescan.txt from panda.

Tq in advance.
Attached Files
File Type: txt ActiveScan.txt (11.9 KB, 3 views)
File Type: txt extra.txt (26.2 KB, 0 views)
Last edited by Ried : 05-03-2008 at 09:20 PM. Reason: removed code tags from log for easier review
shamarque is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-06-2008, 07:04 PM   #2 (permalink)
Registered User
 
Join Date: Sep 2007
Posts: 18
OS: xp


Re: Spyware/Virtumonde, Rootkit/Booto.C & Bck/VB.XB - kindly help me to remove those
bump..

kindly assist me. It getting worst.

Tq in advance
shamarque is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-11-2008, 04:36 PM   #3 (permalink)
Registered User
 
Join Date: Sep 2007
Posts: 18
OS: xp


Re: Spyware/Virtumonde, Rootkit/Booto.C & Bck/VB.XB - kindly help me to remove those
Bump..
shamarque is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 11:13 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82