Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Win32/Rustock.gen!C (help!) Win32/Rustock.gen!C (help!)
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 04-03-2007, 07:43 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 8
OS: XP


Win32/Rustock.gen!C (help!)
Hello,

Im new to the forum but have been advised Ill get the best help here
Ive seen a previous post which details someone else having this problem, but it wont let me post a reply?! (so sorry to annoy anyone but Ive had to make a new post)

Should I follow the same steps that were advised in previous posts?

Ive only got this far (as of yet)

Any help really appreciated!

Stephen Quigley,
N.Ireland

-----------

Logfile of HijackThis v1.99.1
Scan saved at 14:35:33, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ME\LOCALS~1\Temp\Rar$EX00.468\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bebo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...C01&lc=0809&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/r...search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/...C01&lc=0809&ac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172622521826
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173539138452
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.northernbank.co.uk/.../e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Last edited by QUIGGS2001 : 04-03-2007 at 07:57 AM.
QUIGGS2001 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-03-2007, 12:49 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,752
OS: 2000 Pro; XP Pro; XP Home


Re: Win32/Rustock.gen!C (help!)
Hi, and welcome.

Quote:
Ive seen a previous post which details someone else having this problem, but it wont let me post a reply?!
This is by design. We want only approved Helpers and the original poster involved in the threads.

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-03-2007, 03:50 PM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 8
OS: XP


Re: Win32/Rustock.gen!C (help!)
Thankyou very much for the reply and help.
Hopefully I have followed your instructions correctly.






Deckard's System Scanner v20070328.36
Run by ME on 2007-04-03 at 22:42:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
92: 2007-04-03 21:42:15 UTC - RP92 - Deckard's System Scanner Restore Point
91: 2007-04-03 14:55:22 UTC - RP91 - Software Distribution Service 2.0
90: 2007-04-03 14:38:14 UTC - RP90 - Software Distribution Service 2.0
89: 2007-04-03 14:14:36 UTC - RP89 - Software Distribution Service 2.0
88: 2007-04-03 14:12:48 UTC - RP88 - Installed Windows Defender


-- First Restore Point --
1: 2007-02-25 10:02:51 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as ME.exe) --------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:44:38, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Documents and Settings\ME\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\ME.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bebo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...C01&lc=0809&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/r...search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/...C01&lc=0809&ac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172622521826
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173539138452
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.northernbank.co.uk/.../e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 smwdm - c:\windows\system32\drivers\smwdm.sys

S1 EXAMPLE - c:\windows\system32\main.sys (file missing)
S3 basic2 - c:\windows\system32\drivers\basic2.sys (file missing)
S3 BthEnum (Bluetooth Request Block Driver) - c:\windows\system32\drivers\bthenum.sys
S3 BthPan (Bluetooth Device (Personal Area Network)) - c:\windows\system32\drivers\bthpan.sys
S3 BTHPORT (Bluetooth Port Driver) - c:\windows\system32\drivers\bthport.sys
S3 BTHUSB (Bluetooth Radio USB Driver) - c:\windows\system32\drivers\bthusb.sys
S3 EXAMPLE1 - c:\windows\system32\ksys.sys
S3 Rksample - c:\windows\system32\drivers\rksample.sys (file missing)
S3 Runtime - c:\windows\system32\runtime.sys (file missing)
S3 usbcm (USB Cable Modem 351000 NDIS Driver) - c:\windows\system32\drivers\usbcm.sys
S3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys (file missing)


pe386 driver present

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe -k bthsvcs


-- Scheduled Tasks -------------------------------------------------------------

2007-04-03 16:47:57 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-04-03 14:20:01 482 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job<SPYWAR~1.JOB>


-- Files created between 2007-03-03 and 2007-04-03 -----------------------------

2007-04-03 18:12:21 0 d-------- C:\WINDOWS\LastGood
2007-04-03 15:40:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust<INTERT~1>
2007-04-03 15:40:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-04-03 15:40:08 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-04-03 15:40:08 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-03 15:12:52 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-04-03 02:28:59 0 d-------- C:\Documents and Settings\ME\Application Data\SpywareBot<SPYWAR~1>
2007-04-03 02:09:16 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-03 01:12:06 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-03 01:09:45 0 d-------- C:\Documents and Settings\ME\.housecall6.6<HOUSEC~1.6>
2007-04-01 20:10:16 0 d-------- C:\Program Files\Windows Live Safety Center<WINDOW~4>
2007-03-29 02:36:28 0 d-------- C:\Documents and Settings\ME\Application Data\DivX
2007-03-29 02:35:50 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-29 02:35:49 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-29 02:35:48 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-03-28 20:01:53 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-03-28 20:01:53 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-03-28 20:01:53 36624 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-28 20:01:35 0 d-------- C:\Program Files\DivX
2007-03-27 16:03:05 0 d-------- C:\Program Files\Dan Elwell's Broadband Speed Test<DANELW~1>
2007-03-27 15:55:52 17024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-03-27 13:55:02 0 d-------- C:\WINDOWS\pss
2007-03-23 01:53:33 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache<QTSBAN~1>
2007-03-21 22:54:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!<MESSEN~1>
2007-03-19 17:39:15 0 d-------- C:\Documents and Settings\ME\Application Data\VideoEgg
2007-03-19 17:38:12 0 d-------- C:\Documents and Settings\All Users\Application Data\VideoEgg
2007-03-19 17:38:06 0 d-------- C:\Program Files\VideoEgg
2007-03-15 22:57:40 0 d-------- C:\Program Files\SymNetDrv<SYMNET~1>
2007-03-15 22:38:23 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1>
2007-03-15 22:37:59 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-03-15 22:37:59 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-03-15 22:37:58 0 d-------- C:\Documents and Settings\ME\Application Data\Symantec
2007-03-15 22:37:39 0 d-------- C:\Program Files\Symantec
2007-03-15 22:37:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-03-15 22:37:30 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-13 02:03:02 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5>
2007-03-13 02:02:57 0 d-------- C:\Program Files\pspvideo9<PSPVID~1>
2007-03-12 00:12:23 0 d-------- C:\Documents and Settings\ME\Application Data\uTorrent
2007-03-11 15:16:18 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-03-11 15:16:16 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-11 13:18:51 127208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-03-10 17:07:59 8192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-03-10 17:07:59 27136 --a------ C:\WINDOWS\system32\irmon.dll
2007-03-10 17:07:59 152576 --a------ C:\WINDOWS\system32\irftp.exe
2007-03-10 17:02:42 0 d-------- C:\WINDOWS\Prefetch
2007-03-10 16:55:05 221184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-03-10 16:51:58 0 d-------- C:\WINDOWS\peernet
2007-03-10 16:51:55 0 d-------- C:\WINDOWS\provisioning<PROVIS~1>
2007-03-10 16:47:09 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1>
2007-03-10 16:41:03 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-10 16:40:32 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-10 16:36:22 0 d-------- C:\WINDOWS\EHome
2007-03-10 16:29:03 11776 -----n--- C:\WINDOWS\system32\spnpinst.exe
2007-03-10 16:29:02 4569 -----n--- C:\WINDOWS\system32\secupd.dat
2007-03-10 16:08:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-03-05 21:02:16 0 d-------- C:\MAGIX
2007-03-05 20:43:50 0 d-------- C:\WINDOWS\system32\URTTemp
2007-03-05 20:34:56 80480 --a------ C:\WINDOWS\system32\msrclr40.dll
2007-03-05 20:34:55 35424 --a------ C:\WINDOWS\system32\msrecr40.dll
2007-03-05 20:32:00 0 d-------- C:\Program Files\Common Files\Teleca Shared<TELECA~1>
2007-03-05 20:28:42 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-03-03 15:04:52 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-03 15:04:52 66560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-03-03 15:04:51 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-03 15:04:51 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-03 15:04:51 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-03 15:04:50 395776 --a------ C:\WINDOWS\system32\rpcss.dll
2007-03-03 15:04:50 581120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-03-03 15:04:50 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-03 15:04:49 1285120 --a------ C:\WINDOWS\system32\ole32.dll
2007-03-03 15:04:49 62464 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-03 15:04:48 101376 --a------ C:\WINDOWS\system32\txflog.dll
2007-03-03 15:04:48 243200 --a------ C:\WINDOWS\system32\es.dll
2007-03-03 15:04:48 1251840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-03 15:04:48 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-03 15:04:47 628224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-03 15:04:47 229888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-03 15:04:09 39936 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-03 15:04:07 614912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-03-03 15:04:06 331264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-03-03 15:04:06 77312 --a------ C:\WINDOWS\system32\browser.dll
2007-03-03 15:00:06 171280 --a------ C:\WINDOWS\system32\jit.dll
2007-03-03 15:00:06 46352 --a------ C:\WINDOWS\setdebug.exe
2007-03-03 15:00:05 139536 --a------ C:\WINDOWS\system32\javaee.dll
2007-03-03 15:00:05 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-03-03 15:00:04 313856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-03-03 14:59:57 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-03-03 14:59:57 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-03-03 14:59:56 171792 --a------ C:\WINDOWS\system32\wjview.exe
2007-03-03 14:59:56 286992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-03-03 14:59:55 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-03-03 14:59:54 947472 --a------ C:\WINDOWS\system32\msjava.dll
2007-03-03 14:59:53 154384 --a------ C:\WINDOWS\system32\msawt.dll
2007-03-03 14:59:53 172304 --a------ C:\WINDOWS\system32\jview.exe
2007-03-03 14:59:52 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-03-03 14:59:52 404752 --a------ C:\WINDOWS\system32\javart.dll
2007-03-03 14:59:51 63248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-03-03 14:59:51 187152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-03-03 14:59:49 49424 --a------ C:\WINDOWS\system32\clspack.exe
2007-03-03 14:56:45 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-03 14:53:41 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-03-03 14:53:41 0 d--h---c- C:\WINDOWS\$xpsp1hfm$<$XPSP1~1>


-- Find3M Report ---------------------------------------------------------------

2007-04-03 22:41:42 0 d-------- C:\Program Files\Soulseek
2007-03-21 22:52:59 0 d-------- C:\Program Files\Messenger Plus! Live<MESSEN~2>
2007-03-20 01:10:16 0 d---s---- C:\Documents and Settings\ME\Application Data\Microsoft<MICROS~1>
2007-03-12 19:56:18 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-10 1730 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-10 16:53:01 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-10 16:51:58 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-10 16:46:34 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-10 16:42:31 250032 -rahs---- C:\ntldr
2007-03-05 20:41:02 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-05 20:28:37 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-04 22:16:13 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-03 15:05:02 0 d-------- C:\Documents and Settings\ME\Application Data\Ahead
2007-02-28 21:04:38 3584 --a------ C:\WINDOWS\system32\ksys.sys
2007-02-28 02:35:16 0 d-------- C:\Program Files\COMPAQ
2007-02-28 01:46:49 0 d-------- C:\Documents and Settings\ME\Application Data\Apple Computer<APPLEC~1>
2007-02-28 01:39:52 0 d-------- C:\Documents and Settings\ME\Application Data\Sun
2007-02-28 01:39:31 0 d-------- C:\Program Files\Java
2007-02-28 01:37:10 0 d-------- C:\Program Files\Common Files\Java
2007-02-28 01:36:23 0 d-------- C:\Documents and Settings\ME\Application Data\Macromedia<MACROM~1>
2007-02-28 01:29:46 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-02-28 01:26:37 0 d-------- C:\Program Files\eags on!<EAGSON~1>
2007-02-28 00:40:27 0 d-------- C:\Program Files\BroadJump<BROADJ~1>
2007-02-28 00:40:09 8362602 --a------ C:\back_up.reg
2007-02-25 11:40:23 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-02-25 11:40:23 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-02-25 11:35:17 0 d-------- C:\Program Files\Common Files\Ahead
2007-02-25 11:27:45 0 d-------- C:\Program Files\Nero
2007-02-23 05:29:58 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-02-23 05:29:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 05:29:49 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 05:29:49 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 05:25:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-02-23 05:25:24 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-02-23 05:25:23 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-02-23 05:25:22 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-02-23 05:25:22 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-02-23 05:25:22 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-02-23 05:25:22 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-02-23 05:25:22 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 05:25:19 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-02-23 05:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-02-23 05:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-02-23 05:25:19 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-02-16 02:40:35 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-02-07 13:39:08 517840 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-02-07 13:39:04 132816 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-01-19 13:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SpywareBot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Smtray"
"hkey"="HKLM"
"command"="Smtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="srmclean"
"hkey"="HKLM"
"command"="C:\\Cpqs\\Scom\\srmclean.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="coloreal"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\COMPAQ\\Coloreal\\coloreal.exe\""
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0



-- End of Deckard's System Scanner: finished at 2007-04-03 at 22:45:18 ---------
Attached Files
File Type: txt extra.txt (6.2 KB, 1 views)
QUIGGS2001 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-03-2007, 04:15 PM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,752
OS: 2000 Pro; XP Pro; XP Home


Re: Win32/Rustock.gen!C (help!)
  1. Download ComboFix from one of these locations:
  2. Double click on ComboFix.exe & follow the prompts.
  3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Also, please do this:

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config
Click on "Check All"

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 04-03-2007, 04:29 PM   #5 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 8
OS: XP


Re: Win32/Rustock.gen!C (help!)
"ME" - 07-04-03 23:19:43 Service Pack 2
ComboFix 07-04-04 - Running from: "C:\Documents and Settings\ME\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\ksys.sys


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\EXAMPLE
-------\EXAMPLE1
-------\Runtime
-------\LEGACY_EXAMPLE
-------\LEGACY_EXAMPLE1
-------\LEGACY_MCHINJDRV
-------\LEGACY_RUNTIME


((((((((((((((((((((((((((((((( Files Created from 2007-03-03 to 2007-04-03 ))))))))))))))))))))))))))))))))))


2007-04-03 22:42 <DIR> d-------- C:\Deckard
2007-04-03 15:40 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-03 15:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-04-03 15:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
2007-04-03 15:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
2007-04-03 15:12 <DIR> d-------- C:\Program Files\Windows Defender
2007-04-03 02:28 <DIR> d-------- C:\DOCUME~1\ME\APPLIC~1\SpywareBot
2007-04-03 02:09 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-03 01:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-03 01:09 <DIR> d-------- C:\DOCUME~1\ME\.housecall6.6
2007-04-01 20:10 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-03-29 02:36 <DIR> d-------- C:\DOCUME~1\ME\APPLIC~1\DivX
2007-03-29 02:35 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-29 02:35 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-29 02:35 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-28 20:01 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-28 20:01 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-28 20:01 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-03-28 20:01 <DIR> d-------- C:\Program Files\DivX
2007-03-27 16:03 <DIR> d-------- C:\Program Files\Dan Elwell's Broadband Speed Test
2007-03-27 15:55 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-03-27 13:55 <DIR> d-------- C:\WINDOWS\pss
2007-03-21 22:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-03-19 17:39 <DIR> d-------- C:\DOCUME~1\ME\APPLIC~1\VideoEgg
2007-03-19 17:38 <DIR> d-------- C:\Program Files\VideoEgg
2007-03-19 17:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoEgg
2007-03-15 22:57 <DIR> d-------- C:\Program Files\SymNetDrv
2007-03-15 22:38 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-03-15 22:37 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-03-15 22:37 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-03-15 22:37 <DIR> d-------- C:\Program Files\Symantec
2007-03-15 22:37 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-03-15 22:37 <DIR> d-------- C:\DOCUME~1\ME\APPLIC~1\Symantec
2007-03-15 22:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-03-13 02:03 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-03-13 02:02 <DIR> d-------- C:\Program Files\pspvideo9
2007-03-12 00:12 <DIR> d-------- C:\DOCUME~1\ME\APPLIC~1\uTorrent
2007-03-11 15:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-03-11 15:16 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-03-11 13:18 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-03-10 17:07 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-03-10 17:07 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-03-10 17:07 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-03-10 17:02 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-10 16:55 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-03-10 16:51 <DIR> d-------- C:\WINDOWS\provisioning
2007-03-10 16:51 <DIR> d-------- C:\WINDOWS\peernet
2007-03-10 16:47 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-03-10 16:41 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-10 16:40 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-10 16:36 <DIR> d-------- C:\WINDOWS\EHome
2007-03-10 16:29 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-03-10 16:29 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-03-10 16:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-05 21:02 <DIR> d-------- C:\MAGIX
2007-03-05 20:43 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-03-05 20:34 80,480 --a------ C:\WINDOWS\system32\msrclr40.dll
2007-03-05 20:34 35,424 --a------ C:\WINDOWS\system32\msrecr40.dll
2007-03-05 20:32 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-03-05 20:28 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-03-03 15:04 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-03 15:04 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-03 15:04 77,312 --a------ C:\WINDOWS\system32\browser.dll
2007-03-03 15:04 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-03-03 15:04 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-03 15:04 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-03 15:04 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-03-03 15:04 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-03-03 15:04 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-03 15:04 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-03 15:04 395,776 --a------ C:\WINDOWS\system32\rpcss.dll
2007-03-03 15:04 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-03 15:04 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-03-03 15:04 243,200 --a------ C:\WINDOWS\system32\es.dll
2007-03-03 15:04 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-03 15:04 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-03 15:04 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-03 15:04 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2007-03-03 15:04 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2007-03-03 15:04 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-03 15:00 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-03-03 15:00 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-03-03 15:00 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-03-03 15:00 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-03-03 15:00 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-03-03 14:59 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-03-03 14:59 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-03-03 14:59 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-03-03 14:59 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-03-03 14:59 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-03-03 14:59 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-03-03 14:59 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-03-03 14:59 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-03-03 14:59 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-03-03 14:59 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-03-03 14:59 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-03-03 14:59 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-03-03 14:59 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-03-03 14:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-03 14:53 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-03-03 14:53 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. ... attempting disinfection
pe386 ...... driver unloaded successfully.
ADS removed - system32: deleted 73098 bytes in 1 streams.

2007-04-03 23:19 -------- d-------- C:\Program Files\soulseek
2007-03-21 22:52 -------- d-------- C:\Program Files\messenger plus! live
2007-03-12 19:56 -------- d-------- C:\Program Files\quicktime
2007-03-10 17:06 -------- d-------- C:\Program Files\msn messenger
2007-03-10 16:53 -------- d-------- C:\Program Files\messenger
2007-03-10 16:51 -------- d-------- C:\Program Files\movie maker
2007-03-10 16:46 -------- d-------- C:\Program Files\windows nt
2007-03-05 20:41 -------- d--h----- C:\Program Files\installshield installation information
2007-03-05 20:28 -------- d-------- C:\Program Files\Common Files\installshield
2007-02-28 02:35 -------- d-------- C:\Program Files\compaq
2007-02-28 01:39 -------- d-------- C:\Program Files\java
2007-02-28 01:39 -------- d-------- C:\DOCUME~1\ME\APPLIC~1\sun
2007-02-28 01:37 -------- d-------- C:\Program Files\Common Files\java
2007-02-28 01:29 -------- d--h----- C:\Program Files\windowsupdate
2007-02-28 01:26 -------- d-------- C:\Program Files\eags on!
2007-02-28 00:40 8362602 --a------ C:\back_up.reg
2007-02-25 11:40 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-02-25 11:40 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-02-25 11:27 -------- d-------- C:\Program Files\nero
2007-02-23 05:29 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-02-23 05:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 05:29 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 05:29 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 05:25 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-02-23 05:25 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-02-23 05:25 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-02-23 05:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-02-23 05:25 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-02-23 05:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-02-23 05:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-02-23 05:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-02-23 05:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-02-23 05:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-02-23 05:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 05:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-02-16 02:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-07 13:39 517840 --a------ C:\WINDOWS\system32\symneti.dll
2007-02-07 13:39 269616 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-02-07 13:39 132816 --a------ C:\WINDOWS\system32\symredir.dll
2007-02-07 13:38 47184 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-02-07 13:38 36976 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-02-07 13:38 17968 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-02-07 13:38 173392 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-02-07 13:38 11536 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"SpywareBot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Works Calendar Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Smtray"
"hkey"="HKLM"
"command"="Smtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="srmclean"
"hkey"="HKLM"
"command"="C:\\Cpqs\\Scom\\srmclean.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WCOLOREAL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="coloreal"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\COMPAQ\\Coloreal\\coloreal.exe\""
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-03 23:25:35
C:\ComboFix-quarantined-files.txt ... 07-04-03 23:25





---------





Deckard's System Scanner v20070328.36
Run by ME on 2007-04-03 at 23:27:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2007-04-03 22:27:52 UTC - RP93 - Deckard's System Scanner Restore Point
92: 2007-04-03 21:42:15 UTC - RP92 - Deckard's System Scanner Restore Point
91: 2007-04-03 14:55:22 UTC - RP91 - Software Distribution Service 2.0
90: 2007-04-03 14:38:14 UTC - RP90 - Software Distribution Service 2.0
89: 2007-04-03 14:14:36 UTC - RP89 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-02-25 10:02:51 UTC - RP1 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as ME.exe) --------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:28:00, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ME\desktop\dss.exe
C:\PROGRA~1\HIJACK~1\ME.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bebo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...C01&lc=0809&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/r...search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/r...search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...search&ap=b204
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172622521826
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173539138452
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.northernbank.co.uk/.../e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 smwdm - c:\windows\system32\drivers\smwdm.sys

S3 basic2 - c:\windows\system32\drivers\basic2.sys (file missing)
S3 BthEnum (Bluetooth Request Block Driver) - c:\windows\system32\drivers\bthenum.sys
S3 BthPan (Bluetooth Device (Personal Area Network)) - c:\windows\system32\drivers\bthpan.sys
S3 BTHPORT (Bluetooth Port Driver) - c:\windows\system32\drivers\bthport.sys
S3 BTHUSB (Bluetooth Radio USB Driver) - c:\windows\system32\drivers\bthusb.sys
S3 Rksample - c:\windows\system32\drivers\rksample.sys (file missing)
S3 usbcm (USB Cable Modem 351000 NDIS Driver) - c:\windows\system32\drivers\usbcm.sys
S3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe -k bthsvcs


-- Scheduled Tasks -------------------------------------------------------------

2007-04-03 23:26:42 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-04-03 14:20:01 482 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job<SPYWAR~1.JOB>


-- Files created between 2007-03-03 and 2007-04-03 -----------------------------

2007-04-03 15:40:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust<INTERT~1>
2007-04-03 15:40:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-04-03 15:40:08 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-04-03 15:40:08 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-03 15:12:52 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-04-03 02:28:59 0 d-------- C:\Documents and Settings\ME\Application Data\SpywareBot<SPYWAR~1>
2007-04-03 02:09:16 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-03 01:12:06 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-03 01:09:45 0 d-------- C:\Documents and Settings\ME\.housecall6.6<HOUSEC~1.6>
2007-04-01 20:10:16 0 d-------- C:\Program Files\Windows Live Safety Center<WINDOW~4>
2007-03-29 02:36:28 0 d-------- C:\Documents and Settings\ME\Application Data\DivX
2007-03-29 02:35:50 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-29 02:35:49 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-29 02:35:48 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-03-28 20:01:53 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-03-28 20:01:53 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-03-28 20:01:53 36624 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-28 20:01:35 0 d-------- C:\Program Files\DivX
2007-03-27 16:03:05 0 d-------- C:\Program Files\Dan Elwell's Broadband Speed Test<DANELW~1>
2007-03-27 15:55:52 17024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-03-27 13:55:02 0 d-------- C:\WINDOWS\pss
2007-03-23 01:53:33 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache<QTSBAN~1>
2007-03-21 22:54:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!<MESSEN~1>
2007-03-19 17:39:15 0 d-------- C:\Documents and Settings\ME\Application Data\VideoEgg
2007-03-19 17:38:12 0 d-------- C:\Documents and Settings\All Users\Application Data\VideoEgg
2007-03-19 17:38:06 0 d-------- C:\Program Files\VideoEgg
2007-03-15 22:57:40 0 d-------- C:\Program Files\SymNetDrv<SYMNET~1>
2007-03-15 22:38:23 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1>
2007-03-15 22:37:59 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-03-15 22:37:59 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-03-15 22:37:58 0 d-------- C:\Documents and Settings\ME\Application Data\Symantec
2007-03-15 22:37:39 0 d-------- C:\Program Files\Symantec
2007-03-15 22:37:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-03-15 22:37:30 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-13 02:03:02 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5>
2007-03-13 02:02:57 0 d-------- C:\Program Files\pspvideo9<PSPVID~1>
2007-03-12 00:12:23 0 d-------- C:\Documents and Settings\ME\Application Data\uTorrent
2007-03-11 15:16:18 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-03-11 15:16:16 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-11 13:18:51 127208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-03-10 17:07:59 8192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-03-10 17:07:59 27136 --a------ C:\WINDOWS\system32\irmon.dll
2007-03-10 17:07:59 152576 --a------ C:\WINDOWS\system32\irftp.exe
2007-03-10 17:02:42 0 d-------- C:\WINDOWS\Prefetch
2007-03-10 16:55:05 221184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-03-10 16:51:58 0 d-------- C:\WINDOWS\peernet
2007-03-10 16:51:55 0 d-------- C:\WINDOWS\provisioning<PROVIS~1>
2007-03-10 16:47:09 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1>
2007-03-10 16:41:03 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-10 16:40:32 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-10 16:36:22 0 d-------- C:\WINDOWS\EHome
2007-03-10 16:29:03 11776 -----n--- C:\WINDOWS\system32\spnpinst.exe
2007-03-10 16:29:02 4569 -----n--- C:\WINDOWS\system32\secupd.dat
2007-03-10 16:08:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-03-05 21:02:16 0 d-------- C:\MAGIX
2007-03-05 20:43:50 0 d-------- C:\WINDOWS\system32\URTTemp
2007-03-05 20:34:56 80480 --a------ C:\WINDOWS\system32\msrclr40.dll
2007-03-05 20:34:55 35424 --a------ C:\WINDOWS\system32\msrecr40.dll
2007-03-05 20:32:00 0 d-------- C:\Program Files\Common Files\Teleca Shared<TELECA~1>
2007-03-05 20:28:42 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-03-03 15:04:52 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-03 15:04:52 66560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-03-03 15:04:51 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-03 15:04:51 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-03 15:04:51 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-03 15:04:50 395776 --a------ C:\WINDOWS\system32\rpcss.dll
2007-03-03 15:04:50 581120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-03-03 15:04:50 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-03 15:04:49 1285120 --a------ C:\WINDOWS\system32\ole32.dll
2007-03-03 15:04:49 62464 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-03 15:04:48 101376 --a------ C:\WINDOWS\system32\txflog.dll
2007-03-03 15:04:48 243200 --a------ C:\WINDOWS\system32\es.dll
2007-03-03 15:04:48 1251840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-03 15:04:48 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-03 15:04:47 628224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-03 15:04:47 229888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-03 15:04:09 39936 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-03 15:04:07 614912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-03-03 15:04:06 331264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-03-03 15:04:06 77312 --a------ C:\WINDOWS\system32\browser.dll
2007-03-03 15:00:06 171280 --a------ C:\WINDOWS\system32\jit.dll
2007-03-03 15:00:06 46352 --a------ C:\WINDOWS\setdebug.exe
2007-03-03 15:00:05 139536 --a------ C:\WINDOWS\system32\javaee.dll
2007-03-03 15:00:05 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-03-03 15:00:04 313856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-03-03 14:59:57 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-03-03 14:59:57 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-03-03 14:59:56 171792 --a------ C:\WINDOWS\system32\wjview.exe
2007-03-03 14:59:56 286992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-03-03 14:59:55 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-03-03 14:59:54 947472 --a------ C:\WINDOWS\system32\msjava.dll
2007-03-03 14:59:53 154384 --a------ C:\WINDOWS\system32\msawt.dll
2007-03-03 14:59:53 172304 --a------ C:\WINDOWS\system32\jview.exe
2007-03-03 14:59:52 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-03-03 14:59:52 404752 --a------ C:\WINDOWS\system32\javart.dll
2007-03-03 14:59:51 63248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-03-03 14:59:51 187152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-03-03 14:59:49 49424 --a------ C:\WINDOWS\system32\clspack.exe
2007-03-03 14:56:45 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-03 14:53:41 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-03-03 14:53:41 0 d--h---c- C:\WINDOWS\$xpsp1hfm$<$XPSP1~1>


-- Find3M Report ---------------------------------------------------------------

2007-04-03 23:19:25 0 d-------- C:\Program Files\Soulseek
2007-03-21 22:52:59 0 d-------- C:\Program Files\Messenger Plus! Live<MESSEN~2>
2007-03-20 01:10:16 0 d---s---- C:\Documents and Settings\ME\Application Data\Microsoft<MICROS~1>
2007-03-12 19:56:18 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-10 1730 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-10 16:53:01 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-10 16:51:58 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-10 16:46:34 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-10 16:42:31 250032 -rahs---- C:\ntldr
2007-03-05 20:41:02 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-05 20:28:37 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-04 22:16:13 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-03 15:05:02 0 d-------- C:\Documents and Settings\ME\Application Data\Ahead
2007-02-28 02:35:16 0 d-------- C:\Program Files\COMPAQ
2007-02-28 01:46:49 0 d-------- C:\Documents and Settings\ME\Application Data\Apple Computer<APPLEC~1>
2007-02-28 01:39:52 0 d-------- C:\Documents and Settings\ME\Application Data\Sun
2007-02-28 01:39:31 0 d-------- C:\Program Files\Java
2007-02-28 01:37:10 0 d-------- C:\Program Files\Common Files\Java
2007-02-28 01:36:23