|
|
|
Can help me with my HJT Log please
|
|
Newbie
|
26. October 2008 @ 21:52 |
Link to this message
|
So a while back Spybot found Virtumonde on my computer, It said it removed it and I am just making sure there is no trace of that left in my computer.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:50 PM, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\3.0.0.41\ccProxy.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/Documents and Settings/HP_Administrator/My Documents/My Music/Temp/Tunebite/.downloading/profile/rrproxy_ie_48dc4564.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-825630716-4050279919-1078891980-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-825630716-4050279919-1078891980-500\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-825630716-4050279919-1078891980-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-21-825630716-4050279919-1078891980-501\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User 'Guest')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - http://asp.mathxl.com/wizmodules/testgen...GenXInstall.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/v...l/installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} - http://www.candystand.com/assets/activex...acheManager.CAB
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: c_2wan - c_2wan.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\AddOns\Norton AddOn Pack\Engine\3.0.0.41\ccProxy.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 15506 bytes
Thank You
|
|
Advertisement
|
 |
|
|
Senior Member
|
26. October 2008 @ 23:18 |
Link to this message
|
Hi Klinster
Nothing much that I can see from your HijackThis log, but let's do some advanced scanning.
Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Do not click on the ComoboFix window, as it may cause it to stall.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Newbie
|
27. October 2008 @ 21:51 |
Link to this message
|
Thanks for your time cdavfrew; on a side note after running Combo Fix and restarting the computer, which was not required by Combo Fix, I noticed that my computer start up time was a few seconds faster than normal.
Log as follows:
ComboFix 08-10-27.02 - HP_Administrator 2008-10-27 18:30:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2417 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))
.
2008-10-26 18:19 . 2008-10-26 18:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-23 13:02 . 2008-10-15 09:34 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-21 12:23 . 2008-10-21 12:33 <DIR> d-------- C:\Program Files\Norton Support
2008-10-14 15:27 . 2008-10-14 15:26 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-10-14 15:26 . 2008-10-14 15:26 <DIR> d-------- C:\WINDOWS\system32\drivers\NIS
2008-10-14 15:26 . 2008-10-14 15:26 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-14 15:26 . 2008-10-14 15:26 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-10-14 15:26 . 2008-10-14 15:26 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-14 15:26 . 2008-10-14 15:26 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-14 15:26 . 2008-10-14 15:26 10,635 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-14 15:26 . 2008-10-14 15:26 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-14 15:20 . 2008-10-14 15:20 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-10-14 15:12 . 2008-10-14 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-10-14 15:12 . 2008-10-14 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-14 15:10 . 2008-10-14 15:10 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-14 15:10 . 2008-10-26 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-14 15:03 . 2008-10-26 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-10-14 14:36 . 2008-09-15 05:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 14:36 . 2008-09-08 03:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 14:35 . 2008-08-14 03:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 14:35 . 2008-08-14 03:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 14:35 . 2008-08-14 02:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 14:35 . 2008-08-14 02:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-07 12:38 . 2008-10-07 12:38 <DIR> d-------- C:\Program Files\iPod
2008-10-07 12:38 . 2008-10-07 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-28 01:17 --------- d-----w C:\Program Files\SpeedFan
2008-10-28 01:11 --------- d-----w C:\Program Files\Windows Desktop Search
2008-10-27 01:36 --------- d-----w C:\Program Files\Yahoo!
2008-10-27 01:36 --------- d-----w C:\Program Files\Trillian
2008-10-27 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-27 01:10 --------- d-----w C:\Program Files\PeerGuardian2
2008-10-27 01:10 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2008-10-21 15:21 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-14 22:26 --------- d-----w C:\Program Files\Symantec
2008-10-14 22:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-14 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-14 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-07 19:39 --------- d-----w C:\Program Files\iTunes
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-02 22:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-27 19:00 --------- d-----w C:\Program Files\Common Files\Acon Digital Media
2008-09-27 19:00 --------- d-----w C:\Program Files\Acon Digital Media
2008-09-26 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-09-24 17:32 28,672 ----a-w C:\WINDOWS\system32\iolobtdfg.exe
2008-09-23 02:20 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-23 02:15 --------- d-----w C:\Program Files\Windows Live
2008-09-23 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-20 15:45 --------- d-----w C:\Program Files\LimeWire
2008-09-19 04:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-09-19 04:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-19 04:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-19 03:58 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-09-17 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-15 17:07 43,552 ----a-w C:\WINDOWS\system32\drivers\tbhsd.sys
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 23:54 --------- d-----w C:\Program Files\MediaJoin
2008-09-14 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}
2008-09-14 23:53 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Seven Zip
2008-09-14 19:36 652,152 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-09-14 18:47 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\dBpoweramp
2008-09-14 18:31 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AccurateRip
2008-09-13 19:58 --------- d--h--w C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2008-09-11 04:43 --------- d-----w C:\Program Files\Bonjour
2008-09-11 04:42 --------- d-----w C:\Program Files\QuickTime
2008-09-11 04:41 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-09 23:45 8,192 ----a-w C:\WINDOWS\system32\smrgdf.exe
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 02:23 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Windows Search
2008-09-07 02:23 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\DisplayTune
2008-09-07 02:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 02:18 62,009 ----a-w C:\WINDOWS\system32\wpfb_ialmrnt5.dll
2008-09-07 02:18 --------- d-----w C:\Program Files\Portrait Displays
2008-09-07 02:18 --------- d-----w C:\Program Files\Common Files\Portrait Displays
2008-09-07 02:18 --------- d-----w C:\Program Files\Acer Display
2008-09-02 23:29 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-08-30 04:42 --------- d-----w C:\Program Files\Nokia
2008-08-30 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-30 04:41 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-30 04:21 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-30 04:19 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-06 22:19 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2007-05-30 23:02 1,016 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-02-13 02:10 2,682,880 ------w C:\Documents and Settings\All Users\VCREDI~3.EXE
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r C:\WINDOWS\system32\nbDX.dll
2008-07-07 00:04 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070620080707\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"Google Update"="C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-10 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 77824]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 C:\WINDOWS\sm56hlpr.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 C:\WINDOWS\ALCWZRD.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 C:\WINDOWS\system32\bthprops.cpl]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.l3acm"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-10-14 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-10-14 254512]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-10-14 362544]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081015.001\IDSxpx86.sys [2008-10-14 274808]
R1 Pivot;Pivot;C:\WINDOWS\system32\drivers\pivot.sys [2007-02-09 17465]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ]
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-01 22400]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2007-02-09 11323]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901dc2ab-f5a8-11da-b5f6-0015f23559df}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a535cdbe-0a8f-11da-8062-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-27 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-10 22:22]
2008-10-28 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
Notify-c_2wan - c_2wan.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1zbw8fqu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
FF -: plugin - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 18:34:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
.
Completion time: 2008-10-27 18:35:33
ComboFix-quarantined-files.txt 2008-10-28 01:35:27
Pre-Run: 84,872,568,832 bytes free
Post-Run: 84,902,961,152 bytes free
277 --- E O F --- 2008-10-21 02:50:28
|
Senior Member
|
28. October 2008 @ 01:20 |
Link to this message
|
Hey Klinster
You are still infected, sadly. Let's try another scanner.
Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.
Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.
Configuring Malwarebytes
? Click on the tab Settings.
? Make sure only these boxes are checked:
Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects
Updating Malwarebytes
? Click on the tab Update.
? Press the button Check for Updates
? Wait for Malwarebytes to be fully updated.
Scanning Time
? Click on the tab Scanner.
? Check Perform full scan and click on Scan
? Wait for the scan to complete, and then click on Show Results.
? Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.
Post A Log
? A text box will pop up after the removal process is over. Post the contents of the text here.
? If no text box pops up, launch Malwarebytes, and click on the tab Logs.
? The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
? Post the log here.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Newbie
|
28. October 2008 @ 19:32 |
Link to this message
|
Sorry for being late on the posts, but here is the mbam log
Malwarebytes' Anti-Malware 1.30
Database version: 1333
Windows 5.1.2600 Service Pack 3
10/28/2008 4:20:49 PM
mbam-log-2008-10-28 (16-20-49).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 235068
Time elapsed: 2 hour(s), 27 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
|
Senior Member
|
29. October 2008 @ 01:13 |
Link to this message
|
Hey Klinster
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
Open Notepad and copy/paste the text in the code box below into it:
DirLook::
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
C:\Documents and Settings\All Users\Application Data\PCSettings
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}
FileLook::
C:\WINDOWS\system32\wpfb_ialmrnt5.dll
C:\WINDOWS\_MSRSTRT.EXE
File::
C:\WINDOWS\system32\iolobtdfg.exe
C:\WINDOWS\system32\smrgdf.exe
? Save this as CFScript.txt in the same folder as ComboFix.
? Then drag the CFScript.txt into Combo-Fix.exe.
? This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).
Do not click on the ComoboFix window, as it may cause it to stall.
After that, let's try another scanner.
Please download Superantispyware Free and install it. Follow the prompts and reboot if required.
Launch Superantispyware Free either by running C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...
Configuring SuperAntispyware
? Click on Preferences.
? In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.
? Navigate to the tab Scanning Control.
? Make sure only these boxes are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
Scan Alternate Data Streams
Use Kernel Direct File Access (recommended)
Use Kernel Direct Registry Access (recommended)
Use Direct Disk Access (recommended)
? Click on Close.
Updating SuperAntispyware
? At the main window, click on Check for Updates....
? Wait for SuperAntispyware to be fully updated.
Scanning Time
? Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.
? Launch SuperAntispyware.
? At the main window, click on Scan your Computer....
? Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.
? Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.
? Reboot your computer.
Post A Log
? Launch SuperAntispyware
? Click on Preferences
? Navigate to the tab Statistics/Logs.
? Choose the latest scan log, and the click on View Log....
? Copy and paste the contents of the log here in your next post.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Newbie
|
31. October 2008 @ 16:05 |
Link to this message
|
Sorry for the delay, I have been very busy. The following is the ComboFix Log, followed by the SUPERAntiSpyware Log
ComboFix 08-10-27.02 - HP_Administrator 2008-10-29 19:50:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2378 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\iolobtdfg.exe
C:\WINDOWS\system32\smrgdf.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\iolobtdfg.exe
C:\WINDOWS\system32\smrgdf.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.
2008-10-28 13:49 . 2008-10-28 13:49 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-10-28 13:49 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-28 13:49 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-28 13:48 . 2008-10-28 13:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-28 13:48 . 2008-10-28 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 18:19 . 2008-10-26 18:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-23 13:02 . 2008-10-15 09:34 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-21 12:23 . 2008-10-21 12:33 <DIR> d-------- C:\Program Files\Norton Support
2008-10-14 15:27 . 2008-10-14 15:26 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-10-14 15:26 . 2008-10-14 15:26 <DIR> d-------- C:\WINDOWS\system32\drivers\NIS
2008-10-14 15:26 . 2008-10-14 15:26 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-14 15:26 . 2008-10-14 15:26 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-10-14 15:26 . 2008-10-14 15:26 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-14 15:26 . 2008-10-14 15:26 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-14 15:26 . 2008-10-14 15:26 10,635 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-14 15:26 . 2008-10-14 15:26 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-14 15:20 . 2008-10-14 15:20 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-10-14 15:12 . 2008-10-14 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-10-14 15:12 . 2008-10-14 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-14 15:10 . 2008-10-14 15:10 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-14 15:10 . 2008-10-26 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-14 15:03 . 2008-10-26 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-10-14 14:36 . 2008-09-15 05:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 14:36 . 2008-09-08 03:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 14:35 . 2008-08-14 03:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 14:35 . 2008-08-14 03:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 14:35 . 2008-08-14 02:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 14:35 . 2008-08-14 02:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-07 12:38 . 2008-10-07 12:38 <DIR> d-------- C:\Program Files\iPod
2008-10-07 12:38 . 2008-10-07 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-27 12:00 . 2008-09-27 12:00 <DIR> d-------- C:\Program Files\Common Files\Acon Digital Media
2008-09-27 12:00 . 2008-09-27 12:00 <DIR> d-------- C:\Program Files\Acon Digital Media
2008-09-25 18:44 . 2008-09-25 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-09-18 21:32 . 2008-09-18 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-09-18 21:13 . 2008-09-18 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-18 20:58 . 2008-09-18 20:58 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-09-15 10:07 . 2008-09-15 10:07 43,552 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
2008-09-14 16:54 . 2008-09-14 16:54 <DIR> d-------- C:\Program Files\MediaJoin
2008-09-14 16:54 . 2008-09-14 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}
2008-09-14 16:53 . 2008-09-14 16:53 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Seven Zip
2008-09-14 12:36 . 2008-09-14 12:36 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp
2008-09-14 12:36 . 2008-09-14 12:36 3,065 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2008-09-13 11:08 . 2008-09-13 11:08 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2008-09-13 11:08 . 2008-09-13 11:08 2,987 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-09-13 11:07 . 2008-09-13 11:04 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2008-09-13 11:07 . 2008-09-13 11:07 3,625 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2008-09-13 10:59 . 2008-09-13 10:59 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-09-13 10:59 . 2008-09-13 10:59 13,853 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-09-10 21:43 . 2008-09-10 21:43 <DIR> d-------- C:\Program Files\Bonjour
2008-09-10 21:41 . 2008-09-10 21:42 <DIR> d-------- C:\Program Files\QuickTime
2008-09-08 18:44 . 2006-09-12 03:46 227,328 -r-hs---- C:\WINDOWS\system32\ac3DX.ax
2008-09-08 18:44 . 2008-03-16 05:30 216,064 -r-hs---- C:\WINDOWS\system32\nbDX.dll
2008-09-08 18:44 . 2006-03-10 13:48 169,472 -r-hs---- C:\WINDOWS\system32\MatroskaDX.ax
2008-09-08 18:44 . 2006-05-03 02:06 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2008-09-08 18:44 . 2005-11-25 12:46 161,792 -r-hs---- C:\WINDOWS\system32\RealMediaDX.ax
2008-09-08 18:44 . 2006-01-12 15:23 123,904 -r-hs---- C:\WINDOWS\system32\AVCDX.ax
2008-09-08 18:44 . 2003-11-20 15:00 54,784 -r-hs---- C:\WINDOWS\system32\RLAPEDec.ax
2008-09-08 18:44 . 2004-04-26 15:00 37,888 -r-hs---- C:\WINDOWS\system32\RLMPCDec.ax
2008-09-08 18:44 . 2007-02-21 03:47 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2008-09-06 19:23 . 2008-09-06 19:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Windows Search
2008-09-06 19:23 . 2008-09-06 19:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DisplayTune
2008-09-06 19:19 . 2006-11-16 17:20 15,920 --a------ C:\WINDOWS\system32\drivers\PdiPorts.sys
2008-09-06 19:19 . 2007-09-14 12:34 11,776 --a------ C:\WINDOWS\system32\drivers\pdiddcci.sys
2008-09-06 19:18 . 2008-09-06 19:18 <DIR> d-------- C:\Program Files\Portrait Displays
2008-09-06 19:18 . 2008-09-06 19:18 <DIR> d-------- C:\Program Files\Common Files\Portrait Displays
2008-09-06 19:18 . 2008-09-06 19:18 <DIR> d-------- C:\Program Files\Acer Display
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 02:43 --------- d-----w C:\Program Files\SpeedFan
2008-10-29 05:27 --------- d-----w C:\Program Files\Trillian
2008-10-28 04:02 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2008-10-28 03:50 --------- d-----w C:\Program Files\PeerGuardian2
2008-10-28 03:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-28 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-28 01:11 --------- d-----w C:\Program Files\Windows Desktop Search
2008-10-27 01:36 --------- d-----w C:\Program Files\Yahoo!
2008-10-21 15:21 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-14 22:26 --------- d-----w C:\Program Files\Symantec
2008-10-14 22:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-14 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-14 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-07 19:39 --------- d-----w C:\Program Files\iTunes
2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-02 22:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-23 02:20 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-23 02:15 --------- d-----w C:\Program Files\Windows Live
2008-09-23 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-20 15:45 --------- d-----w C:\Program Files\LimeWire
2008-09-19 04:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-17 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-14 19:36 652,152 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-09-14 18:47 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\dBpoweramp
2008-09-14 18:31 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AccurateRip
2008-09-13 19:58 --------- d--h--w C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2008-09-11 04:41 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 02:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 02:18 62,009 ----a-w C:\WINDOWS\system32\wpfb_ialmrnt5.dll
2008-09-02 23:29 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-08-30 04:42 --------- d-----w C:\Program Files\Nokia
2008-08-30 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-30 04:41 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-30 04:21 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-30 04:19 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-06 22:19 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 05:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 -c--a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-06 23:57 61,440 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-07-06 23:57 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-07-06 23:57 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-07-06 23:57 40,960 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-07-06 23:57 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-07-06 23:57 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-07-06 23:57 287,310 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2008-07-06 23:57 163,840 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2007-05-30 23:02 1,016 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-02-13 02:10 2,682,880 ------w C:\Documents and Settings\All Users\VCREDI~3.EXE
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r C:\WINDOWS\system32\nbDX.dll
2008-07-07 00:04 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070620080707\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\_MSRSTRT.EXE -- Unable to find Resource table header.
MD5: 815372073da85b2098a37ded84083c8a
---- C:\WINDOWS\system32\wpfb_ialmrnt5.dll ----
Company: Portrait Displays, Inc.
File Description: Pivot Software Display Driver
File Version: 8.21
Product Name: Pivot Sofware
Copyright: Copyright (C) 1993-2007 Portrait Displays, Inc.
Original file name: wpfb.dll
MD5: d6a09c297499552194b94f4fd5798d0d
---- Directory of C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ----
2008-07-04 13:35 54632 --a------ C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
2008-04-24 08:25 11168 --a------ C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
2008-04-17 13:12 319456 --a------ C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
2008-04-17 13:12 2761 --a------ C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
2008-04-17 13:12 15464 --a------ C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
2008-04-17 13:12 107368 --a------ C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
---- Directory of C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E} ----
2008-09-14 16:54 2640 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\setup_mj.par
2008-09-14 16:54 121 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\setup_mj.dat
2008-09-14 16:54 0 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}
2008-09-14 16:54 0 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}
2005-02-18 12:11 385024 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\setup_mj.msi
2005-02-18 12:11 2388523 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\setup_mj.res
2005-02-18 12:11 2145373 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\setup_mj.exe
2005-02-18 12:11 170860 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\mia.dll
2005-02-18 12:10 19718 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFYTMEAEAJNEAJINHMTAGEDIFFFFFF0\MediaJoin.chm
2005-02-17 08:37 1503232 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFYTMEAEAJNEAJINXETAGEDIFFFFFF0\MediaJoin.exe
2004-12-01 14:04 204800 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFYTMEIAYSIKEDADLFARETIRFFFTFF0\MystikMedia.dll
2004-10-26 12:32 1843200 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFGMGCECIOIRESNAUOI2DFIYSRFFTF0\NCTAudioFile2.dll
2004-10-05 15:37 258048 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFRGMMGCVEIEDIRAPUTDFWSSRFFTFF0\Manipulate.dll
2004-05-20 12:24 196608 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFGMGCECIOUIRESNWMIELLISDIFFFF0\NCTWMAFile2.dll
2004-05-20 11:03 1036288 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFGMGCECIOIRSNUORMINLLISDIFFFF0\NCTAudioInformation2.dll
2003-12-08 10:49 116304 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFGMGCECIOIRESNWMRFESXWSYIFFFF0\NCTWMAProfiles.prx
2003-08-07 12:01 237568 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFGMGCVECAIOUIRESLEEDLINSIFFFF0\lame_enc.dll
2003-05-14 19:07 389120 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFIDSSSTM3ACSK43CXWISYDIFFFFFF0\actskn43.ocx
2002-12-20 12:02 1077336 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFIDSSSTM3MSOMTLCXWISYDIFFFFFF0\MSCOMCTL.OCX
2002-07-23 10:19 319488 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFGMGCEEDOLMI0RITCM3DFWSSRFFTF0\LTCML13n.dll
2002-06-25 03:28 40960 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFGMGCVECAIOUIRESWDEAFNSDRFFFF0\wavdest.ax
2002-01-05 12:37 344064 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFIDSSSTM3MSCR0DLFINYSIRFFFFFF0\msvcr70.dll
2001-12-07 06:45 448192 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFRGMMGCVEAP30NA2XOXINSIFFFTFF0\Tab32x30.ocx
2000-05-21 22:00 140488 --a------ C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\offline\IFIDSSSTM3CODL32CXWISYDIFFFFFF0\COMDLG32.OCX
---- Directory of C:\Documents and Settings\All Users\Application Data\PCSettings ----
2008-10-14 15:12 72 --a------ C:\Documents and Settings\All Users\Application Data\PCSettings\PCSettings.ccs
---- Directory of C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP ----
2008-10-14 15:20 22016 --a------ C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP\WiseCustomCall.dll
((((((((((((((((((((((((((((( snapshot@2008-10-27_18.35.05.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-30 02:41:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1d4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"Google Update"="C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-10 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 77824]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 C:\WINDOWS\sm56hlpr.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 C:\WINDOWS\ALCWZRD.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 C:\WINDOWS\system32\bthprops.cpl]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.l3acm"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-10-14 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-10-14 254512]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-10-14 362544]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081027.007\IDSxpx86.sys [2008-10-14 274808]
R1 Pivot;Pivot;C:\WINDOWS\system32\drivers\pivot.sys [2007-02-09 17465]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ]
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-01 22400]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2007-02-09 11323]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901dc2ab-f5a8-11da-b5f6-0015f23559df}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a535cdbe-0a8f-11da-8062-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-08-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-10-28 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-10 22:22]
2008-10-30 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 19:56:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
.
Completion time: 2008-10-29 20:00:02
ComboFix-quarantined-files.txt 2008-10-30 02:59:32
ComboFix2.txt 2008-10-28 01:35:34
Pre-Run: 85,894,369,280 bytes free
Post-Run: 85,874,835,456 bytes free
364 --- E O F --- 2008-10-28 22:41:25
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/31/2008 at 07:11 PM
Application Version : 4.21.1004
Core Rules Database Version : 3617
Trace Rules Database Version: 1603
Scan type : Complete Scan
Total Scan Time : 05:43:44
Memory items scanned : 183
Memory threats detected : 0
Registry items scanned : 8407
Registry threats detected : 0
File items scanned : 180414
File threats detected : 0
This message has been edited since posting. Last time this message was edited on 31. October 2008 @ 22:22
|
Senior Member
|
1. November 2008 @ 03:23 |
Link to this message
|
|
Hey Klinster
Please upload C:\WINDOWS\_MSRSTRT.EXE to www.virustotal.com and tell me what problems you have left.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
Newbie
|
1. November 2008 @ 13:17 |
Link to this message
|
This is what www.virustotal.com said:
File _MSRSTRT.EXE received on 11.01.2008 13:22:32 (CET)
Antivirus Version Last Update Result
AhnLab-V3 - - Win-AppCare/Reboot.2560
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - Tool.Win32.Reboot (Not a Virus)
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - Not_a_virus:RiskTool.Reboot.2560
VirusBuster - - -
Additional information
MD5: 815372073da85b2098a37ded84083c8a
SHA1: 0a70574450bee11c9c09f25f082e0253aa32ceaa
SHA256: 166e8fe44186f356e162ceac313100d0992b70d3a6a029906c2242afc8691c85
SHA512: 2847b1284f86bfe8717148dfa2b22d4bb092252fbe9356c49d86a5c0a76df7d5833f725a9126a3613678c6e19bc26e53ba4a538e7902d1c87cbd33854950804e
Antivirus Version Last Update Result
AhnLab-V3 - - Win-AppCare/Reboot.2560
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - Tool.Win32.Reboot (Not a Virus)
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - Not_a_virus:RiskTool.Reboot.2560
VirusBuster - - -
Additional information
MD5: 815372073da85b2098a37ded84083c8a
SHA1: 0a70574450bee11c9c09f25f082e0253aa32ceaa
SHA256: 166e8fe44186f356e162ceac313100d0992b70d3a6a029906c2242afc8691c85
SHA512: 2847b1284f86bfe8717148dfa2b22d4bb092252fbe9356c49d86a5c0a76df7d5833f725a9126a3613678c6e19bc26e53ba4a538e7902d1c87cbd33854950804e
No problems with the computer it's running smoother and a bit faster.
Just wondering if I can keep all of the programs and run them once in a while. Would that be fine? Any risks involved?
Thanks!
This message has been edited since posting. Last time this message was edited on 1. November 2008 @ 18:16
|
|
Advertisement
|
|
|
Senior Member
|
2. November 2008 @ 01:52 |
Link to this message
|
Hey Klinster
Please upload the file to http://www.uploadmalware.com/
Now.. you are clean. Yes, you can keep all the software (except Combofix, which you must not run on your own), and it is recommended to scan with them from time to time.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
