PC infected with worm, HJT log is attached

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Wednesday 5.3.2025 / 22:29

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > pc infected with worm, hjt log is attached

Browse by topic

Forums

Start a new thread

PC infected with worm, HJT log is attached

Jump to:

Posted

Message

786khan

Newbie

31. October 2008 @ 03:58

Link to this message

Hi all,

I am pretty annoyed by this 'unknown' worm. I had check in google and the closest i get was brontok.32 but i dun think its the worm which infected my PC. Below are the symptoms:

-- It disables run command, task manager.
-- I cant open registry.
-- I cant open any DOS-related application.
-- It keeps repeating even after i have run RRT.

Quote:
HJT LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:00 PM, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Aventail\Connect\as32.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\sdwork\issimsvc.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\notes\NLNOTES.EXE
C:\notes\ntaskldr.EXE
C:\Program Files\IBM\Lotus\Sametime Connect\rcp\eclipse\plugins\com.ibm.rcp.base_6.1.1.200711051602\win32\x86\eclipse.exe
C:\Program Files\IBM\Lotus\Sametime Connect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.1.1.200711051602\jre\bin\sametime80w.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tucows.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ie/defa...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: **************************************************
O1 - Hosts: *********ASM**********************************
O1 - Hosts: ***************************************************
O1 - Hosts: 53.91.98.60 ASM #ASM
O1 - Hosts: 53.91.98.36 DA1 #s128c601
O1 - Hosts: 53.91.98.39 V01 #s128b607
O1 - Hosts: 53.91.98.37 QA1 #s128c101
O1 - Hosts: 53.91.98.34 Q01 #s128b108
O1 - Hosts: 53.91.98.54 XA1 #s128c100
O1 - Hosts: 53.91.98.54 QX1 #s128c100
O1 - Hosts: 53.91.98.54 IX1 #s128c100
O1 - Hosts: 53.91.98.35 DC1 #s128c602
O1 - Hosts: 53.91.98.38 IA1 #s128c200
O1 - Hosts: 53.91.98.40 PA1STBY #s128c304
O1 - Hosts: 53.91.98.53 MPISTBY #s128c305
O1 - Hosts: 53.91.98.60 TSMDCW #s128a300
O1 - Hosts: 53.91.98.62 sadcm103 #sadcm103
O1 - Hosts: 53.91.98.36 SAPROUTER #s128c601
O2 - BHO: (no name) - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Profiles] PROFILES.EXE
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe
O4 - HKLM\..\Run: [Symantec System DB] symlssdb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [defergui] c:/sdwork/defergui.exe
O4 - HKLM\..\RunServices: [Aviral] AVIR.EXE
O4 - HKCU\..\Policies\Explorer\Run: [99] PROFILES.EXE
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdat...b?1176373645578
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1176376114750
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - Unknown owner - C:\Program Files\C4ebreg\c4ebreg.exe (file missing)
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe

--
End of file - 11509 bytes

Any help/assistance is much appreciated. Thanks!

[ + quote]

Khan

cdavfrew

Senior Member

31. October 2008 @ 06:26

Link to this message

Hi 786khan

Woah.. you are indeed infected. Does SYmantec detect anything?

Now, please download ComboFix.
With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

? Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
? Wait for the scan to be completed.
? If it requires a reboot, please do it.
? After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

Best Regards :D

[ + quote]

Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

786khan

Newbie

31. October 2008 @ 07:15

Link to this message

Hi cdavfrew,

Thanks for your response.

Forgot to include that i have done running ComboFix. What happens is that it works untill the next restart or for a prolonged period till the worm hits back.

And Symantec is not helpful in any way. I believe symantec is not very good against worms since the first time i killed a worm.

Anyway this is a wierd problem, as i cant find any problem with the HJT log also. So i wanted to share it with all.

Before i end, here is another diagnostic:

-- the worm is believed to be spread from a thumb drive or through ppfilm, according to the symantec logs.

Any help/assistance is much appreciated. Thanks!

[ + quote]

Khan

786khan

Newbie

31. October 2008 @ 07:22

Link to this message

Oh I forgot to attached the combofixlog:

Quote:
ComboFix 08-10-09.06 - ibmoper1 2008-10-31 14:32:20.14 - NTFSx86
Running from: D:\Ian\Application\WYM\Ktwo1.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-31 14:20 . 2008-10-31 14:22 <DIR> d-------- C:\Ktwo
2008-10-30 11:53 . 2008-10-30 11:53 <DIR> d-------- C:\Documents and Settings\ibmoper1\Application Data\InstallShield
2008-10-30 07:46 . 2008-10-30 15:54 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-30 07:46 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-30 07:46 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-30 07:46 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-30 07:46 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-30 07:45 . 2008-10-30 07:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-10-30 07:45 . 2008-10-30 07:45 <DIR> d-------- C:\Program Files\Google
2008-10-30 07:45 . 2008-10-30 07:45 <DIR> d-------- C:\Documents and Settings\ibmoper1\Application Data\PC Tools
2008-10-27 21:21 . 2008-10-30 13:42 <DIR> d-------- C:\Program Files\Smart Virus Remover
2008-10-26 17:05 . 2008-10-26 17:07 <DIR> d-------- C:\Program Files\CCleaner
2008-10-25 22:24 . 2008-10-25 22:28 <DIR> d-------- C:\Program Files\BS.Player ControlBar
2008-10-25 22:23 . 2008-10-25 22:23 <DIR> d-------- C:\Program Files\Webteh
2008-10-25 22:23 . 2008-10-25 22:23 <DIR> d-------- C:\Documents and Settings\ibmoper1\Application Data\BSplayer Pro
2008-10-25 22:23 . 2008-10-30 18:51 <DIR> d-------- C:\Documents and Settings\ibmoper1\Application Data\BSplayer
2008-10-25 22:15 . 2008-10-30 18:17 <DIR> d-------- C:\Documents and Settings\ibmoper1\dwhelper
2008-10-24 20:44 . 2008-10-16 00:34 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-19 17:46 . 2008-10-19 17:46 <DIR> d-------- C:\!KillBox
2008-10-18 14:53 . 2008-10-18 16:46 1,216 --a------ C:\WINDOWS\PIPIPlayer.INI
2008-10-16 03:03 . 2008-10-16 03:03 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-10-15 17:56 . 2008-09-08 18:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 17:55 . 2008-08-14 18:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 17:55 . 2008-08-14 18:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 17:55 . 2008-08-14 17:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 17:55 . 2008-08-14 17:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 17:55 . 2008-09-15 20:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 15:02 . 2008-10-14 15:02 <DIR> d-------- C:\WINDOWS\system32\drivers\New Folder
2008-10-14 14:46 . 2008-10-14 14:46 <DIR> d-------- C:\Program Files\Aventail
2008-10-14 13:29 . 2000-04-07 16:35 271,152 --a------ C:\WINDOWS\WBDBV32I.DLL
2008-10-11 19:36 . 2008-10-11 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{ABCF2613-B074-49B8-8A4C-5EA193A250F6}
2008-09-18 21:57 . 2008-09-18 21:57 34 --a------ C:\WINDOWS\system32\BD7820N.DAT
2008-09-16 08:14 . 2008-09-16 08:14 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 08:14 . 2008-09-16 08:14 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-09-16 08:14 . 2008-09-16 08:14 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-09-16 08:11 . 2008-09-16 08:11 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 08:11 . 2008-09-16 08:11 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 08:11 . 2008-09-16 08:11 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 08:11 . 2008-09-16 08:11 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 08:11 . 2008-09-16 08:11 683,520 --a------ C:\WINDOWS\system32\DivX.dll
2008-09-16 08:11 . 2008-09-16 08:11 634,880 --a------ C:\WINDOWS\system32\divxdec.ax
2008-09-16 08:11 . 2008-09-16 08:11 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-09-16 08:11 . 2008-09-16 08:11 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 08:11 . 2008-09-16 08:11 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-11 15:37 . 2008-09-11 15:37 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-09 09:30 . 2008-10-18 12:41 1,247 --a------ C:\WINDOWS\ppFilmPlayer.INI
2008-09-04 21:06 . 2008-09-09 08:14 63,488 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-04 09:26 . 2008-09-04 09:26 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-04 09:26 . 2008-09-04 09:26 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-04 09:26 . 2008-09-04 09:26 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-03 19:03 . 2008-04-14 08:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-09-03 19:03 . 2008-04-14 08:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-09-03 19:01 . 2008-04-14 08:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-09-03 19:01 . 2008-04-14 08:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-03 19:01 . 2008-04-14 08:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-03 19:01 . 2008-04-14 08:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-09-03 19:01 . 2008-04-14 08:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-09-03 19:01 . 2008-10-27 21:42 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-09-03 19:01 . 2008-04-14 08:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-09-03 19:01 . 2008-04-14 08:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-09-03 19:01 . 2008-04-14 08:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-09-03 19:01 . 2008-04-14 08:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-09-03 18:59 . 2008-04-14 08:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-09-03 18:59 . 2008-04-14 08:11 48,640 --------- C:\WINDOWS\system32\dhcpqec.dll
2008-09-03 18:59 . 2008-04-14 08:11 39,936 --------- C:\WINDOWS\system32\dimsroam.dll
2008-09-03 18:59 . 2008-04-14 08:11 19,456 --------- C:\WINDOWS\system32\dimsntfy.dll
2008-09-03 18:59 . 2008-04-14 08:11 12,800 --------- C:\WINDOWS\system32\credssp.dll
2008-09-03 18:59 . 2008-04-14 08:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 06:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-31 01:33 --------- d-----w C:\Program Files\wst
2008-10-30 03:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-30 03:53 --------- d-----w C:\Program Files\Brother
2008-10-30 01:38 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-10-30 01:06 99,840 -c--a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
2008-10-30 01:06 18,432 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
2008-10-30 01:06 150,528 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\uploadm.exe
2008-10-28 00:14 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-10-27 16:46 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
2008-10-27 13:44 8,192 -c--a-w C:\WINDOWS\system32\winhlp32.exe
2008-10-27 13:44 65,024 ----a-w C:\WINDOWS\system32\wextract.exe
2008-10-27 13:44 5,632 -c--a-w C:\WINDOWS\system32\write.exe
2008-10-27 13:44 5,632 ----a-w C:\WINDOWS\system32\winver.exe
2008-10-27 13:44 433,664 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
2008-10-27 13:44 32,256 ----a-w C:\WINDOWS\system32\wpabaln.exe
2008-10-27 13:44 30,720 ----a-w C:\WINDOWS\system32\xcopy.exe
2008-10-27 13:44 13,824 ------w C:\WINDOWS\system32\wscntfy.exe
2008-10-27 13:44 11,776 -c--a-w C:\WINDOWS\system32\winmsd.exe
2008-10-27 13:44 11,264 ----a-w C:\WINDOWS\system32\wpnpinst.exe
2008-10-27 13:42 9,728 -c--a-w C:\WINDOWS\system32\reset.exe
2008-10-27 13:41 9,216 -c--a-w C:\WINDOWS\system32\finger.exe
2008-10-27 13:40 98,304 ----a-w C:\WINDOWS\system32\ahui.exe
2008-10-27 09:30 25,600 -c--a-w C:\WINDOWS\system32\xpsp1hfm.exe
2008-10-27 09:29 146,432 -c--a-w C:\WINDOWS\system32\WudfHost.exe
2008-10-27 09:28 77,824 -c--a-w C:\WINDOWS\system32\wmpstub.exe
2008-10-27 09:28 17,408 -c--a-w C:\WINDOWS\system32\wpdshextautoplay.exe
2008-10-27 09:26 8,704 -c--a-w C:\WINDOWS\system32\wdfmgr.exe
2008-10-27 09:23 8,704 -c--a-w C:\WINDOWS\system32\uwdf.exe
2008-10-27 09:20 16,896 -c--a-w C:\WINDOWS\system32\tswpfwrp.exe
2008-10-27 09:15 15,360 -c--a-w C:\WINDOWS\system32\taskman.exe
2008-10-27 09:13 20,992 ----a-w C:\WINDOWS\system32\spupdwxp.exe
2008-10-27 09:11 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2008-10-27 09:10 32,768 ----a-w C:\WINDOWS\system32\slrundll.exe
2008-10-27 08:46 51,712 -c--a-w C:\WINDOWS\system32\migpwd.exe
2008-10-27 08:41 114,688 -c--a-w C:\WINDOWS\system32\igfxzoom.exe
2008-10-27 08:40 487,424 -c--a-w C:\WINDOWS\system32\igfxcfg.exe
2008-10-27 08:40 151,552 -c--a-w C:\WINDOWS\system32\igfxdiag.exe
2008-10-27 08:40 106,496 -c--a-w C:\WINDOWS\system32\igfxext.exe
2008-10-27 08:36 20,992 ----a-w C:\WINDOWS\system32\faxpatch.exe
2008-10-27 08:34 44,544 -c--a-w C:\WINDOWS\system32\dxdllreg.exe
2008-10-27 08:33 45,056 -c--a-w C:\WINDOWS\system32\DSndUp.exe
2008-10-27 08:33 249,856 -c--a-w C:\WINDOWS\system32\drmupgds.exe
2008-10-27 08:17 70,144 ----a-w C:\WINDOWS\system32\dllcache\pintlphr.exe
2008-10-27 08:08 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-27 07:57 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-10-27 07:55 45,056 -c--a-w C:\WINDOWS\system32\CleanUp.exe
2008-10-27 07:55 20,480 ----a-w C:\WINDOWS\system32\cliconfg.exe
2008-10-27 07:53 69,632 -c--a-w C:\WINDOWS\system32\BRWEBUP.EXE
2008-10-27 07:53 69,632 ----a-w C:\WINDOWS\system32\BRRBTOOL.EXE
2008-10-27 07:53 135,168 -c--a-w C:\WINDOWS\system32\BRSCH05A.EXE
2008-10-27 07:49 892,928 -c--a-w C:\WINDOWS\system32\AIBMRUN.exe
2008-10-27 07:49 380,928 -c--a-w C:\WINDOWS\SynCor.exe
2008-10-27 07:48 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-10-27 07:48 249,856 -c--a-w C:\WINDOWS\Setup1.exe
2008-10-27 06:31 57,344 -c--a-w C:\WINDOWS\isamunin.exe
2008-10-27 06:13 33,792 -c--a-w C:\WINDOWS\ieuninst.exe
2008-10-27 06:07 52,808 -c--a-w C:\WINDOWS\Help\SBSI\Training\usersid.exe
2008-10-27 06:07 233,472 -c--a-w C:\WINDOWS\Help\SBSI\Training\ounins32_s.exe
2008-10-27 06:06 1,077,248 -c--a-w C:\WINDOWS\Help\SBSI\Training\orun32.exe
2008-10-27 06:04 892,928 -c--a-w C:\WINDOWS\aibmrun.exe
2008-10-27 06:04 106,496 -c--a-w C:\WINDOWS\desktopset.exe
2008-10-27 06:03 159,744 -c--a-w C:\WINDOWS\ai8ea7.exe
2008-10-27 03:17 180,224 ----a-w C:\WINDOWS\system32\dwwin.exe
2008-10-26 22:34 744,448 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
2008-10-26 21:23 141,312 ----a-w C:\WINDOWS\system32\sessmgr.exe
2008-10-26 21:23 132,608 ----a-w C:\WINDOWS\system32\rsvp.exe
2008-10-26 21:22 6,144 ----a-w C:\WINDOWS\system32\msdtc.exe
2008-10-26 21:22 289,792 ----a-w C:\WINDOWS\system32\vssvc.exe
2008-10-26 16:09 10,752 ----a-w C:\WINDOWS\system32\dumprep.exe
2008-10-26 16:05 135,680 ----a-w C:\WINDOWS\system32\taskmgr.exe
2008-10-26 14:56 45,056 ----a-w C:\WINDOWS\system32\shmgrate.exe
2008-10-26 14:30 --------- d-----w C:\Program Files\Yahoo!
2008-10-26 14:14 121,856 ----a-w C:\WINDOWS\system32\schtasks.exe
2008-10-26 13:34 80,384 -c--a-w C:\WINDOWS\system32\charmap.exe
2008-10-26 13:34 64,000 ----a-w C:\WINDOWS\system32\cleanmgr.exe
2008-10-26 13:34 538,624 ----a-w C:\WINDOWS\system32\spider.exe
2008-10-26 13:34 32,768 ----a-w C:\WINDOWS\system32\odbcad32.exe
2008-10-26 13:34 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2008-10-26 13:33 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
2008-10-26 13:33 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
2008-10-26 13:33 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
2008-10-26 13:33 35,840 ----a-w C:\WINDOWS\system32\rcimlby.exe
2008-10-26 13:33 215,552 ----a-w C:\WINDOWS\system32\osk.exe
2008-10-26 13:33 143,360 ----a-w C:\WINDOWS\system32\mobsync.exe
2008-10-26 13:33 131,584 ----a-w C:\WINDOWS\system32\sndrec32.exe
2008-10-26 13:31 57,344 -c--a-w C:\WINDOWS\system32\ICONSPY.EXE
2008-10-26 13:31 57,344 -c--a-w C:\WINDOWS\system32\ico.exe
2008-10-26 13:31 36,864 -c--a-w C:\WINDOWS\system32\PMUNINNT.EXE
2008-10-26 13:30 514,560 ----a-w C:\WINDOWS\system32\logonui.exe
2008-10-26 13:30 306,688 -c--a-w C:\WINDOWS\IsUninst.exe
2008-10-26 13:30 20,480 -c--a-w C:\WINDOWS\system32\FSRremoS.EXE
2008-10-26 13:30 172,032 ----a-w C:\WINDOWS\system32\PMUNINST.EXE
2008-10-26 13:30 131,072 -c--a-w C:\WINDOWS\system32\PELMICED.EXE
2008-10-26 13:29 31,744 ----a-w C:\WINDOWS\system32\ntsd.exe
2008-10-26 13:29 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-10-26 12:08 769,024 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
2008-10-26 12:08 123,392 ----a-w C:\WINDOWS\system32\mplay32.exe
2008-10-26 12:08 123,392 ----a-w C:\WINDOWS\system32\dllcache\mplay32.exe
2008-10-26 12:07 347,136 ----a-w C:\WINDOWS\system32\tourstart.exe
.

------- Sigcheck -------

2008-10-26 08:11 1033728 c0e65531c4d78d00579d152ac1142234 C:\WINDOWS\explorer.exe
2008-10-26 14:24 1033216 633489820df25ef68ab680c6462e5081 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-10-26 08:12 1033728 c0e65531c4d78d00579d152ac1142234 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2008-10-26 14:03 15360 9973c4f476620f4154fc0f8e4608c0a7 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-10-26 21:29 15360 a270fa906934179f31dcbbdb4d1562f2 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-10-26 21:29 15360 a270fa906934179f31dcbbdb4d1562f2 C:\WINDOWS\system32\ctfmon.exe

2008-10-26 13:23 57856 57e076156af4e7e3a5137437aba04fc0 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2008-10-27 13:47 57856 056edbc4ad13d87b44b3cbe58fbd2e7c C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2008-10-26 07:59 57856 12a3002f2f5be0b23e0d7f860a77a4b4 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-10-26 07:58 57856 12a3002f2f5be0b23e0d7f860a77a4b4 C:\WINDOWS\system32\spoolsv.exe

2008-10-27 13:56 24576 fc928a7fcf81bf7ce3d927da0ebefe7d C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-10-26 08:12 26112 1b3d6c854e7716f6e0eecdd822029938 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-10-26 08:11 26112 1b3d6c854e7716f6e0eecdd822029938 C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot_2008-10-31_ 9.43.22.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-27 06:06:03 86,016 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 00:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
- 2008-10-27 06:06:31 80,384 ----a-w C:\WINDOWS\grep.exe
+ 2000-08-31 00:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
- 2008-10-26 08:33:44 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 00:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
- 2008-10-27 07:48:55 137,728 ----a-w C:\WINDOWS\SWSC.exe
+ 2000-08-31 00:00:00 136,704 ----a-w C:\WINDOWS\SWSC.exe
- 2008-10-27 07:49:10 212,480 ----a-w C:\WINDOWS\SWXCACLS.exe
+ 2000-08-31 00:00:00 212,480 ----a-w C:\WINDOWS\SWXCACLS.exe
- 2008-10-26 08:34:04 52,804 ----a-w C:\WINDOWS\VFIND.exe
+ 2000-08-31 00:00:00 49,152 ----a-w C:\WINDOWS\VFIND.exe
- 2008-10-27 09:31:28 68,096 ----a-w C:\WINDOWS\zip.exe
+ 2000-08-31 00:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-10-08 859592]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-10-08 859592]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-10-26 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-10-26 118784]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-09-27 125168]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2008-10-26 210944]
"stgclean"="c:\sdwork\w32main2.exe" [2008-10-26 272384]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2008-10-26 86016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Profiles"="PROFILES.EXE" [N/A]
"Windows UDP Control Services"="wksvcsc.exe" [N/A]
"Symantec System DB"="symlssdb.exe" [N/A]
"defergui"="c:/sdwork/defergui.exe" [2008-03-02 c:\sdwork\defergui.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Aviral"="AVIR.EXE" [N/A]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"99"="PROFILES.EXE" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
2005-09-06 17:07 53248 C:\Program Files\IBM\Personal Communications\atmgrtok.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2005-09-07 02:43 49152 C:\WINDOWS\system32\pcsinst.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
backup=C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ibmoper1^Start Menu^Programs^Startup^ImationFlashDetect.lnk]
backup=C:\WINDOWS\pss\ImationFlashDetect.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ibmoper1^Start Menu^Programs^Startup^Imation_Flash_Detect.lnk]
backup=C:\WINDOWS\pss\Imation_Flash_Detect.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ibmoper1^Start Menu^Programs^Startup^MochaSoft TN3812.lnk]
backup=C:\WINDOWS\pss\MochaSoft TN3812.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C4EBReg]
C:\Program Files\C4ebreg\c4ebreg.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
--a------ 2008-10-26 10:27 933888 C:\Program Files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
--a------ 2008-10-26 06:50 536576 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a--c--- 2008-10-26 12:33 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Isamtray]
C:\Program Files\C4ebreg\isamtray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a--c--- 2008-10-26 10:25 49152 C:\Program Files\Brother\Brmfl05b\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra--c--- 2008-10-26 10:39 155648 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-05-27 21:58 4269296 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiles]
PROFILES.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"MaxBackServiceInt"=2 (0x2)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UACDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Support.com\\Bin\\tgcmd.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5900:TCP"= 5900:TCP:TCafeVNC
"21:TCP"= 21:TCP:TCafeFTP
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 AppnApi;AppnApi;C:\WINDOWS\system32\drivers\appnapi.sys [2005-09-06 120192]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [2007-09-03 65536]
R2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI);C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe [2008-10-26 57740]
R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;C:\WINDOWS\system32\DRIVERS\llc2.sys [2005-09-06 101408]
R2 NsTrcNT;NsTrcNT;C:\WINDOWS\system32\drivers\nstrcnt.sys [2005-09-06 12028]
R2 pdlnctdl;Twinax CUT Adapter;C:\WINDOWS\system32\drivers\pdlnctdl.sys [2005-09-06 12288]
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);C:\WINDOWS\system32\drivers\pdlndldl.sys [2005-09-06 59392]
R2 U3SDR200;U3SDR200;C:\WINDOWS\System32\Drivers\U3SDR200.SYS [2008-03-21 4224]
R3 Anydlc;Anydlc;C:\WINDOWS\system32\drivers\anydlc.sys [2005-09-06 38236]
R3 Appn;Appn;C:\WINDOWS\system32\drivers\appn.sys [2005-09-06 1286560]
R3 AppnBase;AppnBase;C:\WINDOWS\system32\drivers\AppnBase.sys [2005-09-06 195872]
R3 Astdi;Astdi;C:\Program Files\Aventail\Connect\asnttdi.sys [2003-12-07 126196]
R3 KLOGNT;KLOGNT;C:\WINDOWS\system32\drivers\klognt.sys [2005-09-06 24588]
R3 pdlnacom;PDLC Adapter -- COM;C:\WINDOWS\system32\drivers\pdlnacom.sys [2005-09-06 75200]
R3 pdlnafac;PDLC Adapter Factory;C:\WINDOWS\system32\drivers\pdlnafac.sys [2005-09-06 36048]
R3 pdlnatcm;Twinax Adapter Common;C:\WINDOWS\system32\drivers\pdlnatcm.sys [2005-09-06 20480]
R3 pdlnatdl;Twinax Adapter;C:\WINDOWS\system32\drivers\pdlnatdl.sys [2005-09-06 18432]
R3 pdlncbas;PDLC CxM Classes;C:\WINDOWS\system32\drivers\pdlncbas.sys [2005-09-06 6784]
R3 pdlncfwk;PDLC Connection Manager;C:\WINDOWS\system32\drivers\pdlncfwk.sys [2005-09-06 160288]
R3 pdlndint;PDLC DLC Classes;C:\WINDOWS\system32\drivers\pdlndint.sys [2005-09-06 12800]
R3 pdlndlpb;PDLC LAPB;C:\WINDOWS\system32\drivers\pdlndlpb.sys [2005-09-06 70144]
R3 pdlndoem;PDLC OEM Interface;C:\WINDOWS\system32\drivers\pdlndoem.sys [2005-09-06 18944]
R3 pdlndqll;PDLC QLLC;C:\WINDOWS\system32\drivers\pdlndqll.sys [2005-09-06 53248]
R3 pdlndsdl;PDLC SDLC;C:\WINDOWS\system32\drivers\pdlndsdl.sys [2005-09-06 67072]
R3 pdlndtdl;Twinax DLC;C:\WINDOWS\system32\drivers\pdlndtdl.sys [2005-09-06 51712]
R3 pdlnebas;PDLC Environment;C:\WINDOWS\system32\drivers\pdlnebas.sys [2005-09-06 8608]
R3 pdlnecfg;PDLC Configuration;C:\WINDOWS\system32\drivers\pdlnecfg.sys [2005-09-06 50336]
R3 pdlnemap;PDLC Mapper;C:\WINDOWS\system32\drivers\pdlnemap.sys [2005-09-06 67184]
R3 pdlnemsg;PDLC Message Driver;C:\WINDOWS\system32\drivers\pdlnemsg.sys [2005-09-06 12768]
R3 pdlnepkt;PDLC Buffer Manager;C:\WINDOWS\system32\drivers\pdlnepkt.sys [2005-09-06 19984]
R3 pdlnshay;PDLC Hayes At signalling;C:\WINDOWS\system32\drivers\pdlnshay.sys [2005-09-06 59504]
R3 pdlnslea;PDLC SDLC Leased;C:\WINDOWS\system32\drivers\pdlnslea.sys [2005-09-06 22384]
R3 pdlnsv25;PDLC V25bis signalling;C:\WINDOWS\system32\drivers\pdlnsv25.sys [2005-09-06 54416]
R3 pdlnsx25;PDLC X.25;C:\WINDOWS\system32\drivers\pdlnsx25.sys [2005-09-06 58432]
R3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]
R3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 9216]
S2 ISAMSvc;IBM Standard Asset Manager Service;C:\Program Files\C4ebreg\c4ebreg.exe [ ]
S2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [ ]
S3 Ascrypto;Ascrypto;C:\Program Files\Aventail\Connect\ascrypto.sys [2003-12-07 219286]
S3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39a86cf6-0d7b-11dc-9352-000d6092fc47}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bfa9037-3210-11dc-9373-000d6092fc47}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3c1fbed-a1ba-11dc-93e3-000d6092fc47}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce3fdf30-6df7-11dd-94fd-000d6092fc47}]
\Shell\AutoRun\command - F:\RECYCLER\S-1-6-21-1257894210-1075856346-012573477-3420\shellsrv.exe
\Shell\open\command - F:\RECYCLER\S-1-6-21-1257894210-1075856346-012573477-3420\shellsrv.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d702c920-ebc0-11db-932c-000d6092fc47}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2c5b836-8464-11dd-9520-000d6092fc47}]
\Shell\AutoRun\command - F:\RECYCLER\S-1-6-21-1257894210-1075856346-012573477-3420\shellsrv.exe
\Shell\open\command - F:\RECYCLER\S-1-6-21-1257894210-1075856346-012573477-3420\shellsrv.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-12-10 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-03-26 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ibmoper1\Application Data\Mozilla\Firefox\Profiles\1daquuhr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://sg.yahoo.com/
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 14:33:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-31 14:43:24
ComboFix-quarantined-files.txt 2008-10-31 06:43:08
ComboFix2.txt 2008-10-31 01:44:46
ComboFix3.txt 2008-10-29 23:48:41
ComboFix4.txt 2008-10-29 09:57:40
ComboFix5.txt 2008-10-31 06:31:56

Pre-Run: 6,090,444,800 bytes free
Post-Run: 6,047,555,584 bytes free

400 --- E O F --- 2008-10-29 00:33:14

[ + quote]

Khan

cdavfrew

Senior Member

31. October 2008 @ 11:26

Link to this message

Hey 786khan

In your next post, answer this question: Are you willing to uninstall Symantec for a better antivirus?

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer into Safe Mode by doing the following:
? Restart your computer
? After pressing the power button, repeatedly tap the F8 key.
? Instead of Windows loading as normal, the Advanced Options Menu should appear;
? Select the first option, to run Windows in Safe Mode, then press Enter.
? Choose the administrator's account.

? Open the extracted SDFix folder and double click RunThis.bat to start the script.
? Type Y to begin the cleanup process.
? It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
? Press any Key and it will restart the PC.
? When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
? Once the desktop icons load, the SDFix report will open on screen and will also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum)
? Finally paste the contents of the Report.txt here.

Best Regards :D

[ + quote]

Start a new thread


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.