Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My HiJackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My HiJackThis Log

Unread postby nibbs » January 24th, 2008, 3:10 pm

Please help! core.cache.dsk infections...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:53, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PGPsdkServ.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\*********\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;192.168.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3890420875
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe (file missing)
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SlimServerMySQL - Unknown owner - C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10036 bytes
nibbs
Active Member
 
Posts: 13
Joined: January 24th, 2008, 3:02 pm
Advertisement
Register to Remove

Re: My HiJackThis Log

Unread postby ndmmxiaomayi » January 27th, 2008, 5:35 am

Hi,

HijackThis is running directly from your desktop. Please move it to another location.

Here's a tutorial for creating a permanent folder for HijackThis.

Next...

  1. Please download and install CCleaner Slim.
  2. Once installed, double click on the desktop shortcut created.
  3. On the leftmost column, click on Tools.
  4. On the middle column, click on Uninstall.
  5. At the bottom right hand corner, click on the Save to text file... button.
  6. By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
  7. Close CCleaner.

In your next reply, please post:

  1. A new HijackThis log
  2. CCleaner install.txt file
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: My HiJackThis Log

Unread postby nibbs » January 27th, 2008, 7:50 am

Many thanks for the reply!

New HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:44, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PGPsdkServ.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HJT\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;192.168.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3890420875
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe (file missing)
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SlimServerMySQL - Unknown owner - C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9849 bytes


CCleaner install.txt file:
Ad-Aware 2007
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player
albumfactory Designer
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Broadband Help
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
CCC Help English
ccc-core-preinstall
ccc-core-static
ccc-utility
CCleaner (remove only)
Collectorz.com Movie Collector
DECdry Free Grids for Word 2003
Default
Diskeeper 2007 Pro Premier
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Family Tree Maker 2006
FirstClass® Client
FolderMatch v3.4.6
Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)
Google Earth
Google Updater
High Definition Audio Driver Package - KB888111
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB889527)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB903234)
Hotfix for Windows XP (KB904412)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB907865)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB935448)
ImgBurn (Remove Only)
InterVideo WinDVD
iPod for Windows 2006-06-28
iTunes
Java(TM) 6 Update 3
KeyWallet
KhalSetup
Kyodai Mahjongg 2006 v1.42
Lizardtech DjVu Control
Logitech SetPoint
Macromedia Flash Player 8
Marx 2.6 (2005)
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft AutoRoute 2007
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft English TTS Engine
Microsoft Office Standard Edition 2003
Microsoft Photo Premium 10
Microsoft Picture It! Library 10
Microsoft Plus! for Windows XP
Microsoft Private Folder 1.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio Professional 2002 [English]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MiraScan V4.03
Mozilla Firefox (2.0.0.11)
Mp3tag v2.37a
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
MyPublisher BookMaker
MySQL Tools for 5.0
Nero BurnRights
Nero Digital
Nero OEM
NeroVision Express Content
NetworkView Version 3.10
Norton Security Scan
Notepad++
Odyssey Client for Fujitsu Siemens Computers
One-click Audio Converter Uninstall
PartitionMagic
PC Wizard 2008.1.82
PeerGuardian 2.0
PowerQuest PartitionMagic 8.0
QuickPar 0.9
QuickTime
RealPlayer
Realtek High Definition Audio Driver
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900930)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Skins
SlimServer 6.5.4
Software Update for Web Folders
Spybot - Search & Destroy
Spyware Doctor 5.1
T305 Software
T529 ICT CD-ROM
Tesco Photobook Creator
TuneUp Utilities 2008
Tweak UI
Update for Windows XP (KB897663)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player
Virtual Earth 3D (Beta)
VNC Free Edition 4.1.2
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883529
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB884868
Windows XP Hotfix - KB884883
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885523
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885894
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB886716
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889016
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890831
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB896626
WinRAR archiver
ZoneAlarm Security Suite


Thank you!
nibbs
Active Member
 
Posts: 13
Joined: January 24th, 2008, 3:02 pm

Re: My HiJackThis Log

Unread postby ndmmxiaomayi » January 27th, 2008, 10:47 am

Hi,

Did you install Google Pack?

If yes, you need to choose to keep either Norton Security Pack or ZoneAlarm Security Suite Antivirus.

Step 1

Please disable Spyware Doctor temporarily as it may interfere with the fixes. You can re-enable it after your computer is clean.

To disable it temporarily:

  1. Right click on Spyware Doctor icon in the system tray (near the clock).
  2. Select Disable OnGuard.
  3. OnGuard will open a prompt. Select Permanently turn off OnGuard (not recommended) from the drop-down list and click OK.
  4. Right click on the Spyware Doctor icon again and select ShutDown.
  5. Restart the computer for OnGuard to be disabled.

Step 2

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please download Combofix from Bleeping Computer. Save it to your desktop.

If you can't download it, please try these 2 alternative sites:

Forospyware
Geeks to Go

Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: My HiJackThis Log

Unread postby nibbs » January 27th, 2008, 3:32 pm

Many thanks for replying!

ComboFix log:
ComboFix 08-01-23.1C - Nigel Boyer 2008-01-27 18:39:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.291 [GMT 0:00]
Running from: C:\Documents and Settings\Nigel Boyer\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\******\Application Data\addon.dat
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://gpdl.google.com
.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-27 18:48 . 2008-01-27 18:48 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-27 18:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 11:46 . 2008-01-27 11:47 <DIR> d-------- C:\Program Files\CCleaner
2008-01-27 11:43 . 2008-01-27 11:44 <DIR> d-------- C:\HJT
2008-01-26 19:44 . 2008-01-26 19:44 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-25 21:43 . 2008-01-27 18:30 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-24 18:52 . 2008-01-24 18:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-24 07:44 . 2008-01-24 17:22 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-24 07:44 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-24 07:44 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-24 07:44 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-24 07:44 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-24 07:44 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-21 19:27 . 2008-01-21 19:27 <DIR> d-------- C:\Program Files\SonicWallES
2008-01-20 17:33 . 2008-01-20 17:33 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-20 17:32 . 2008-01-26 15:55 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-01-20 17:31 . 2008-01-20 17:31 86,144 --a------ C:\WINDOWS\system32\drivers\sffdiskk.sys
2008-01-20 14:51 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-20 14:48 . 2008-01-20 14:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-18 18:11 . 2008-01-18 18:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 18:10 . 2008-01-18 18:11 <DIR> d-------- C:\Program Files\iTunes
2008-01-18 18:07 . 2008-01-18 18:08 <DIR> d-------- C:\Program Files\QuickTime
2008-01-13 14:23 . 2008-01-13 14:23 <DIR> d-------- C:\Program Files\MyPublisher
2008-01-13 11:30 . 2008-01-13 14:25 <DIR> d-------- C:\Program Files\albumfactory Designer
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 18:05 . 2008-01-09 18:05 <DIR> d-------- C:\T305
2008-01-09 18:05 . 2008-01-09 18:05 159 --a------ C:\WINDOWS\LAUNCHER.INI
2008-01-07 19:47 . 2008-01-07 19:47 <DIR> d-------- C:\Program Files\PC Wizard 2008
2008-01-07 19:47 . 2007-09-15 15:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2008-01-03 19:02 . 2008-01-05 13:20 20 --a------ C:\WINDOWS\popcinfot.dat
2008-01-03 19:02 . 2008-01-03 19:02 0 --a------ C:\WINDOWS\popcreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 18:51 16,860,960 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-27 18:51 --------- d-----w C:\Program Files\PeerGuardian2
2008-01-27 18:47 88,576 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-01-27 18:47 5,256,704 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-01-27 18:47 233,084 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-27 11:41 --------- d-----w C:\Program Files\AnMing
2008-01-27 11:03 34,549,408 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-26 23:23 582,656 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-01-25 22:13 1,448,448 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-01-24 07:39 --------- d-----w C:\Program Files\Google
2008-01-20 21:16 78,848 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-01-20 20:49 --------- d-----w C:\Program Files\Tesco Photobook Creator
2008-01-20 20:49 --------- d-----w C:\Program Files\QuickPar
2008-01-20 20:43 5,129,728 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-01-20 20:43 1,385,984 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-01-20 17:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 14:51 --------- d-----w C:\Program Files\Java
2008-01-20 14:50 --------- d-----w C:\Program Files\MathType
2008-01-19 22:18 1,369,088 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-01-18 18:11 --------- d-----w C:\Program Files\iPod
2008-01-13 23:00 441,344 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-12 18:52 397,312 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-01-12 09:46 --------- d-----w C:\Program Files\Program Shortcuts
2008-01-10 21:00 --------- d-----w C:\Program Files\T529
2008-01-10 19:31 360,448 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-01-09 17:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 17:59 --------- d-----w C:\Program Files\FirstClass
2008-01-09 15:32 316,416 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-01-08 22:06 5,036,544 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-01-08 22:06 1,806,848 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-12-31 19:38 634,368 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-12-29 22:16 789,504 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-12-23 21:08 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2007-12-22 22:48 260,608 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-12-22 16:57 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 16:57 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-18 22:02 801,792 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-12-16 22:43 3,051,520 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-12-15 13:33 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-15 13:33 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-02 12:54 --------- d-----w C:\Program Files\VirginBroadband
2007-11-24 14:30 512 ----a-w C:\ScanSectorLog.dat
2007-11-14 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-25 13:39 94,323 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_24_22_33_46_small.dmp.zip
2007-08-18 15:47 96,708 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_18_16_33_22_small.dmp.zip
2007-07-29 08:58 85,749 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_28_21_43_38_small.dmp.zip
2007-07-02 15:52 20,801,871 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_01_22_35_31_full.dmp.zip
2007-07-01 10:21 83,867 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_30_22_33_13_small.dmp.zip
2007-05-27 09:58 82,052 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_26_20_48_47_small.dmp.zip
2007-05-20 09:19 85,492 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_19_22_42_47_small.dmp.zip
2007-05-06 09:48 85,931 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_05_21_56_18_small.dmp.zip
2007-04-29 08:38 84,596 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_28_22_59_11_small.dmp.zip
2007-04-23 06:20 83,415 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_22_21_54_20_small.dmp.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"OCAudioIni"="C:\Program Files\One-click Audio Converter\OCAudioIni.exe" [2007-03-12 13:06 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-29 10:45 16050688 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-24 07:39:15 125624]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-10-18 08:41:24 671744]
SlimServer Tray Tool.lnk - C:\Program Files\SlimServer\SlimTray.exe [2007-01-15 13:29:06 1790039]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
odyEvent.dll 2005-12-06 18:16 106496 C:\WINDOWS\system32\odyEvent.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OdTray.exe]
--a------ 2004-08-17 12:42 970810 C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\scvhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
--a------ 2007-11-14 16:05 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-12-23 21:08]
R1 sffdiskk;sffdiskk;C:\WINDOWS\system32\drivers\sffdiskk.sys [2008-01-20 17:31]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 11:32]
R2 PGPsdkDriver;PGPsdkDriver;C:\WINDOWS\system32\Drivers\PGPsdk.sys [2002-11-26 15:05]
R2 PGPsdkServ;PGPsdkService;C:\WINDOWS\system32\PGPsdkServ.exe [2002-11-26 15:05]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 08:22]
R2 SlimServerMySQL;SlimServerMySQL;C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe [2007-08-15 17:23]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 21:38]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-08-17 11:44]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-09-05 01:16]
R3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
R3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
R3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]
R3 vncmirror;vncmirror;C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-08-15 16:15]
S2 MS Common Service;MS Common Service;C:\WINDOWS\system32\mscomserv.exe []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 12:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 12:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 12:00]
S3 PCNat;PC-Nat Miniport;C:\WINDOWS\system32\DRIVERS\pcnat.sys [2003-03-26 12:51]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 12:00]
S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-20 17:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{24E2079E-B564-942A-78CE-D4049B7E7033}]
C:\WINDOWS\system32\WinUpdate\server.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{24E2079E-B564-942A-78CE-D4049B7E7033}]
C:\WINDOWS\system32\WinUpdate\server.exe s
.
Contents of the 'Scheduled Tasks' folder
"2008-01-20 17:33:24 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-01-25 17:46:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 18:51:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-27 18:54:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 18:54:00
.
2008-01-21 19:31:06 --- E O F ---


HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:49, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PGPsdkServ.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SlimServer\server\slim.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;192.168.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3890420875
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe (file missing)
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SlimServerMySQL - Unknown owner - C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9235 bytes
nibbs
Active Member
 
Posts: 13
Joined: January 24th, 2008, 3:02 pm

Re: My HiJackThis Log

Unread postby ndmmxiaomayi » January 27th, 2008, 8:09 pm

Hi,

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: My HiJackThis Log

Unread postby nibbs » January 28th, 2008, 7:51 am

New log:

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
nibbs
Active Member
 
Posts: 13
Joined: January 24th, 2008, 3:02 pm

Re: My HiJackThis Log

Unread postby ndmmxiaomayi » January 28th, 2008, 9:23 pm

Hi,

Please restart your computer.

After restarting your computer, please do the following:

Open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\sffdiskk.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{24E2079E-B564-942A-78CE-D4049B7E7033}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{24E2079E-B564-942A-78CE-D4049B7E7033}]

Driver::
sffdiskk
MS Common Service
NSNDIS5


Click on File > Save As....

In the File Name field, copy and paste in CFScript.txt. Do not change the file name.

Click Save.

Referring to the picture below, drag CFScript into Combofix.

Image

Combofix will start running. When done, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: My HiJackThis Log

Unread postby nibbs » January 29th, 2008, 3:14 pm

ComboFix 08-01-23.1C - ******* 2008-01-29 7:08:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.282 [GMT 0:00]
Running from: C:\Documents and Settings\******\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\*******\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\sffdiskk.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\sffdiskk.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MS_COMMON_SERVICE
-------\LEGACY_NSNDIS5
-------\LEGACY_SFFDISKK
-------\MS Common Service
-------\NSNDIS5
-------\sffdiskk


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-28 18:11 . 2008-01-28 18:11 21,344 --a------ C:\bar.emf
2008-01-28 11:44 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-28 11:44 . 2007-01-01 14:01 211 --a------ C:\Boot.bak
2008-01-27 21:42 . 2008-01-27 21:42 <DIR> dr-h----- C:\MSOCache
2008-01-27 18:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 11:46 . 2008-01-27 11:47 <DIR> d-------- C:\Program Files\CCleaner
2008-01-27 11:43 . 2008-01-27 19:27 <DIR> d-------- C:\HJT
2008-01-26 19:44 . 2008-01-26 19:44 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-25 21:43 . 2008-01-27 18:30 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-24 18:52 . 2008-01-24 18:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-24 07:44 . 2008-01-24 17:22 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-24 07:44 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-24 07:44 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-24 07:44 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-24 07:44 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-24 07:44 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-21 19:27 . 2008-01-21 19:27 <DIR> d-------- C:\Program Files\SonicWallES
2008-01-20 17:33 . 2008-01-20 17:33 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-20 17:32 . 2008-01-26 15:55 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-01-20 14:51 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-20 14:48 . 2008-01-20 14:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-18 18:11 . 2008-01-18 18:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 18:10 . 2008-01-18 18:11 <DIR> d-------- C:\Program Files\iTunes
2008-01-18 18:07 . 2008-01-18 18:08 <DIR> d-------- C:\Program Files\QuickTime
2008-01-13 14:23 . 2008-01-13 14:23 <DIR> d-------- C:\Program Files\MyPublisher
2008-01-13 11:30 . 2008-01-13 14:25 <DIR> d-------- C:\Program Files\albumfactory Designer
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 18:05 . 2008-01-09 18:05 <DIR> d-------- C:\T305
2008-01-09 18:05 . 2008-01-09 18:05 159 --a------ C:\WINDOWS\LAUNCHER.INI
2008-01-07 19:47 . 2008-01-07 19:47 <DIR> d-------- C:\Program Files\PC Wizard 2008
2008-01-07 19:47 . 2007-09-15 15:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2008-01-03 19:02 . 2008-01-05 13:20 20 --a------ C:\WINDOWS\popcinfot.dat
2008-01-03 19:02 . 2008-01-03 19:02 0 --a------ C:\WINDOWS\popcreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 07:21 --------- d-----w C:\Program Files\PeerGuardian2
2008-01-29 07:20 17,350,176 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-29 07:17 5,283,840 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-01-29 07:17 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-01-29 07:17 239,636 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-29 07:03 707,072 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-01-27 21:46 --------- d-----w C:\Program Files\Microsoft Works
2008-01-27 18:47 88,576 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-01-27 18:47 5,256,704 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-01-27 11:41 --------- d-----w C:\Program Files\AnMing
2008-01-27 11:03 34,549,408 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-26 23:23 582,656 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-01-25 22:13 1,448,448 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-01-24 07:39 --------- d-----w C:\Program Files\Google
2008-01-20 21:43 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-20 21:16 78,848 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-01-20 20:49 --------- d-----w C:\Program Files\Tesco Photobook Creator
2008-01-20 20:49 --------- d-----w C:\Program Files\QuickPar
2008-01-20 20:43 5,129,728 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-01-20 20:43 1,385,984 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-01-20 17:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 14:51 --------- d-----w C:\Program Files\Java
2008-01-20 14:50 --------- d-----w C:\Program Files\MathType
2008-01-19 22:18 1,369,088 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-01-18 18:11 --------- d-----w C:\Program Files\iPod
2008-01-13 23:00 441,344 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-12 18:52 397,312 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-01-12 09:46 --------- d-----w C:\Program Files\Program Shortcuts
2008-01-10 21:00 --------- d-----w C:\Program Files\T529
2008-01-10 19:31 360,448 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2008-01-09 17:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 17:59 --------- d-----w C:\Program Files\FirstClass
2008-01-09 15:32 316,416 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-01-08 22:06 5,036,544 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-01-08 22:06 1,806,848 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-12-31 19:38 634,368 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-12-29 22:16 789,504 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-12-23 21:08 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2007-12-22 22:48 260,608 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-12-22 16:57 --------- d-----w C:\Program Files\MSN Messenger
2007-12-22 16:57 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-20 10:41 29,440 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2007-12-18 22:02 801,792 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-12-16 22:43 3,051,520 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-12-15 13:33 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-15 13:33 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-02 12:54 --------- d-----w C:\Program Files\VirginBroadband
2007-11-24 14:30 512 ----a-w C:\ScanSectorLog.dat
2007-11-14 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 16:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-09-25 13:39 94,323 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_24_22_33_46_small.dmp.zip
2007-08-18 15:47 96,708 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_18_16_33_22_small.dmp.zip
2007-07-29 08:58 85,749 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_28_21_43_38_small.dmp.zip
2007-07-02 15:52 20,801,871 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_01_22_35_31_full.dmp.zip
2007-07-01 10:21 83,867 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_30_22_33_13_small.dmp.zip
2007-05-27 09:58 82,052 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_26_20_48_47_small.dmp.zip
2007-05-20 09:19 85,492 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_19_22_42_47_small.dmp.zip
2007-05-06 09:48 85,931 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_05_21_56_18_small.dmp.zip
2007-04-29 08:38 84,596 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_28_22_59_11_small.dmp.zip
2007-04-23 06:20 83,415 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_22_21_54_20_small.dmp.zip
.

((((((((((((((((((((((((((((( snapshot@2008-01-27_18.53.20.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-27 21:46:51 4,608 ----a-w C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2008-01-27 21:46:49 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-01-27 21:46:21 80,696 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2008-01-27 21:46:37 20,280 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Visio.SaveAsWeb\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Visio.SaveAsWeb.dll
+ 2008-01-27 21:46:37 871,216 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Visio\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Visio.dll
+ 2008-01-27 21:46:42 80,688 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.VisOcx\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.VisOcx.dll
+ 2008-01-27 21:46:48 13,312 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2008-01-27 21:46:32 371,496 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2008-01-27 21:46:32 64,288 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-01-27 21:46:32 416,544 ----a-w C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-01-27 21:46:47 12,632 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Visio.SaveAsWeb\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Visio.SaveAsWeb.dll
+ 2008-01-27 21:46:47 12,096 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Visio\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Visio.dll
+ 2008-01-27 21:46:47 12,104 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.VisOcx\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.VisOcx.dll
+ 2008-01-27 21:46:43 12,080 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2008-01-27 21:46:43 11,544 ----a-w C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
- 2008-01-27 18:39:11 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-29 07:08:04 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-27 18:39:11 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-29 07:08:04 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-27 18:39:11 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-29 07:08:04 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-27 18:39:11 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-29 07:08:04 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-27 18:39:12 20,119,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-29 07:08:05 20,131,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-27 18:39:12 212,992 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-29 07:08:05 212,992 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2000-08-31 08:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2006-10-26 19:49:48 1,011,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2006-10-26 19:49:46 970,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2006-10-27 15:00:12 1,751,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 15:00:10 576,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 15:00:06 47,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 15:00:08 191,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-26 20:13:34 338,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-26 20:13:44 629,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 20:13:28 207,736 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 20:13:32 279,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 20:13:08 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-26 20:13:08 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 20:13:08 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 20:13:12 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 15:00:06 387,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 20:13:38 392,048 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-26 20:13:30 260,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 20:13:32 289,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 20:13:20 56,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 20:13:38 551,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 20:13:30 224,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 15:40:34 208,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-26 20:13:34 371,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-26 22:59:58 913,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\AEC.DLL
+ 2006-10-26 22:59:48 591,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\BSTORM.DLL
+ 2006-10-27 15:41:04 399,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 19:59:24 205,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-26 22:59:52 703,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DBENGR.DLL
+ 2006-10-27 15:09:46 986,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DRILLDWN.DLL
+ 2006-10-26 19:48:14 439,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 22:58:24 144,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DWGCNV.DLL
+ 2006-10-26 23:00:12 1,929,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DWGDP.DLL
+ 2006-10-26 19:48:14 434,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 23:00:06 1,179,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\FACILITY.DLL
+ 2006-10-26 19:21:24 1,682,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 15:09:36 983,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 23:00:02 969,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\GANTT.DLL
+ 2006-10-26 22:59:16 325,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\HVAC.DLL
+ 2006-10-26 20:12:52 173,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-26 19:55:10 828,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 13:58:14 117,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 15:26:40 16,870,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 14:59:06 161,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 19:48:12 14,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 20:12:58 428,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-26 21:13:36 26,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 20:00:08 6,635,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 13:56:36 436,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 13:56:40 505,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 19:55:12 832,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 19:55:06 538,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 20:12:30 65,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 15:14:34 14,151,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-26 20:06:54 232,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 20:14:06 7,033,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 15:18:36 1,658,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 20:00:08 274,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-26 20:00:12 998,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 20:00:10 285,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-26 23:00:08 1,241,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ORGCHART.DLL
+ 2006-10-26 22:59:36 464,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\ORGCHWIZ.DLL
+ 2006-10-26 20:07:04 6,536,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-07-26 18:53:56 459,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-26 22:59:46 570,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\PE.DLL
+ 2006-10-26 21:30:44 482,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-26 21:13:38 38,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 20:13:00 503,624 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 20:06:58 439,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 23:00:12 1,837,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\SG.DLL
+ 2006-10-27 14:57:08 2,330,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 23:00:02 966,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\TIMESOLN.DLL
+ 2006-10-26 23:00:10 1,492,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\UML.DLL
+ 2006-10-26 22:58:38 6,180,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VISBRGR.DLL
+ 2006-10-26 22:58:36 2,222,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VISFILT.DLL
+ 2006-10-27 15:09:44 386,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VISGRF.DLL
+ 2006-10-27 15:09:42 183,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VISIO.EXE
+ 2006-10-27 15:09:48 11,644,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VISLIB.DLL
+ 2006-10-26 22:59:52 727,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\VISWEB.DLL
+ 2006-10-26 22:59:30 421,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109150000000000000000F01FEC\12.0.4518\XFUNC.DLL
+ 2008-01-28 08:27:51 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0051-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-01-28 08:27:51 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0051-0000-0000-0000000FF1CE}\misc.exe
+ 2008-01-28 08:27:51 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0051-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-01-28 08:27:51 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0051-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-01-28 08:27:51 327,952 ----a-r C:\WINDOWS\Installer\{90120000-0051-0000-0000-0000000FF1CE}\visicon.exe
+ 2008-01-28 08:28:41 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2006-09-26 12:09:04 84,096 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
+ 2007-11-20 11:09:22 104,320 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
- 2007-06-06 09:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-08-23 01:03:38 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2007-03-22 18:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2006-10-26 14:10:06 33,088 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2007-09-21 15:35:31 243,128 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-28 07:21:02 265,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2002-08-21 05:10:16 204,800 ----a-w C:\WINDOWS\system32\INKED.DLL
+ 2006-10-26 13:45:04 207,360 ----a-w C:\WINDOWS\system32\INKED.DLL
- 2007-04-24 10:32:06 1,485,696 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 14:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2006-09-26 12:09:04 84,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\Rtnicxp.sys
- 2002-08-21 05:13:12 189,952 ----a-w C:\WINDOWS\system32\WISPTIS.EXE
+ 2006-10-26 13:45:04 293,376 ----a-w C:\WINDOWS\system32\WISPTIS.EXE
- 2008-01-27 18:48:53 163,436 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-01-29 07:20:42 198,020 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2008-01-27 18:49:46 82,042 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\0fdf6651ec58af7738a5f192a16308f3.dll
+ 2008-01-29 07:20:18 82,042 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\0fdf6651ec58af7738a5f192a16308f3.dll
- 2008-01-27 18:49:38 32,870 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\1c4c331123ae5269fbd179de68e18722.dll
+ 2008-01-29 07:20:12 32,870 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\1c4c331123ae5269fbd179de68e18722.dll
- 2008-01-27 18:49:31 41,080 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\33dea2ee1515e1c0eedfcd55d2d0540f.dll
+ 2008-01-29 07:20:04 41,080 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\33dea2ee1515e1c0eedfcd55d2d0540f.dll
- 2008-01-27 18:49:28 41,060 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\37dbb36b1afb4153f311e1937d13beb9.dll
+ 2008-01-29 07:19:56 41,060 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\37dbb36b1afb4153f311e1937d13beb9.dll
- 2008-01-27 18:49:30 90,213 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\3dab63509796d9defe82e7c8f292cdc2.dll
+ 2008-01-29 07:19:58 90,213 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\3dab63509796d9defe82e7c8f292cdc2.dll
- 2008-01-27 18:49:29 24,681 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\426234b03a6207e763a72e588f8ed8de.dll
+ 2008-01-29 07:19:58 24,681 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\426234b03a6207e763a72e588f8ed8de.dll
- 2008-01-27 18:49:28 20,576 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\463172d63e5c347ebd2a2c9f3e30a769.dll
+ 2008-01-29 07:19:56 20,576 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\463172d63e5c347ebd2a2c9f3e30a769.dll
- 2008-01-27 18:49:42 20,594 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\480ac5427cb6705921c199c825f6feda.dll
+ 2008-01-29 07:20:17 20,594 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\480ac5427cb6705921c199c825f6feda.dll
- 2008-01-27 18:50:27 28,779 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\4e2f70cf514e42eb8319b6c42723ed06.dll
+ 2008-01-29 07:20:49 28,779 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\4e2f70cf514e42eb8319b6c42723ed06.dll
- 2008-01-27 18:49:47 41,057 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\563d7ead40b59c49009856a0b10f2014.dll
+ 2008-01-29 07:20:20 41,057 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\563d7ead40b59c49009856a0b10f2014.dll
- 2008-01-27 18:50:11 36,965 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\5665e9d91ffd5329b4b069811edd98e1.dll
+ 2008-01-29 07:20:37 36,965 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\5665e9d91ffd5329b4b069811edd98e1.dll
- 2008-01-27 18:49:25 802,902 ----a-w C:\WINDOWS\Temp\pdk-SYSTEM\5f4010392d26de2972604a5df777f946\perl58.dll
+ 2008-01-29 07:19:51 802,902 ----a-w C:\WINDOWS\Temp\pdk-SYSTEM\5f4010392d26de2972604a5df777f946\perl58.dll
- 2008-01-27 18:49:30 32,871 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\619eb23c53abde1a9d9d6b8d81ccd746.dll
+ 2008-01-29 07:20:00 32,871 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\619eb23c53abde1a9d9d6b8d81ccd746.dll
- 2008-01-27 18:49:40 110,697 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\6b58dab08175faa9470d9b8f08345f77.dll
+ 2008-01-29 07:20:14 110,697 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\6b58dab08175faa9470d9b8f08345f77.dll
- 2008-01-27 18:49:34 819,261 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\7718c08cc46695fc3fef36d1131eac8d.dll
+ 2008-01-29 07:20:08 819,261 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\7718c08cc46695fc3fef36d1131eac8d.dll
- 2008-01-27 18:49:39 24,687 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\804a82b53759189a7786eee16508a628.dll
+ 2008-01-29 07:20:13 24,687 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\804a82b53759189a7786eee16508a628.dll
- 2008-01-27 18:49:48 28,794 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\8715287e64467664fda73ee36a680ad6.dll
+ 2008-01-29 07:20:20 28,794 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\8715287e64467664fda73ee36a680ad6.dll
- 2008-01-27 18:49:45 65,642 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\8d9ba91df5b696882e70aa59f4766acb.dll
+ 2008-01-29 07:20:18 65,642 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\8d9ba91df5b696882e70aa59f4766acb.dll
- 2008-01-27 18:49:31 24,670 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\93e8018418e0dd3aeabcea5210c424d9.dll
+ 2008-01-29 07:20:05 24,670 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\93e8018418e0dd3aeabcea5210c424d9.dll
- 2008-01-27 18:49:46 41,082 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\95e9a2327e375c6b6f41bca6adf49352.dll
+ 2008-01-29 07:20:19 41,082 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\95e9a2327e375c6b6f41bca6adf49352.dll
- 2008-01-27 18:49:41 20,590 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\9e11e8cf40c66b8d30f95ce783f2ac0b.dll
+ 2008-01-29 07:20:15 20,590 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\9e11e8cf40c66b8d30f95ce783f2ac0b.dll
- 2008-01-27 18:49:30 1,040,497 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\a507fccf2be25b878761a66bf411c201.dll
+ 2008-01-29 07:20:00 1,040,497 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\a507fccf2be25b878761a66bf411c201.dll
- 2008-01-27 18:49:31 143,483 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\abaa64637ebb3715a020574efc3032f8.dll
+ 2008-01-29 07:20:04 143,483 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\abaa64637ebb3715a020574efc3032f8.dll
- 2008-01-27 18:49:42 32,879 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\ad76515ff4d1de346e3888790190a3c0.dll
+ 2008-01-29 07:20:17 32,879 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\ad76515ff4d1de346e3888790190a3c0.dll
- 2008-01-27 18:49:47 24,680 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\b2a041897a5d2e9486f60c2f6017af23.dll
+ 2008-01-29 07:20:20 24,680 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\b2a041897a5d2e9486f60c2f6017af23.dll
- 2008-01-27 18:49:44 28,794 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\b44b56de153a5879c1b84993c5cdadfa.dll
+ 2008-01-29 07:20:17 28,794 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\b44b56de153a5879c1b84993c5cdadfa.dll
- 2008-01-27 18:49:29 24,706 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\baf7b671cd22e344218d4404c5715954.dll
+ 2008-01-29 07:19:57 24,706 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\baf7b671cd22e344218d4404c5715954.dll
- 2008-01-27 18:49:33 94,300 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\bbd2dcfa51103025d57caa776bc1047b.dll
+ 2008-01-29 07:20:07 94,300 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\bbd2dcfa51103025d57caa776bc1047b.dll
- 2008-01-27 18:49:43 24,696 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\bd9a153164799d8be71e6a02e5c8cc4b.dll
+ 2008-01-29 07:20:17 24,696 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\bd9a153164799d8be71e6a02e5c8cc4b.dll
- 2008-01-27 18:49:40 24,679 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\c0bb48510a66e6fdcb5936be6801222d.dll
+ 2008-01-29 07:20:15 24,679 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\c0bb48510a66e6fdcb5936be6801222d.dll
- 2008-01-27 18:49:47 24,683 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\c537490a8d5597db7ef38c63a14dd378.dll
+ 2008-01-29 07:20:19 24,683 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\c537490a8d5597db7ef38c63a14dd378.dll
- 2008-01-27 18:49:32 131,149 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll
+ 2008-01-29 07:20:07 131,149 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll
- 2008-01-27 18:49:32 28,790 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\cd36294c81a9e8872c0bc2638facfd15.dll
+ 2008-01-29 07:20:06 28,790 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\cd36294c81a9e8872c0bc2638facfd15.dll
- 2008-01-27 18:49:40 94,320 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\cd6be9554293967a36ad1075b097a79b.dll
+ 2008-01-29 07:20:14 94,320 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\cd6be9554293967a36ad1075b097a79b.dll
- 2008-01-27 18:49:32 86,138 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\df3d88a56622b79eb806b7ec6d5febc2.dll
+ 2008-01-29 07:20:05 86,138 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\df3d88a56622b79eb806b7ec6d5febc2.dll
- 2008-01-27 18:49:39 36,966 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\e247dd11d21a2bfdb97ad0cdd295b32d.dll
+ 2008-01-29 07:20:13 36,966 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\e247dd11d21a2bfdb97ad0cdd295b32d.dll
- 2008-01-27 18:49:43 32,888 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\e51718032942dd5fb4b1590be1ec8d83.dll
+ 2008-01-29 07:20:17 32,888 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\e51718032942dd5fb4b1590be1ec8d83.dll
- 2008-01-27 18:49:33 24,676 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\ea8f9cce13d067ab0d898ca399b403ed.dll
+ 2008-01-29 07:20:08 24,676 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\ea8f9cce13d067ab0d898ca399b403ed.dll
- 2008-01-27 18:49:37 20,567 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\fa142febd5dc53f93f911452e1a99387.dll
+ 2008-01-29 07:20:11 20,567 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\fa142febd5dc53f93f911452e1a99387.dll
- 2008-01-27 18:49:28 82,020 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\fb2e449d6244301907de33f5adebdb35.dll
+ 2008-01-29 07:19:57 82,020 ----a-r C:\WINDOWS\Temp\pdk-SYSTEM\fb2e449d6244301907de33f5adebdb35.dll
+ 2008-01-29 07:19:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_404.dat
+ 2007-08-23 00:18:08 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2007-08-23 00:18:08 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2007-08-23 00:18:08 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2007-08-23 00:18:08 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2007-08-23 00:18:08 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2007-08-23 00:18:08 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2007-08-23 00:18:08 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2007-08-23 00:18:08 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2007-08-23 00:18:08 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2007-08-23 00:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2007-08-23 00:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2007-08-23 00:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2007-08-23 00:18:08 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2007-08-23 00:18:08 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"OCAudioIni"="C:\Program Files\One-click Audio Converter\OCAudioIni.exe" [2007-03-12 13:06 57344]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-29 10:45 16050688 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-24 07:39:15 125624]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-10-18 08:41:24 671744]
SlimServer Tray Tool.lnk - C:\Program Files\SlimServer\SlimTray.exe [2007-01-15 13:29:06 1790039]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
odyEvent.dll 2005-12-06 18:16 106496 C:\WINDOWS\system32\odyEvent.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OdTray.exe]
--a------ 2004-08-17 12:42 970810 C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
--a------ 2007-11-14 16:05 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-12-23 21:08]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 11:32]
R2 PGPsdkDriver;PGPsdkDriver;C:\WINDOWS\system32\Drivers\PGPsdk.sys [2002-11-26 15:05]
R2 PGPsdkServ;PGPsdkService;C:\WINDOWS\system32\PGPsdkServ.exe [2002-11-26 15:05]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 08:22]
R2 SlimServerMySQL;SlimServerMySQL;C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe [2007-08-15 17:23]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 21:38]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-08-17 11:44]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-09-05 01:16]
R3 vncmirror;vncmirror;C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-08-15 16:15]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 12:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 12:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 12:00]
S3 PCNat;PC-Nat Miniport;C:\WINDOWS\system32\DRIVERS\pcnat.sys [2003-03-26 12:51]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 12:00]
S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-20 17:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-20 17:33:24 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-01-25 17:46:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 07:21:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-29 7:24:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-29 07:24:07
ComboFix2.txt 2008-01-27 18:54:16
.
2008-01-21 19:31:06 --- E O F ---

HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:09, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\PGPsdkServ.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\SlimServer\server\slim.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;192.168.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3890420875
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SlimServerMySQL - Unknown owner - C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9190 bytes
nibbs
Active Member
 
Posts: 13
Joined: January 24th, 2008, 3:02 pm

Re: My HiJackThis Log

Unread postby ndmmxiaomayi » January 30th, 2008, 1:15 am

Hi,

Did you just install any programs lately? If so, please list them out in your next reply.

Step 1

  1. Please download AVG Anti-Spyware and save it to your desktop.
  2. Double click on avgas-setup-7.5.1.43-3339.exe to install AVG Anti-Spyware. Install it in the default location.
  3. Once installed, start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  4. In the main screen, you should see Your Computer's Security.
    • Next to Resident Shield, click on Change state. It should now be Inactive.
    • Next to Automatic Updates, click on Change state. It should now be Inactive.
    • Next to Last Update, click on Update now. If your firewall prompts you, tell your firewall to allow it. Should you be unable to update it, download the updates from here. Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
    • Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes.
  5. Now click on the Scanner button at the top.
  6. Select the Settings tab.
  7. Under How to act?, click on Recommended actions and select Quarantine.
  8. Under How to scan?, check (tick) all the boxes.
  9. Under Possibly unwanted software:, check (tick) all the boxes.
  10. Under Reports:, uncheck (untick) the Only if threats were found box and select Do not automatically generate report.
  11. Under What to scan?, select Scan every file.

Do not run a scan yet. You will run a scan later.

Step 2

  1. Click on Start > All Programs > CCleaner > CCleaner.
  2. On the Windows tab, leave the default options alone.
  3. On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  4. Click on the Run Cleaner button at the bottom right hand corner.
  5. Close CCleaner.

Step 3

Please print out or save this set of instructions as you will not have internet access during the fix.

Reboot into Safe Mode by following the instructions below:

  • When you see BIOS screen, start pressing F8.
  • A boot menu will appear shortly.
  • Using the up down arrows, select Safe Mode and press the Enter key.
  • Windows will now load.
  • Log in to your usual account.

Step 4

  1. Start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  2. Click on the Scanner button at the top.
  3. Select the Scan tab.
  4. Click on Complete System Scan to start the scan.
  5. When the scan has finished, follow the instructions below.
    IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  6. When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  7. Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Restart your computer in Normal Mode.

In your next reply, please post:

  1. AVG Antispyware scan report
  2. A new HijackThis log
  3. A list of programs installed recently, if any
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: My HiJackThis Log

Unread postby nibbs » January 31st, 2008, 3:20 am

AVG Antispyware report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:04:28 30/01/2008

+ Scan result:



:mozilla.69:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.70:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.71:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.147:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.148:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.149:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.253:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.281:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.29:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.168:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.264:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.210:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.110:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.111:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.143:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.144:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.145:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.146:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.109:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.137:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.138:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.139:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.140:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.215:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.180:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.163:C:\Documents and Settings\**********\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.


::Report end

HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:17:27, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PGPsdkServ.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;192.168.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3890420875
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SlimServerMySQL - Unknown owner - C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9362 bytes

No known programs installed recently although other members of household may have installed something.
nibbs
Active Member
 
Posts: 13
Joined: January 24th, 2008, 3:02 pm

Re: My HiJackThis Log

Unread postby ndmmxiaomayi » January 31st, 2008, 3:25 am

Please ask if they have installed any programs.

Step 1

Please open HijackThis and select Do a system scan only. Put a check (tick) next to this line:


Click Fix checked. Close HijackThis.

Step 2

Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  3. When the downloads have finished, click on Next button.
  4. Click on Scan Settings button.
  5. Select extended under Scan using the following antivirus database:
  6. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  7. Click OK
  8. Click on My Computer under Please select a target to scan:
  9. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  10. Copy and paste this log in your next reply.

In your next reply, please post:

  1. Kaspersky Antivirus scan report
  2. A new HijackThis log
  3. A list of newly installed programs, if any
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: My HiJackThis Log

Unread postby nibbs » February 1st, 2008, 3:42 pm

Kaspersky log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 01, 2008 7:35:30 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/02/2008
Kaspersky Anti-Virus database records: 543474
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 188723
Number of viruses found: 4
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 02:22:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\******\Application Data\MailFrontier\ASD.log Object is locked skipped
C:\Documents and Settings\******\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.clothing.lingerie (1).dbx/[From dnpznt@hotmail.com][Date Thu, 06 Jan 2005 02:12:03 GMT]/pic2.scr Infected: Backdoor.Win32.Small.ct skipped
C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.clothing.lingerie (1).dbx/[From dylanmarshall@hotmail.com][Date Tue, 04 Jan 2005 21:28:38 GMT]/KinkyPics.zip/Series008.scr Infected: Backdoor.Win32.Small.ct skipped
C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.clothing.lingerie (1).dbx/[From dylanmarshall@hotmail.com][Date Tue, 04 Jan 2005 21:28:38 GMT]/KinkyPics.zip Infected: Backdoor.Win32.Small.ct skipped
C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.clothing.lingerie (1).dbx Mail MS Outlook 5: infected - 3 skipped
C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.fashion.corsetry.dbx/[From nfqllc@hotmail.com][Date Thu, 06 Jan 2005 02:21:52 GMT]/Picture07.scr Infected: Backdoor.Win32.Small.ct skipped
C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.fashion.corsetry.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.internet.providers.uk.btinternet.dbx/[From benjones@sunsun.co.uk][Date Sat, 09 Oct 2004 10:37:26 GMT]/David/David Beckham.scr Infected: Backdoor.Win32.Hackarmy.w skipped
C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.internet.providers.uk.btinternet.dbx/[From benjones@sunsun.co.uk][Date Sat, 09 Oct 2004 10:37:26 GMT]/David Infected: Backdoor.Win32.Hackarmy.w skipped
C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.internet.providers.uk.btinternet.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Messenger\nigel.boyer@ntlworld.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Messenger\nigel.boyer@ntlworld.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Messenger\nigel.boyer@ntlworld.com\SharingMetadata\Working\database_9C6C_6518_6C64_EE88\dfsr.db Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Messenger\nigel.boyer@ntlworld.com\SharingMetadata\Working\database_9C6C_6518_6C64_EE88\fsr.log Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Messenger\nigel.boyer@ntlworld.com\SharingMetadata\Working\database_9C6C_6518_6C64_EE88\fsrtmp.log Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Messenger\nigel.boyer@ntlworld.com\SharingMetadata\Working\database_9C6C_6518_6C64_EE88\tmp.edb Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Windows Live Contacts\nigel.boyer@ntlworld.com\real\members.stg Object is locked skipped
C:\Documents and Settings\******\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\History\History.IE5\MSHist012008013120080201\index.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\History\History.IE5\MSHist012008020120080202\index.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temp\~DF3B98.tmp Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temp\~DFD122.tmp Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temp\~DFD3FD.tmp Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temp\~DFDD43.tmp Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temp\~DFDDA7.tmp Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\******\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\******\ntuser.dat.LOG Object is locked skipped
C:\Program Files\PeerGuardian2\history.db Object is locked skipped
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\SlimServer\server\Cache\MySQL\ibdata1 Object is locked skipped
C:\Program Files\SlimServer\server\Cache\MySQL\ib_logfile0 Object is locked skipped
C:\Program Files\SlimServer\server\Cache\MySQL\ib_logfile1 Object is locked skipped
C:\Program Files\SlimServer\server\Cache\mysql-error-log.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP16\change.log Object is locked skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005856.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005856.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005856.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005856.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005856.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005863.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005863.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005863.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005863.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005863.exe PE_Patch.UPX: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\MAINPC.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{929BCD36-4094-4112-9B13-66CA924D9508}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ib10 Object is locked skipped
C:\WINDOWS\Temp\ib11 Object is locked skipped
C:\WINDOWS\Temp\ib7 Object is locked skipped
C:\WINDOWS\Temp\ib8 Object is locked skipped
C:\WINDOWS\Temp\ib9 Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_b0.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT024a3.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT024a6.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:24, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PGPsdkServ.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;192.168.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3890420875
O17 - HKLM\System\CCS\Services\Tcpip\..\{38CB432B-672F-47CC-A6AA-EFB062A63602}: NameServer = 194.168.4.100,194.168.8.100
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SlimServerMySQL - Unknown owner - C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9515 bytes


No known new programs installed...
nibbs
Active Member
 
Posts: 13
Joined: January 24th, 2008, 3:02 pm

Re: My HiJackThis Log

Unread postby ndmmxiaomayi » February 1st, 2008, 4:26 pm

These mails are infected.

You need to remove them.

1. Open Outlook Express.

2. Click on View > Layout. Uncheck (untick) Show Preview Pane box.

3. Click OK to apply the settings.

C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.clothing.lingerie (1).dbx/[From dnpznt@hotmail.com][Date Thu, 06 Jan 2005 02:12:03 GMT]/pic2.scr Infected: Backdoor.Win32.Small.ct skipped

Select alt.clothing.lingerie folder on the left. Find the mail sent by dnpznt@hotmail.com and delete it.

C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.clothing.lingerie (1).dbx/[From dylanmarshall@hotmail.com][Date Tue, 04 Jan 2005 21:28:38 GMT]/KinkyPics.zip/Series008.scr Infected: Backdoor.Win32.Small.ct skipped

Find the mail sent by dylanmarshall@hotmail.com and delete it.

C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.clothing.lingerie (1).dbx/[From dylanmarshall@hotmail.com][Date Tue, 04 Jan 2005 21:28:38 GMT]/KinkyPics.zip Infected: Backdoor.Win32.Small.ct skipped

Find the mail sent by dylanmarshall@hotmail.com and delete it.

C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.fashion.corsetry.dbx/[From nfqllc@hotmail.com][Date Thu, 06 Jan 2005 02:21:52 GMT]/Picture07.scr Infected: Backdoor.Win32.Small.ct skipped

Select alt.fashion.corsetry folder on the left. Find the mail sent by nfqllc@hotmail.com and delete it.

C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.internet.providers.uk.btinternet.dbx/[From benjones@sunsun.co.uk][Date Sat, 09 Oct 2004 10:37:26 GMT]/David/David Beckham.scr Infected: Backdoor.Win32.Hackarmy.w skipped

Select alt.internet.providers.uk.btinternet folder on the left. Find the mail sent by benjones@sunsun.co.uk and delete it.

C:\Documents and Settings\******\Local Settings\Application Data\Identities\{DE334AAE-D891-4B67-A8D1-06FE4416073D}\Microsoft\Outlook Express\alt.internet.providers.uk.btinternet.dbx/[From benjones@sunsun.co.uk][Date Sat, 09 Oct 2004 10:37:26 GMT]/David Infected: Backdoor.Win32.Hackarmy.w skipped

Select alt.internet.providers.uk.btinternet folder on the left. Find the mail sent by benjones@sunsun.co.uk and delete it.

Please perform another scan with Kaspersky and post back the scan results.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: My HiJackThis Log

Unread postby nibbs » February 2nd, 2008, 8:36 am

Mails deleted and new scan result:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 02, 2008 12:33:03 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/02/2008
Kaspersky Anti-Virus database records: 545848
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 189578
Number of viruses found: 2
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 02:26:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\******\Application Data\MailFrontier\ASD.log Object is locked skipped
C:\Documents and Settings\******\Application Data\MailFrontier\ASD_OT.log Object is locked skipped
C:\Documents and Settings\******\Application Data\MailFrontier\logger\all\20080202.txt Object is locked skipped
C:\Documents and Settings\******\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\******\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Messenger\nigel.boyer@ntlworld.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Messenger\nigel.boyer@ntlworld.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Messenger\nigel.boyer@ntlworld.com\SharingMetadata\Working\database_9C6C_6518_6C64_EE88\dfsr.db Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Messenger\nigel.boyer@ntlworld.com\SharingMetadata\Working\database_9C6C_6518_6C64_EE88\fsr.log Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Messenger\nigel.boyer@ntlworld.com\SharingMetadata\Working\database_9C6C_6518_6C64_EE88\fsrtmp.log Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Messenger\nigel.boyer@ntlworld.com\SharingMetadata\Working\database_9C6C_6518_6C64_EE88\tmp.edb Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Outlook\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Microsoft\Windows Live Contacts\nigel.boyer@ntlworld.com\real\members.stg Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\******\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ha54g8w.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\******\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\History\History.IE5\MSHist012008013120080201\index.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\History\History.IE5\MSHist012008020120080202\index.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\History\History.IE5\MSHist012008020220080203\index.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temp\~DF6726.tmp Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temp\~DF75EB.tmp Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temp\~DF778D.tmp Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temp\~DFA7E.tmp Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temp\~DFD2B.tmp Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\******\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\******\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\******\ntuser.dat.LOG Object is locked skipped
C:\Program Files\PeerGuardian2\history.db Object is locked skipped
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\SlimServer\server\Cache\MySQL\ibdata1 Object is locked skipped
C:\Program Files\SlimServer\server\Cache\MySQL\ib_logfile0 Object is locked skipped
C:\Program Files\SlimServer\server\Cache\MySQL\ib_logfile1 Object is locked skipped
C:\Program Files\SlimServer\server\Cache\mysql-error-log.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP16\change.log Object is locked skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005856.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005856.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005856.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005856.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005856.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005863.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005863.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005863.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005863.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{568CDF11-A818-4BE0-80A4-765D5C6E1CD5}\RP5\A0005863.exe PE_Patch.UPX: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\MAINPC.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FC6CEC2D-3A56-4856-A6F9-316D433E828E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ib10 Object is locked skipped
C:\WINDOWS\Temp\ib11 Object is locked skipped
C:\WINDOWS\Temp\ib7 Object is locked skipped
C:\WINDOWS\Temp\ib8 Object is locked skipped
C:\WINDOWS\Temp\ib9 Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_d4.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT06e02.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT06e08.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
nibbs
Active Member
 
Posts: 13
Joined: January 24th, 2008, 3:02 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware