Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27, on 2008-01-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Cazper.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 3848 bytes
ComboFix 08-01-23.2 - casper 2008-01-29 18:22:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1691 [GMT -6:00]
Running from: C:\Documents and Settings\casper\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\casper\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\DOCUME~1\casper\APPLIC~1\SSTEM~1\cmd.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\casper\Application Data\SSTEM~1
C:\Documents and Settings\casper\Application Data\SSTEM~1\cmd .exe
C:\Documents and Settings\casper\Application Data\SSTEM~1\cmd.exe
C:\Documents and Settings\casper\Application Data\SSTEM~1\s?stem\
C:\Documents and Settings\casper\Local Settings\Application Data\135050f7 .exe
C:\Documents and Settings\casper\Local Settings\Application Data\135050f7.exe
C:\Documents and Settings\casper\Start Menu\Programs\UltimateCleaner 2007
C:\Documents and Settings\casper\Start Menu\Programs\UltimateCleaner 2007\Register UltimateCleaner 2007.lnk
C:\Documents and Settings\casper\Start Menu\Programs\UltimateCleaner 2007\Start UltimateCleaner 2007.lnk
C:\Documents and Settings\casper\Start Menu\Programs\UltimateCleaner 2007\Uninstall UltimateCleaner 2007.lnk
C:\info.exe
C:\PROGRA~1\COMMON~1\wffu\wffum .exe
C:\Program Files\Common Files\wffu
C:\Program Files\Common Files\wffu\wffua.lck
C:\Program Files\Common Files\wffu\wffud\class-barrel
C:\Program Files\Common Files\wffu\wffud\vocabulary
C:\Program Files\Common Files\wffu\wffud\wffuc.dll
C:\Program Files\Common Files\wffu\wfful.exe
C:\Program Files\Common Files\wffu\wfful.lck
C:\Program Files\Common Files\wffu\wffum .exe
C:\Program Files\Common Files\wffu\wffum.exe
C:\Program Files\Common Files\wffu\wffum.lck
C:\Program Files\Common Files\wffu\wffup.exe
C:\Program Files\ComPlus Applications\nixyheqix455101.dll
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB .EXE
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Dot1XCfg\Dot1XCfg .exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\inetget2
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\outerinfo
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\sks~1
C:\Program Files\sks~1\??plorer.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\script.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\Words\Words .exe
C:\Program Files\Words\Words.exe
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\mrofinu72.exe.tmp
C:\WINDOWS\system32\135050f7 .exe
C:\WINDOWS\system32\135050f7.exe
C:\WINDOWS\system32\AEAAAFAAABADB2.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.exe
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.exe
C:\WINDOWS\system32\npsxvblx.ini
C:\WINDOWS\system32\psc_mon .exe
C:\WINDOWS\system32\pxsqvcyw.ini
C:\WINDOWS\system32\RCX22.tmp
C:\WINDOWS\system32\RCX24.tmp
C:\WINDOWS\system32\RCX30.tmp
C:\WINDOWS\system32\RCX3E.tmp
C:\WINDOWS\system32\spoolsvv.exe
C:\WINDOWS\system32\wnsapisv32.exe
C:\WINDOWS\wffu
C:\WINDOWS\wffu\wffu.dat
C:\WINDOWS\wffu\wu
C:\WINDOWS\Y2FzcGVy\
C:\WINDOWS\Y2FzcGVy\\asappsrv.dll
C:\WINDOWS\Y2FzcGVy\\sZIWw3pV.vbs
- Code: Select all
<pre>
C:\Documents and Settings\casper\Local Settings\Application Data\135050f7 .exe ---> QooBox
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB .EXE ---> QooBox
C:\Program Files\Dot1XCfg\Dot1XCfg .exe ---> QooBox
C:\Program Files\iTunes\iTunesHelper .exe ---> QooBox
C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe ---> QooBox
C:\Program Files\MSN Messenger\MsnMsgr .Exe ---> QooBox
C:\Program Files\Words\Words .exe ---> QooBox
C:\WINDOWS\system32\135050f7 .exe ---> QooBox
</pre>
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\LEGACY_MMX4XM
-------\LEGACY_MMX4XT
-------\mmx4xm
-------\mmx4xt
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.
2008-01-25 07:15 . 2008-01-25 07:15 <DIR> d-------- C:\Program Files\Avira
2008-01-23 18:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-16 18:29 . 2008-01-16 18:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-14 18:14 . 2008-01-16 18:11 <DIR> d-------- C:\VundoFix Backups
2008-01-14 15:36 . 2008-01-14 15:36 <DIR> d-------- C:\WINDOWS\system32\99959A9596989D
2008-01-13 17:28 . 2008-01-14 17:07 357 --a------ C:\WINDOWS\wininit.ini
2008-01-13 12:48 . 2008-01-23 18:38 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-10 18:29 . 2008-01-10 18:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-08 18:33 . 2008-01-08 18:34 38 --a------ C:\WINDOWS\avisplitter.INI
2007-12-17 13:00 . 2007-12-17 13:12 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-17 13:00 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2007-12-17 13:00 . 2007-07-29 16:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-17 13:00 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-12-17 12:43 . 2007-12-11 16:34 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-12-17 12:43 . 2007-12-11 16:34 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-12-15 14:40 . 2007-12-11 16:34 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-12-15 14:40 . 2007-03-07 17:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-15 14:40 . 2007-03-07 17:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-14 09:30 . 2008-01-13 12:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-14 09:30 . 2007-12-14 09:30 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-11 22:00 . 2007-12-11 22:00 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-11 16:34 . 2007-12-11 16:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 16:34 . 2007-12-11 16:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 16:34 . 2007-12-11 16:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 16:33 . 2007-12-11 16:33 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 16:33 . 2007-12-11 16:33 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-12-11 16:33 . 2007-12-11 16:33 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-12-11 16:33 . 2007-12-11 16:33 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-12-11 16:33 . 2007-12-11 16:33 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-12-11 16:33 . 2007-12-11 16:33 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-12-11 16:33 . 2007-12-11 16:33 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-12-11 16:33 . 2007-12-11 16:33 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 16:33 . 2007-12-11 16:33 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-12-11 16:33 . 2007-12-11 16:33 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-12-11 16:32 . 2007-12-11 16:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 16:32 . 2007-12-11 16:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 15:32 . 2007-12-11 15:32 <DIR> d-------- C:\Program Files\Realtek AC97
2007-12-11 15:32 . 2006-12-08 15:20 10,528,768 -ra------ C:\WINDOWS\system32\RTLCPL.exe
2007-12-11 15:32 . 2007-04-16 15:28 577,536 -ra------ C:\WINDOWS\soun3365.rra
2007-12-11 15:32 . 2006-10-18 02:53 147,456 -ra------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-12-11 15:32 . 2006-08-01 15:02 49,152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-12-11 15:00 . 2007-12-11 15:00 <DIR> d-------- C:\drivers
2007-12-11 14:42 . 2007-12-11 14:42 <DIR> d-------- C:\Program Files\Activision
2007-12-11 10:41 . 2007-12-11 10:41 <DIR> d-------- C:\Program Files\Ventrilo
2007-12-11 10:41 . 2007-12-11 10:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-11 09:43 . 2007-12-11 09:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 00:19 --------- d-----w C:\Program Files\mozilla2
2008-01-25 13:08 --------- d-s---w C:\Program Files\Xfire
2008-01-24 00:38 --------- d-----w C:\Program Files\QuickTime
2008-01-24 00:38 --------- d-----w C:\Program Files\MSN Messenger
2008-01-24 00:38 --------- d-----w C:\Program Files\iTunes
2008-01-14 01:44 --------- d-----w C:\Program Files\Steam
2007-12-30 16:17 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-30 16:17 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-30 16:17 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-17 19:10 --------- d-----w C:\Program Files\DivX
2007-12-15 20:40 --------- d-----w C:\Program Files\Winamp
2007-12-11 20:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-05 00:16 356,352 ----a-w C:\WINDOWS\system32\nvusmb.exe
2007-10-05 00:16 356,352 ----a-w C:\WINDOWS\system32\NVUninst.exe
2007-10-05 00:16 356,352 ----a-w C:\WINDOWS\system32\nvumctl.exe
2007-10-05 00:16 356,352 ----a-w C:\WINDOWS\system32\nvuide.exe
2007-10-05 00:16 356,352 ----a-w C:\WINDOWS\system32\nvugart.exe
2007-10-05 00:16 356,352 ----a-w C:\WINDOWS\system32\nvuenet.exe
2007-10-05 00:16 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 23:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 23:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 23:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 23:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 23:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 23:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 23:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 23:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 23:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 23:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 23:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 23:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 23:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 23:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 23:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 23:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 23:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 23:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 23:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 23:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 23:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 23:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 23:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 23:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 23:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 23:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 23:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 23:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 23:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
1998-08-24 18:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\WINDOWS\system32\99959A9596989D ----
2008-01-24 17:02 58 --a------ C:\WINDOWS\system32\99959A9596989D\C7C3C8C3C4C6CB
((((((((((((((((((((((((((((( snapshot@2008-01-23_18.43.09.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-24 00:33:30 434,176 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-30 00:22:00 434,176 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-24 00:33:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-30 00:22:01 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-24 00:33:30 434,176 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-30 00:22:01 434,176 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-24 00:33:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-30 00:22:01 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-24 00:33:30 3,629,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-30 00:22:01 3,629,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-24 00:33:31 98,304 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-30 00:22:01 98,304 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-08-09 19:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 20:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-25 13:44:19 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 16:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"AudioHQ"="C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" [ ]
"Creative Launcher"="C:\Program Files\Creative\Launcher\CTLauncher.exe" [ ]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\SOUNDMAN.EXE]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-25 07:44 249896]
C:\Documents and Settings\casper\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2008-01-10 18:29:50 2872144]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mmx4xm.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mmx4xt.sys]
@="Driver"
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 12:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{503eea5e-5574-11da-95eb-000fea32f1aa}]
\Shell\AutoRun\command - H:\Autorun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-29 18:26:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.