Just a few days ago I was working with davis on my Project1.exe problem. davis was INCREDIBLY helpful to me, but unfortunately my family had a loss of internet connection, and I had to let my topic be closed because I couldn't reply.
Here is the old thread:
viewtopic.php?f=11&t=41869
Here is my HJT log as well as the other logs davis requested from me in his last post.
Logfile of HijackThis v1.99.1
Scan saved at 9:29:19 PM, on 5/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
ComboFix 09-05-08.03 - My name 05/09/2009 16:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.290 [GMT -6:00]
Running from: c:\documents and settings\My name\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\My name\Desktop\CFScript.txt
AV: *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))))
.
2009-04-26 18:59 . 2009-04-26 19:00 -------- d-----w C:\rsit
2009-04-24 02:40 . 2009-04-24 02:40 -------- d-----w c:\documents and settings\Family\Application Data\acccore
2009-04-24 02:37 . 2009-04-24 02:37 -------- d-----w c:\documents and settings\Family\Local Settings\Application Data\AOL OCP
2009-04-20 02:40 . 2009-04-20 02:39 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 00:27 . 2009-04-19 00:27 -------- d-----w c:\documents and settings\Family\Local Settings\Application Data\Mozilla
2009-04-13 22:54 . 2009-04-29 03:52 -------- d-----w c:\program files\Trend Micro
2009-04-12 18:02 . 2009-04-12 18:02 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-04-12 17:41 . 2009-04-13 22:51 -------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan
2009-04-11 03:19 . 2009-04-11 04:28 -------- d-----w c:\documents and settings\My name\Application Data\Mumble
2009-04-11 02:31 . 2009-04-11 03:19 -------- d-----w c:\program files\Mumble
2009-04-11 01:52 . 2009-04-11 02:47 -------- d-----w c:\program files\Phantasy Star Online Blue Burst
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 02:38 . 2005-06-13 04:19 -------- d-----w c:\program files\Viewpoint
2009-04-28 01:09 . 2006-06-26 22:48 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-20 02:39 . 2005-09-15 19:25 -------- d-----w c:\program files\Java
2009-04-14 04:17 . 2005-09-08 01:47 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-13 22:22 . 2005-09-22 00:26 -------- d-----w c:\program files\Real
2009-04-13 04:30 . 2009-03-26 03:31 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 21:32 . 2009-03-26 03:31 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 21:32 . 2009-03-26 03:31 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-24 04:59 . 2009-03-24 04:57 -------- d-----w c:\program files\The KMPlayer
2009-03-23 07:11 . 2009-03-23 07:11 -------- d-----w c:\program files\BillP Studios
2009-03-22 19:33 . 2008-01-11 01:26 -------- d-----w c:\program files\Steam
2009-03-22 06:36 . 2009-03-22 06:35 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-22 06:35 . 2009-03-22 06:35 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-22 06:35 . 2009-03-22 06:35 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-22 06:35 . 2009-03-22 06:35 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-22 05:56 . 2005-06-13 07:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 05:54 . 2005-10-10 18:20 -------- d-----w c:\program files\Webteh
2009-03-22 05:54 . 2008-02-04 03:22 -------- d-----w c:\program files\Audacity
2009-03-22 05:53 . 2005-09-08 01:48 -------- d-----w c:\program files\Lavasoft
2009-03-21 22:53 . 2009-03-21 22:53 22328 ----a-w c:\documents and settings\My name\Application Data\PnkBstrK.sys
2009-03-18 04:19 . 2005-06-13 04:06 -------- d-----w c:\program files\BitComet
2009-03-17 14:56 . 2006-01-02 20:54 -------- d-----r c:\program files\Skype
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-16 185896]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-03-17 337216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-20 148888]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"aux"= ctwdm32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindService"=2 (0x2)
"mnmsrvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"BITS"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intel\\Createshare\\VideoPhone\\VP50.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Mame32K\\kaillerasrv.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11000:TCP"= 11000:TCP:PSOBB
"11001:TCP"= 11001:TCP:PSOBB2
"11100:TCP"= 11100:TCP:PSOBB3
"11101:TCP"= 11101:TCP:PSOBB4
"12000:TCP"= 12000:TCP:PSOBB5
"12001:TCP"= 12001:TCP:PSOBB6
"12002:TCP"= 12002:TCP:PSOBB7
"12003:TCP"= 12003:TCP:PSOBB8
"12004:TCP"= 12004:TCP:PSOBB9
"12005:TCP"= 12005:TCP:PSOBB10
"12006:TCP"= 12006:TCP:PSOBB11
"12007:TCP"= 12007:TCP:PSOBB12
"12008:TCP"= 12008:TCP:PSOBB13
"12009:TCP"= 12009:TCP:PSOBB14
"12010:TCP"= 12010:TCP:PSOBB15
"12011:TCP"= 12011:TCP:PSOBB16
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [9/7/2005 7:40 PM 58464]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/18/2001 6:00 AM 14336]
R3 ICAM3NT5;Intel(r) PC Camera CS331;c:\windows\system32\drivers\ICAM3D2.SYS [6/13/2005 1:56 AM 145184]
S3 XDva011;XDva011;\??\c:\windows\system32\XDva011.sys --> c:\windows\system32\XDva011.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\My name\Application Data\Mozilla\Firefox\Profiles\fjx4dmnv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\My name\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 16:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\EntApi.dll
- - - - - - - > 'explorer.exe'(2208)
c:\windows\system32\EntApi.dll
.
Completion time: 2009-05-09 16:28
ComboFix-quarantined-files.txt 2009-05-09 22:27
ComboFix2.txt 2009-04-29 03:51
Pre-Run: 20,079,058,944 bytes free
Post-Run: 20,068,499,456 bytes free
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 9, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 09, 2009 23:23:29
Records in database: 2152693
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Files scanned: 92115
Threat name: 2
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:57:27
File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\SecTaskMan\server.exe.q_Quarantine_32B4AC69_q Infected: Worm.Win32.AutoRun.fon 1
C:\Documents and Settings\All Users\Application Data\SecTaskMan\server.exe.q_Quarantine_32B4AC69_q.old Infected: Worm.Win32.AutoRun.fon 1
C:\Documents and Settings\My name\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-763e2cce Infected: Exploit.Java.Gimsh.a 1
C:\Qoobox\Quarantine\C\Documents and Settings\My name\Application Data\server.exe.vir Infected: Worm.Win32.AutoRun.fon 1
C:\Qoobox\Quarantine\C\Documents and Settings\Family\Application Data\server.exe.vir Infected: Worm.Win32.AutoRun.fon 1
C:\Qoobox\Quarantine\C\WINDOWS\server.exe.vir Infected: Worm.Win32.AutoRun.fon 1
The selected area was scanned.