Just a few things to note.
1. Processed moveit
2. Processed stop/delete service
3. Processed combofix
4. Processed hjt
I tried to run combofix again and of course it hung and I did catch a flash of an error stating it could not be accessed because it was in use by another process. So, I had to do the hard reset again. Once the system came back online, I went to task manager and the rtvscan was high priority on the mem usage. So, I stopped the services for Symantec Antivirus and then ran ComboFix, successfully. I hope it did not affect anything by stopping Symantec Antivirus, it is set to automatically start, so it is back online.
When combofix rebooted the system an error came up as follows as much as I can remember, maximum registry file is too small, windows may not run propery, increase registry size.
When I went to the directory to execute HJT this time, I noticed there was a new executable the same size as the showme.exe file named
Adminstrator.exe. I don't remember it being there before, but I am not quite sure.
Here is the information you requested:
COMBOFIX:
ComboFix 07-11-08.1 - Administrator 2007-11-08 22:26:14.4 -
FAT32x86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\4ECR2DK7\www.broadcaster.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Administrator\My Documents\RACLE~1
C:\WINNT\cookies.ini
C:\WINNT\Downloaded Program Files\Quarantine
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml
C:\WINNT\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe
C:\WINNT\system32\driver
C:\WINNT\system32\MabryObj.dll
C:\WINNT\system32\scurit~1
C:\WINNT\system32\scurit~1\s?curity\
C:\WINNT\system32\ututv.bak2
C:\WINNT\system32\ututv.ini
C:\WINNT\system32\ututv.ini2
C:\WINNT\system32\ututv.tmp
C:\WINNT\system32\vtutu.dll
C:\WINNT\system32\wnsapisv.exe
C:\WINNT\wr.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
-------\nm
((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
.
2007-11-08 15:54 <DIR> d-------- C:\Deckard
2007-11-08 10:49 51,200 --a------ C:\WINNT\NirCmd.exe
2007-11-08 08:47 1,648 --a------ C:\WINNT\system32\tmp.reg
2007-11-04 08:18 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-03 11:50 271,224 --a------ C:\WINNT\system32\mucltui.dll
2007-10-31 01:03 <DIR> d-------- C:\VundoFix Backups
2007-10-30 15:53 102,664 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2007-10-30 15:52 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-10-25 18:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\NeroVision
2007-10-25 18:17 1,155,072 --------- C:\WINNT\UNNeroVision.exe
2007-10-25 18:16 <DIR> d-------- C:\WINNT\InCD
2007-10-25 18:16 1,155,072 --------- C:\WINNT\NuNinst.exe
2007-10-25 18:16 85,360 --------- C:\WINNT\system32\drivers\incdfs.sys
2007-10-25 18:16 26,784 --------- C:\WINNT\system32\drivers\incdpass.sys
2007-10-25 18:16 4,976 --------- C:\WINNT\system32\drivers\incdrec.sys
2007-10-25 18:15 89,184 --------- C:\WINNT\system32\drivers\imagedrv.sys
2007-10-25 18:14 <DIR> d-------- C:\Program Files\Ahead
2007-10-25 18:14 569,344 --a------ C:\WINNT\system32\imagr5.dll
2007-10-25 18:14 544,768 --a------ C:\WINNT\system32\imagx5.dll
2007-10-25 18:14 283,920 --a------ C:\WINNT\system32\ImagXpr5.dll
2007-10-25 18:14 155,648 --a------ C:\WINNT\system32\NeroCheck.exe
2007-10-25 18:14 38,912 --a------ C:\WINNT\system32\picn20.dll
2007-10-25 17:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
2007-10-25 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-25 10:26 53,248 --a------ C:\WINNT\bdoscandel.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-01 00:20 164 ----a-w C:\install.dat
2007-09-17 23:40 524,288 ----a-w C:\WINNT\opuc.dll
2005-02-04 19:39 1,349,007 ----a-w C:\Documents and Settings\My Documents\MasterMailer.exe
2002-09-10 22:09 271 ---h--w C:\Program Files\desktop.ini
2002-09-10 22:09 21,952 ---h--w C:\Program Files\folder.htt
2001-05-08 18:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
2007-02-06 03:38:00 1,682 --sha-w C:\WINNT\system32\KGyGaAvL.sys
2007-02-06 03:38:00 56 --sh--r C:\WINNT\system32\3557938702.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"blspcloader"="C:\Program Files\BellSouth Internet Tools\blsloader.exe" [06-11-12 15:04 ]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe]
"ScreenPrint32"="C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" [03-05-15 21:36 ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [01-02-20 13:09 C:\WINNT\system32\CTFMON.EXE]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08]
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-07-17 18:24:41]
Monitor.lnk - C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe [2007-01-13 22:25:47]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B4870B70-F390-11d2-9FB9-F4ED725EA20D}"= C:\WINNT\System32\NalExpEx.dll [00-11-14 10:45 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
nwprovau.dll 06-08-31 23:49 140048 C:\WINNT\system32\NWPROVAU.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll, zwebauth.dll
R3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\WINNT\system32\Drivers\usbbc2.sys
S3 BrUsbMdm;Brother MFC USB FaxModem driver;C:\WINNT\system32\Drivers\BrUsbMdm.sys
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINNT\system32\Drivers\BrUsbScn.sys
S3 OracleOraHome90ClientCache;OracleOraHome90ClientCache;C:\oracle\ora90\BIN\ONRSD.EXE
S3 VNCTEMP;Gencontrol WinVNC temporary service;"C:\VNCTEMP\WinVNC.exe" -service
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-08 22:33:51
Windows 5.0.2195 Service Pack 4 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-08 22:34:40 - machine was rebooted
.
--- E O F ---
HJT:
Logfile of HijackThis v1.99.1
Scan saved at 10:37:49 PM, on 11/8/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\HijackThis\showme.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.254
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) -
http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -
http://www.trendsecure.com/framework/co ... mHcmsX.CAB
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
http://www.ca.com/us/securityadvisor/pe ... stscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) -
http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OracleOraHome90ClientCache - Unknown owner - C:\oracle\ora90\BIN\ONRSD.EXE (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Gencontrol WinVNC temporary service (VNCTEMP) - Unknown owner - C:\VNCTEMP\WinVNC.exe" -service (file missing)