Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Please help
   
BullGuard Antivirus Forum > Bullguard zone > BullGuard Trial users > Please help  
Forum Quick Jump
 
New Topic Post reply to : Please help Printable version of : Please help
[ << Previous Thread | Next Thread >> ]

will215
New Member


Date Joined Sep 2007
Total Posts : 4
  		   Posted 9-22-2007 3:26 (GMT +1)    Quote: Please helpAlert an admin about: Please help


Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 8:01:33 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Advanced Privacy Protector\pptray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/today/aimtoday.adp?type=2&product=9&platform=1&channel=336&build=6089&SN=DFLFGEHMENCO&CC=BHNH&PC=HDLNDJCBBA&segment=0&UTC=1162772994&LT=1162754994&nlogin=101
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nulware] C:\WINDOWS\System32\nulware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [NI.UGDC_0003_N108M2407] "C:\Documents and Settings\willaim Lee\Desktop\installer_en.exe" -nag
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [AdvPrivProt] C:\Program Files\Advanced Privacy Protector\pptray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_46.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msmhost - {93FF4DFA-988E-4272-B0B6-DD5268E187A3} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {ACC8B220-FBD5-4A2A-ABD7-112DA3A74292} - C:\WINDOWS\msmdev.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
anti-spyware log
 
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
 + Created at: 6:52:31 AM 9/18/2007
 + Scan result: 
 
C:\WINDOWS\Downloaded Program Files\RCX41.tmp -> Adware.180Solutions : No action taken.
C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP552\A0128400.exe -> Adware.Maxifiles : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP552\A0128446.exe -> Adware.Maxifiles : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP548\A0118724.exe -> Adware.UltimateDefender : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP552\A0128394.exe -> Adware.UltimateDefender : No action taken.
C:\WINDOWS\msmdev.dll -> Downloader.Agent.dag : No action taken.
[2780] C:\WINDOWS\msmdev.dll -> Downloader.Agent.dag : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP523\A0115822.exe -> Downloader.Zlob.bvj : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP480\A0110003.exe -> Dropper.Small : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP480\A0110030.exe -> Dropper.Small : No action taken.
C:\Documents and Settings\willaim Lee\Desktop\installer_en.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP548\A0120725.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@nielsen.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@3.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@ehg-yahoo.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@hotlog[1].txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@yadro[1].txt -> TrackingCookie.Yadro : No action taken.

::Report end
 
Rootlog
 
OOTCHK-(17-09-07)-LOG, by ejvindh
Sat 09/22/2007 10:06:18.72
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end

catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-22 10:06:20
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\win.tmp
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\winpoet_postinstallation.txt
C:\WINDOWS\WinPoET_PreInstallation.txt
C:\WINDOWS\WinSxS
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WMSysPrx.prx
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
C:\WINDOWS\_SETUPD_.EXE
hidden processes: 0
hidden services: 0
hidden files: 15

Combofix log
ComboFix 07-09-21.2 - "willaim Lee" 2007-09-21 18:28:33.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.126 [GMT -4:00]
 * Created a new restore point
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\WILLAI~1\Desktop\installer_en.exe
C:\DOCUME~1\WILLAI~1\FAVORI~1\Error Cleaner.url
C:\DOCUME~1\WILLAI~1\FAVORI~1\Privacy Protector.url
C:\DOCUME~1\WILLAI~1\FAVORI~1\Spyware&Malware Protection.url
C:\Program Files\Common Files\download
C:\Program Files\Common Files\download\3DEmoticons.zip
C:\Program Files\Common Files\inetget2
C:\Program Files\Common Files\windows
C:\Program Files\Common Files\windows\AutoIt3.exe
C:\Program Files\dns
C:\Program Files\dns\affid.dat
C:\Program Files\dns\cwebpage.dll
C:\Program Files\dns\uid.dat
C:\Program Files\dns\urls.dat
C:\Program Files\dns\version.txt
C:\Program Files\dns\x.bmp
C:\Program Files\Ultimate Defender
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\Uninstall.exe
c:\RECYCLER\desktopA.sys
C:\WINDOWS\dat.txt
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\msmdev.dll
C:\WINDOWS\msmhost.dll
C:\WINDOWS\nsduo.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\wmpdev.dll
C:\WINDOWS\wmphost.dll
.
(((((((((((((((((((((((((   Files Created from 2007-08-21 to 2007-09-21  )))))))))))))))))))))))))))))))
.
2007-09-21 18:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 20:35 <DIR> d-------- C:\Program Files\CCleaner
2007-09-17 20:06 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-16 19:16 <DIR> d-------- C:\HijackThis
2007-09-14 19:57 <DIR> d-------- C:\Program Files\Spyware Medic
2007-09-12 07:03 <DIR> d-------- C:\eea76f180bf833a187b8a56b8d1c66
2007-09-10 16:45 <DIR> d-------- C:\ac15180f32e97f35c622abd5e6
2007-09-10 15:25 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-09-10 15:25 <DIR> d-------- C:\Program Files\Crawler
2007-09-10 15:25 <DIR> d-------- C:\DOCUME~1\WILLAI~1\APPLIC~1\Spyware Terminator
2007-09-10 15:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-09-05 18:15 <DIR> d-------- C:\DOCUME~1\WILLAI~1\APPLIC~1\Spyware Medic
2007-09-05 14:49 <DIR> d-------- C:\Program Files\Advanced Privacy Protector
2007-09-03 11:27 <DIR> d-------- C:\DOCUME~1\WILLAI~1\APPLIC~1\Google
2007-09-03 11:22 <DIR> d-------- C:\DOCUME~1\WILLAI~1\APPLIC~1\PC Tools
2007-09-03 11:20 22,528 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
2007-09-03 11:20 15,872 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
2007-09-03 11:20 15,872 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
2007-09-03 11:20 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2007-09-03 11:20 <DIR> d-------- C:\Program Files\Google
2007-09-03 11:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2007-09-03 11:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-09-01 16:17 <DIR> d-------- C:\Program Files\SpyRemover
2007-09-01 16:16 <DIR> d-------- C:\DOCUME~1\WILLAI~1\APPLIC~1\Viewpoint
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 18:34 --------- d-------- C:\DOCUME~1\WILLAI~1\APPLIC~1\uTorrent
2007-09-20 18:28 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-03 15:06 --------- d-------- C:\Program Files\BearShare
2007-08-18 19:38 --------- d-------- C:\Program Files\PartyGaming
2007-07-30 13:16 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-24 22:46 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 22:45 --------- d-------- C:\Program Files\BeamFile
2007-07-24 22:44 --------- d-------- C:\Program Files\AIM+
2007-07-20 20:06 --------- d-------- C:\Program Files\Common Files\Vbox
2007-02-12 20:05 24192 --a--c--- C:\DOCUME~1\WILLAI~1\usbsermptxp.sys
2007-02-12 20:05 22768 --a--c--- C:\DOCUME~1\WILLAI~1\usbsermpt.sys
2006-11-17 13:35 5552 --a--c--- C:\DOCUME~1\WILLAI~1\APPLIC~1\FNTCACHE.BIN
2006-08-22 14:37 774144 --a------ C:\Program Files\RngInterstitial.dll
2005-11-21 15:15 1736 --a--c--- C:\Program Files\main.ini
2005-07-13 15:02 34929897 --a------ C:\Program Files\MS_LITE.exe
2005-04-02 22:06:41 91,136 --sh--w C:\WINDOWS\system32\nulware.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Nulware"="C:\WINDOWS\System32\nulware.exe" [2005-04-02 18:06]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-23 16:43]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 13:06]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-05-17 11:41]
"NI.UGDC_0003_N108M2407"="C:\Documents and Settings\willaim Lee\Desktop\installer_en.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Aim6"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-05-17 11:41]
"AdvPrivProt"="C:\Program Files\Advanced Privacy Protector\pptray.exe" [2002-10-30 18:24]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-20 20:06:11]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS
R3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\639563.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 mdxgthkn;mdxgthkn;\??\C:\DOCUME~1\WILLAI~1\LOCALS~1\Temp\mdxgthkn.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 PPDrv;Protector Plus Driver (UnRegistered);\??\C:\Program Files\Protector Plus\PPDrv.sys
S3 s116bus;Sony Ericsson Device 116 driver (WDM);C:\WINDOWS\system32\DRIVERS\s116bus.sys
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s116mdm.sys
S3 s116mgmt;Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS);C:\WINDOWS\system32\DRIVERS\s116nd5.sys
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s116obex.sys
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM);C:\WINDOWS\system32\DRIVERS\s116unic.sys
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 18:36:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\win.tmp
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\winpoet_postinstallation.txt
C:\WINDOWS\WinPoET_PreInstallation.txt
C:\WINDOWS\WinSxS
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WMSysPrx.prx
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
C:\WINDOWS\_SETUPD_.EXE
scan completed successfully
hidden files: 15
**************************************************************************
.
Completion time: 2007-09-21 18:40:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 18:40
.
 --- E O F ---

Hi...any questions?...juz msg me..thanks

Back to Top
 
New Topic Post reply to : Please help Printable version of : Please help
 
Forum Information
Currently it is Thursday, November 20, 2008 12:42 PM (GMT +1)
There are a total of 63.927 posts in 15.821 threads.
In the last 3 days there were 34 new threads and 154 reply posts. View Active Threads
Who's Online
This forum has 27174 registered members. Please welcome our newest member, anthonymcg.
37 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Generic.PWS.WoW.B7078E0 (12)20-11-2008 11:22:12 (Behram)
Malware.Trace / Trojan.Vundo - PLEASE HELP CAN'T REMOVE!! (2)20-11-2008 11:00:04 (patel121)
What's wrong with my computer? (5)20-11-2008 10:59:30 (Touch)
Google and Yahoo redirect and associated malfunctions (11)20-11-2008 10:58:05 (Touch)
Performance dive (6)20-11-2008 06:40:36 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard