snooker910
2007-02-10, 00:23
Hi All, I have received a nasty trojan and cannot seem to get rid of it.
Other symptoms, Cannot start "safe Mode" hangs up. I have tried to restart in safe mode by hitting F8 and the msconfig command with no success.
I have ran all anti virus includeing symantic. Here is a log file posted by someone else here. Combo Fix report.
"Ismael Carlo" - 07-02-09 14:10:30 Service Pack 2
ComboFix 07-02-08.2 - Running from: "C:\Documents and Settings\Ismael Carlo\Desktop\Temp"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\unsvchosts.exe
C:\WINDOWS\setup.exe
C:\Program Files\Common Files\{48702~2
C:\DOCUME~1\ISMAEL~1\Application Data\SearchToolbarCorp
C:\Program Files\Common Files\{48702~1
C:\WINDOWS\system32\svchosts.exe
((((((((((((((((((((((((((((((( Files Created from 2007-01-09 to 2007-02-09 ))))))))))))))))))))))))))))))))))
2007-02-09 14:15 <DIR> d-------- C:\DOCUME~1\ISMAEL~1\Application Data\SearchToolbarCorp
2007-02-09 14:14 88,340 --a------ C:\WINDOWS\system32\jmlourns.exe
2007-02-09 14:14 <DIR> d-------- C:\WINDOWS\ERDNT
2007-02-09 14:14 <DIR> d-------- C:\Program Files\VSAdd-in
2007-02-08 21:27 <DIR> d-------- C:\DOCUME~1\ISMAEL~1\Application Data\AVG7
2007-02-08 21:26 839,936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-08 21:26 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-08 21:26 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-08 21:26 27,776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-08 21:26 18,432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-08 21:26 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-02-08 21:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-08 21:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-02-08 21:19 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-08 21:19 <DIR> d-------- C:\Program Files\Grisoft
2007-02-08 17:33 990,507 ---hs---- C:\WINDOWS\system32\jjkkj.ini2
2007-02-08 13:14 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-02-07 10:02 990,353 ---hs---- C:\WINDOWS\system32\jjkkj.bak2
2007-02-06 23:35 975,211 ---hs---- C:\WINDOWS\system32\jjkkj.bak1
2007-02-06 23:35 277,183 ---hs---- C:\WINDOWS\system32\jkkjj.dll
2007-02-06 23:30 63 --a------ C:\WINDOWS\system32\yyd.bat
2007-02-06 23:30 22,686 ---hs---- C:\WINDOWS\system32\khfeefg.dll
2007-02-06 23:29 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-02-06 23:29 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-02-06 23:16 <DIR> d-------- C:\DOCUME~1\ISMAEL~1\Application Data\WinRAR
2007-01-20 13:24 <DIR> d-------- C:\Program Files\QuickTime
2007-01-09 23:03 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-09 20:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-09 20:46 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-09 20:46 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-09 00:02 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-01-09 00:02 <DIR> d-------- C:\Program Files\Common Files\Real
2007-01-09 00:00 <DIR> d-------- C:\DOCUME~1\ISMAEL~1\Application Data\Real
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-09 14:15 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\searchtoolbarcorp
2007-02-09 12:26 -------- d-------- C:\Program Files\Common Files\adobe
2007-02-09 12:10 33 --a------ C:\Documents and Settings\Ismael Carlo\Application Data\pcouffin.log
2007-02-09 12:10 -------- d-------- C:\Program Files\act
2007-02-09 12:10 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\vso
2007-02-09 12:09 81920 --a------ C:\Documents and Settings\Ismael Carlo\Application Data\ezpinst.exe
2007-02-09 12:09 7176 --a------ C:\Documents and Settings\Ismael Carlo\Application Data\pcouffin.cat
2007-02-09 12:09 47360 --a------ C:\Documents and Settings\Ismael Carlo\Application Data\pcouffin.sys
2007-02-09 12:09 1144 --a------ C:\Documents and Settings\Ismael Carlo\Application Data\pcouffin.inf
2007-02-09 10:45 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\avg7
2007-02-08 21:06 -------- d--h----- C:\Program Files\installshield installation information
2007-02-08 21:05 -------- d-------- C:\Program Files\limewire
2007-02-08 21:03 -------- d-------- C:\Program Files\cris net
2007-02-08 21:01 -------- d-------- C:\Program Files\apple software update
2007-02-08 21:00 -------- d-------- C:\Program Files\winamp
2007-02-07 18:34 -------- d-------- C:\Program Files\moodlogic
2007-02-07 18:04 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-07 17:39 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2007-02-07 17:39 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-07 17:39 -------- d-------- C:\Program Files\symantec
2007-02-06 23:16 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\winrar
2007-02-06 16:10 -------- d-------- C:\Program Files\quickqualifier
2007-02-04 13:17 -------- d-------- C:\Program Files\winforms 2000
2007-02-01 19:30 -------- d-------- C:\Program Files\quicken
2007-01-26 10:15 -------- d-------- C:\Program Files\mozilla firefox
2007-01-21 16:15 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\adobeum
2007-01-09 21:37 -------- d-------- C:\Program Files\rhapsody
2007-01-09 20:45 -------- d-------- C:\Program Files\windows media connect
2007-01-09 01:23 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\arcsoft
2007-01-09 00:02 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\real
2007-01-08 23:58 -------- d-------- C:\Program Files\real
2007-01-08 23:13 -------- d-------- C:\Program Files\Common Files\arcsoft
2007-01-08 23:08 -------- d-------- C:\Program Files\sandisk
2007-01-08 12:28 -------- d---s---- C:\Documents and Settings\Ismael Carlo\Application Data\microsoft
2007-01-08 09:42 -------- d-------- C:\Program Files\java
2006-12-28 20:43 -------- d-------- C:\Program Files\lavasoft
2006-12-28 20:43 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\lavasoft
2006-12-28 13:31 -------- d-------- C:\Program Files\losactivex
2006-12-27 13:54 -------- d-------- C:\Program Files\avidian technologies
2006-12-27 13:52 -------- d-------- C:\Program Files\microsoft sql server
2006-12-27 13:23 -------- d-------- C:\Program Files\windows installer clean up
2006-12-27 13:22 -------- d-------- C:\Program Files\msecache
2006-12-24 11:56 -------- d-------- C:\Program Files\shortkeys2
2006-12-24 11:56 -------- d-------- C:\Program Files\Common Files\insight software solutions
2006-12-24 10:52 -------- d-------- C:\Program Files\quicktime(2)
2006-12-24 10:51 -------- d-------- C:\Program Files\itunes(2)
2006-12-24 10:51 -------- d-------- C:\Program Files\ipod(2)
2006-12-19 17:03 -------- d-------- C:\Program Files\realvnc
2006-11-15 21:47 284 --a------ C:\Documents and Settings\Ismael Carlo\Application Data\viewerapp.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"IMC"="C:\\Program Files\\FriendFinder\\FriendFinder Messenger 30\\imc.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"Alcmtr"="ALCMTR.EXE"
"AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
"VAIO Recovery"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe"
"SonyPowerCfg"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
"ISBMgr.exe"="C:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"
"VAIO Update 2"="\"C:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary"
"WFXSwtch"="C:\\PROGRA~1\\WinFax\\WFXSWTCH.exe"
"WinFaxAppPortStarter"="wfxsnt40.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"TotalRecorderScheduler"="\"C:\\Program Files\\HighCriteria\\TotalRecorder\\TotRecSched.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"DLPSP"="\"C:\\Program Files\\Dell Printers\\Additional Color Laser Software\\Status Monitor\\DLPSP.EXE\""
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""
"{6AAC65E6-4DE2-4766-9352-2960C2BC6F54}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfeefg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e51e3c0-86cd-11da-99c3-806d6172696f}]
Shell\AutoRun\command E:\sony\Autorun.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Ismael Carlo.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{595D72EB-5BC9-4C3B-A169-8059E5F48347}.job
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-09 14:29:56
Other symptoms, Cannot start "safe Mode" hangs up. I have tried to restart in safe mode by hitting F8 and the msconfig command with no success.
I have ran all anti virus includeing symantic. Here is a log file posted by someone else here. Combo Fix report.
"Ismael Carlo" - 07-02-09 14:10:30 Service Pack 2
ComboFix 07-02-08.2 - Running from: "C:\Documents and Settings\Ismael Carlo\Desktop\Temp"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\unsvchosts.exe
C:\WINDOWS\setup.exe
C:\Program Files\Common Files\{48702~2
C:\DOCUME~1\ISMAEL~1\Application Data\SearchToolbarCorp
C:\Program Files\Common Files\{48702~1
C:\WINDOWS\system32\svchosts.exe
((((((((((((((((((((((((((((((( Files Created from 2007-01-09 to 2007-02-09 ))))))))))))))))))))))))))))))))))
2007-02-09 14:15 <DIR> d-------- C:\DOCUME~1\ISMAEL~1\Application Data\SearchToolbarCorp
2007-02-09 14:14 88,340 --a------ C:\WINDOWS\system32\jmlourns.exe
2007-02-09 14:14 <DIR> d-------- C:\WINDOWS\ERDNT
2007-02-09 14:14 <DIR> d-------- C:\Program Files\VSAdd-in
2007-02-08 21:27 <DIR> d-------- C:\DOCUME~1\ISMAEL~1\Application Data\AVG7
2007-02-08 21:26 839,936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-08 21:26 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-08 21:26 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-08 21:26 27,776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-08 21:26 18,432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-08 21:26 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-02-08 21:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-08 21:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-02-08 21:19 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-08 21:19 <DIR> d-------- C:\Program Files\Grisoft
2007-02-08 17:33 990,507 ---hs---- C:\WINDOWS\system32\jjkkj.ini2
2007-02-08 13:14 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-02-07 10:02 990,353 ---hs---- C:\WINDOWS\system32\jjkkj.bak2
2007-02-06 23:35 975,211 ---hs---- C:\WINDOWS\system32\jjkkj.bak1
2007-02-06 23:35 277,183 ---hs---- C:\WINDOWS\system32\jkkjj.dll
2007-02-06 23:30 63 --a------ C:\WINDOWS\system32\yyd.bat
2007-02-06 23:30 22,686 ---hs---- C:\WINDOWS\system32\khfeefg.dll
2007-02-06 23:29 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-02-06 23:29 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-02-06 23:16 <DIR> d-------- C:\DOCUME~1\ISMAEL~1\Application Data\WinRAR
2007-01-20 13:24 <DIR> d-------- C:\Program Files\QuickTime
2007-01-09 23:03 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-09 20:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-09 20:46 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-09 20:46 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-09 00:02 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-01-09 00:02 <DIR> d-------- C:\Program Files\Common Files\Real
2007-01-09 00:00 <DIR> d-------- C:\DOCUME~1\ISMAEL~1\Application Data\Real
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-09 14:15 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\searchtoolbarcorp
2007-02-09 12:26 -------- d-------- C:\Program Files\Common Files\adobe
2007-02-09 12:10 33 --a------ C:\Documents and Settings\Ismael Carlo\Application Data\pcouffin.log
2007-02-09 12:10 -------- d-------- C:\Program Files\act
2007-02-09 12:10 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\vso
2007-02-09 12:09 81920 --a------ C:\Documents and Settings\Ismael Carlo\Application Data\ezpinst.exe
2007-02-09 12:09 7176 --a------ C:\Documents and Settings\Ismael Carlo\Application Data\pcouffin.cat
2007-02-09 12:09 47360 --a------ C:\Documents and Settings\Ismael Carlo\Application Data\pcouffin.sys
2007-02-09 12:09 1144 --a------ C:\Documents and Settings\Ismael Carlo\Application Data\pcouffin.inf
2007-02-09 10:45 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\avg7
2007-02-08 21:06 -------- d--h----- C:\Program Files\installshield installation information
2007-02-08 21:05 -------- d-------- C:\Program Files\limewire
2007-02-08 21:03 -------- d-------- C:\Program Files\cris net
2007-02-08 21:01 -------- d-------- C:\Program Files\apple software update
2007-02-08 21:00 -------- d-------- C:\Program Files\winamp
2007-02-07 18:34 -------- d-------- C:\Program Files\moodlogic
2007-02-07 18:04 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-07 17:39 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2007-02-07 17:39 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-07 17:39 -------- d-------- C:\Program Files\symantec
2007-02-06 23:16 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\winrar
2007-02-06 16:10 -------- d-------- C:\Program Files\quickqualifier
2007-02-04 13:17 -------- d-------- C:\Program Files\winforms 2000
2007-02-01 19:30 -------- d-------- C:\Program Files\quicken
2007-01-26 10:15 -------- d-------- C:\Program Files\mozilla firefox
2007-01-21 16:15 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\adobeum
2007-01-09 21:37 -------- d-------- C:\Program Files\rhapsody
2007-01-09 20:45 -------- d-------- C:\Program Files\windows media connect
2007-01-09 01:23 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\arcsoft
2007-01-09 00:02 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\real
2007-01-08 23:58 -------- d-------- C:\Program Files\real
2007-01-08 23:13 -------- d-------- C:\Program Files\Common Files\arcsoft
2007-01-08 23:08 -------- d-------- C:\Program Files\sandisk
2007-01-08 12:28 -------- d---s---- C:\Documents and Settings\Ismael Carlo\Application Data\microsoft
2007-01-08 09:42 -------- d-------- C:\Program Files\java
2006-12-28 20:43 -------- d-------- C:\Program Files\lavasoft
2006-12-28 20:43 -------- d-------- C:\Documents and Settings\Ismael Carlo\Application Data\lavasoft
2006-12-28 13:31 -------- d-------- C:\Program Files\losactivex
2006-12-27 13:54 -------- d-------- C:\Program Files\avidian technologies
2006-12-27 13:52 -------- d-------- C:\Program Files\microsoft sql server
2006-12-27 13:23 -------- d-------- C:\Program Files\windows installer clean up
2006-12-27 13:22 -------- d-------- C:\Program Files\msecache
2006-12-24 11:56 -------- d-------- C:\Program Files\shortkeys2
2006-12-24 11:56 -------- d-------- C:\Program Files\Common Files\insight software solutions
2006-12-24 10:52 -------- d-------- C:\Program Files\quicktime(2)
2006-12-24 10:51 -------- d-------- C:\Program Files\itunes(2)
2006-12-24 10:51 -------- d-------- C:\Program Files\ipod(2)
2006-12-19 17:03 -------- d-------- C:\Program Files\realvnc
2006-11-15 21:47 284 --a------ C:\Documents and Settings\Ismael Carlo\Application Data\viewerapp.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"IMC"="C:\\Program Files\\FriendFinder\\FriendFinder Messenger 30\\imc.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"Alcmtr"="ALCMTR.EXE"
"AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
"VAIO Recovery"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe"
"SonyPowerCfg"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
"ISBMgr.exe"="C:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"
"VAIO Update 2"="\"C:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary"
"WFXSwtch"="C:\\PROGRA~1\\WinFax\\WFXSWTCH.exe"
"WinFaxAppPortStarter"="wfxsnt40.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"TotalRecorderScheduler"="\"C:\\Program Files\\HighCriteria\\TotalRecorder\\TotRecSched.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"DLPSP"="\"C:\\Program Files\\Dell Printers\\Additional Color Laser Software\\Status Monitor\\DLPSP.EXE\""
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=""
"{6AAC65E6-4DE2-4766-9352-2960C2BC6F54}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfeefg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e51e3c0-86cd-11da-99c3-806d6172696f}]
Shell\AutoRun\command E:\sony\Autorun.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Ismael Carlo.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{595D72EB-5BC9-4C3B-A169-8059E5F48347}.job
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-09 14:29:56