View Full Version : virus infection need help
Hello,
I have a computer that is apparently infected. The machine will not allow access to microsoft, or anti virus websites. See HJT log below, thanks for your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:36 AM, on 1/1/2001
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\windows\system32\rlvknlg.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?978336790187
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 9620 bytes
Hi texsun
Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)
Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..
Hello Shaba,
Thank you for your assistance, here is the log the gmer program produced:
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2001-01-02 12:42:28
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxldapog.sys
---- System - GMER 1.0.15 ----
SSDT 83B54D60 ZwConnectPort
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[964] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 00C4ADCD
.text C:\WINDOWS\System32\svchost.exe[964] NETAPI32.dll!NetpwPathCanonicalize 5B86A259 5 Bytes JMP 00C4AD64
.text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 0070ADCD
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1152] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 00519258 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] fgcluazqt <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\fgcluazqt@DisplayName Server Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\fgcluazqt@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\fgcluazqt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\fgcluazqt@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\fgcluazqt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\fgcluazqt@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\fgcluazqt@Description Provides launch functionality for DCOM services.
Reg HKLM\SYSTEM\CurrentControlSet\Services\fgcluazqt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\fgcluazqt\Parameters@ServiceDll C:\WINDOWS\system32\jyedq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\fgcluazqt@DisplayName Server Security
Reg HKLM\SYSTEM\ControlSet002\Services\fgcluazqt@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\fgcluazqt@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\fgcluazqt@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\fgcluazqt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\fgcluazqt@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\fgcluazqt@Description Provides launch functionality for DCOM services.
Reg HKLM\SYSTEM\ControlSet002\Services\fgcluazqt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\fgcluazqt\Parameters@ServiceDll C:\WINDOWS\system32\jyedq.dll
---- EOF - GMER 1.0.15 ----
Have a great day, Texsun!
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
Good day Shaba,
Here is the combofix log and HJT report.
ComboFix 09-10-20.03 - Owner 01/03/2001 8:22.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.119 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\Starware
c:\documents and settings\Owner\Application Data\Starware\Manager\ManagerOptions.xml
c:\documents and settings\Owner\Application Data\Starware\Manager\ManagerOptions.xml.backup
c:\program files\Accoona
c:\program files\Accoona\tbquiesce.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\128cb.msi
c:\windows\Installer\5b906f33.msi
c:\windows\NDNuninstall6_38.exe
c:\windows\NDNuninstall6_98.exe
c:\windows\system32\cemetrix.dll
c:\windows\system32\iAlmcoin.dll
c:\windows\system32\rk.bin
c:\windows\system32\rlls.dll
c:\windows\system32\rlvknlg.exe
c:\windows\viassary-hp.reg
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2000-12-03 to 2001-01-03 )))))))))))))))))))))))))))))))
.
2006-08-16 07:22 . 2002-08-29 12:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2006-08-16 07:22 . 2002-08-29 12:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2006-08-16 07:22 . 2002-08-29 12:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2006-08-16 07:22 . 2002-08-29 12:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2006-07-20 18:15 . 2006-08-16 05:55 -------- d-----w- c:\documents and settings\Owner\Contacts
2006-06-22 10:47 . 2006-06-22 10:47 181248 -c----w- c:\windows\system32\dllcache\rasmans.dll
2006-06-16 21:34 . 2006-06-16 21:34 48936 ----a-w- c:\windows\system32\sirenacm.dll
2006-05-10 05:23 . 2006-05-10 05:23 532480 -c----w- c:\windows\system32\dllcache\mstime.dll
2006-05-10 05:23 . 2006-05-10 05:23 448512 -c----w- c:\windows\system32\dllcache\mshtmled.dll
2006-05-10 05:23 . 2006-05-10 05:23 39424 -c----w- c:\windows\system32\dllcache\pngfilt.dll
2006-05-10 05:22 . 2006-05-10 05:22 96256 -c----w- c:\windows\system32\dllcache\inseng.dll
2006-05-10 05:22 . 2006-05-10 05:22 55808 -c----w- c:\windows\system32\dllcache\extmgr.dll
2006-05-10 05:22 . 2006-05-10 05:22 357888 -c----w- c:\windows\system32\dllcache\dxtmsft.dll
2006-05-10 05:22 . 2006-05-10 05:22 205312 -c----w- c:\windows\system32\dllcache\dxtrans.dll
2006-05-10 05:22 . 2006-05-10 05:22 16384 -c----w- c:\windows\system32\dllcache\jsproxy.dll
2006-05-10 05:22 . 2006-05-10 05:22 151040 -c----w- c:\windows\system32\dllcache\cdfview.dll
2006-05-10 05:22 . 2006-05-10 05:22 1054208 -c----w- c:\windows\system32\dllcache\danim.dll
2006-05-09 14:10 . 2006-05-09 14:10 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeAUM
2006-05-09 11:00 . 2006-05-09 11:00 18432 -c----w- c:\windows\system32\dllcache\iedw.exe
2006-05-05 09:47 . 2006-05-05 09:47 174592 -c----w- c:\windows\system32\dllcache\rdbss.sys
2006-05-05 09:41 . 2006-05-05 09:41 453120 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2006-05-03 21:42 . 2006-05-03 22:55 3167744 ----a-w- c:\documents and settings\Owner\gosetup.exe
2006-04-24 02:55 . 2001-01-01 07:25 -------- d-----w- c:\program files\Destroyer Command
2006-04-20 11:51 . 2006-04-20 11:51 359808 -c----w- c:\windows\system32\dllcache\tcpip.sys
2006-04-19 23:47 . 2006-04-19 23:49 297 ----a-w- c:\windows\EReg072.dat
2006-04-19 23:45 . 2006-04-19 23:45 -------- d-----w- c:\program files\Electronic Arts
2006-04-19 23:40 . 2006-04-19 23:40 -------- d-----w- C:\VADV
2006-04-18 21:14 . 2006-04-18 21:14 147495 ----a-w- c:\windows\system32\rmocx.dll
2006-03-17 00:38 . 2006-03-17 00:38 28672 ------w- c:\windows\system32\verclsid.exe
2006-02-09 12:24 . 2006-02-09 12:24 -------- d-----w- c:\windows\Hewlett-Packard
2006-02-09 12:22 . 2004-02-04 17:22 40960 ----a-w- c:\windows\system32\d4channel.dll
2006-02-09 12:22 . 2003-07-02 18:15 61440 ----a-w- c:\windows\system32\PMLJNI.dll
2006-02-09 12:22 . 2003-06-20 17:21 36864 ----a-w- c:\windows\system32\hpbmmjno.dll
2006-02-09 12:22 . 2003-06-16 21:52 74752 ----a-w- c:\windows\system32\jst.dll
2006-02-09 12:21 . 2006-02-09 12:23 -------- d--h--w- c:\program files\Zero G Registry
2006-02-09 12:18 . 2003-07-25 19:20 61699 ----a-w- c:\windows\system32\HPZinw12.exe
2006-02-09 12:18 . 2003-07-21 21:24 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2006-02-09 12:18 . 2003-07-21 21:24 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2006-02-09 12:18 . 2003-12-10 20:32 49152 ----a-r- c:\windows\system32\hpbprnfx.exe
2006-02-09 12:18 . 2006-02-09 12:18 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2006-02-09 12:17 . 2006-02-09 12:19 13438 ----a-w- c:\windows\hpbins01.dat
2006-02-09 12:17 . 2004-04-08 12:39 1380 ------w- c:\windows\hpbmdl01.dat
2006-02-09 12:17 . 2004-03-15 18:02 412 ----a-r- c:\windows\system32\HP3AIOZ6.dat
2006-02-09 12:17 . 2004-03-03 11:06 221184 ----a-r- c:\windows\system32\HP3AIOZ6.dll
2006-02-09 12:15 . 2003-10-22 16:26 196608 ------w- c:\windows\system32\hpzipr12.dll
2006-02-09 12:15 . 2003-10-22 16:19 65536 ------w- c:\windows\system32\hpzipm12.exe
2006-02-09 12:15 . 2003-10-21 00:49 266296 ------w- c:\windows\system32\hpzidr12.dll
2006-02-09 12:15 . 2003-11-21 12:42 745472 ----a-r- c:\windows\system32\hpptpml.dll
2006-02-09 12:15 . 2003-09-26 11:24 274432 ----a-r- c:\windows\system32\hpgwiamd.dll
2006-02-09 12:15 . 2003-09-16 11:12 274432 ----a-r- c:\windows\system32\hpbovset.dll
2006-02-09 12:14 . 2001-08-17 20:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2006-02-09 12:14 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2006-02-08 01:31 . 2006-02-08 01:31 563712 ----a-w- c:\documents and settings\Owner\370_gotomypc.exe
2006-02-07 20:44 . 2001-08-17 20:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2006-02-07 20:44 . 2001-08-17 20:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2006-02-07 20:43 . 2004-08-04 05:58 207360 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2006-02-07 20:43 . 2004-08-04 05:58 207360 ----a-w- c:\windows\system32\drivers\Dot4.sys
2006-02-07 20:43 . 2001-08-17 20:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2006-02-07 20:43 . 2001-08-17 20:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2006-01-26 04:00 . 2006-01-26 04:00 -------- d-----w- c:\program files\Citrix
2005-12-19 23:25 . 2005-12-19 23:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2005-11-17 22:05 . 2005-11-17 22:05 552 ----a-w- c:\windows\system32\d3d8caps.dat
2005-10-28 21:58 . 2005-10-28 22:06 8464 ----a-w- c:\windows\system32\sporder.dll
2005-10-23 00:01 . 2006-07-20 18:15 -------- d-----w- c:\program files\MSN Messenger
2005-10-12 02:20 . 2005-10-12 02:17 966737 ----a-w- c:\windows\system32\g2viewer.exe
2005-09-18 13:41 . 2005-09-18 13:41 483401 ----a-w- c:\documents and settings\Owner\314_gotomypc.exe
2005-09-07 01:16 . 2005-09-07 01:16 -------- d-----w- c:\program files\filesubmit
2005-09-07 01:12 . 2005-09-07 01:12 0 ----a-w- c:\windows\nsreg.dat
2005-09-07 01:12 . 2005-09-07 01:12 99965 ----a-w- c:\windows\UninstallFirefox.exe
2005-09-07 01:11 . 2005-09-07 01:11 2654 ----a-w- c:\windows\mozver.dat
2005-09-03 18:12 . 2005-09-03 18:12 -------- d-----w- c:\windows\system32\BWKDLogs
2005-09-03 18:12 . 2001-01-01 07:28 -------- d-----w- c:\windows\system32\color
2005-09-03 18:10 . 2001-01-01 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2005-09-03 18:09 . 2001-01-01 07:29 -------- d-----w- c:\program files\Kodak
2005-08-11 08:41 . 2005-08-11 08:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Symantec
2005-08-11 01:47 . 2005-08-11 01:47 483401 ----a-w- c:\documents and settings\Guest\gotomypc.exe
2005-08-11 01:46 . 2005-08-11 01:46 -------- d-----w- c:\documents and settings\Guest\.jpi_cache
2005-08-11 01:46 . 2005-08-11 01:46 -------- d-----w- c:\documents and settings\Guest\.java
2005-08-03 21:41 . 2005-08-03 21:41 -------- d-----w- c:\program files\minicliptoolbar toolbar
2005-08-02 03:48 . 2005-09-05 23:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Aim
2005-08-02 03:47 . 2005-09-05 23:40 -------- d-----w- c:\program files\AIM
2005-07-13 01:04 . 2005-07-13 01:04 23304 ----a-w- c:\windows\system32\GWFSPidGen.dll
2005-07-12 15:49 . 2005-07-12 15:49 -------- d-----w- c:\program files\SymNetDrv
2005-07-11 22:31 . 2005-07-11 22:31 26 ----a-w- c:\windows\winstart.bat
2005-07-11 22:31 . 2005-07-11 22:31 123 ----a-w- c:\windows\tmpcpyis.bat
2005-07-11 22:31 . 2005-07-11 22:31 122 ----a-w- c:\windows\tmpdelis.bat
2005-07-11 22:25 . 2005-07-11 22:25 -------- d-----w- c:\program files\Maxis
2005-07-11 04:15 . 1999-04-17 07:06 10752 ----a-w- c:\windows\system32\aamd532.dll
2005-07-11 04:14 . 2005-10-28 22:03 -------- d-----w- c:\program files\Common Files\WhenU
2005-07-11 04:13 . 2005-07-11 04:13 -------- d-----w- c:\program files\MyEmoticons
2005-07-11 00:49 . 2003-11-04 22:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2005-07-11 00:49 . 2004-05-14 23:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2005-07-11 00:49 . 2004-05-14 23:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2005-07-11 00:49 . 2004-05-14 23:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2005-07-11 00:49 . 2004-05-14 23:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2005-07-11 00:49 . 2004-05-14 23:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2005-07-11 00:49 . 2004-05-14 23:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2005-07-11 00:49 . 2004-01-12 09:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2005-05-31 17:20 . 2005-05-31 17:20 79432 ----a-w- c:\windows\system32\GEARAspi.dll
2005-05-26 11:16 . 2005-05-26 11:16 18200 ----a-w- c:\windows\system32\wups2.dll
2005-04-11 02:06 . 2005-04-11 02:06 -------- d-----w- c:\program files\MsnMusic
2005-04-11 02:06 . 2005-02-10 16:52 245408 ----a-w- c:\windows\system32\unicows.dll
2005-04-05 18:17 . 2005-04-05 18:17 517848 ----a-w- c:\windows\system32\SymNeti.dll
2005-04-05 18:17 . 2005-04-05 18:17 132824 ----a-w- c:\windows\system32\SymRedir.dll
2005-04-05 18:17 . 2005-04-05 18:17 267192 ----a-w- c:\windows\system32\drivers\symtdi.sys
2005-04-05 18:17 . 2005-04-05 18:17 17976 ----a-w- c:\windows\system32\drivers\symredrv.sys
2005-04-05 18:16 . 2005-04-05 18:16 36984 ----a-w- c:\windows\system32\drivers\symids.sys
2005-04-05 18:16 . 2005-04-05 18:16 47192 ----a-w- c:\windows\system32\drivers\symndis.sys
2005-04-05 18:16 . 2005-04-05 18:16 173208 ----a-w- c:\windows\system32\drivers\symfw.sys
2005-04-05 18:16 . 2005-04-05 18:16 11512 ----a-w- c:\windows\system32\drivers\symdns.sys
2005-03-31 23:02 . 2001-01-01 07:39 -------- d-----w- c:\program files\JetFighter IV
2005-03-24 22:57 . 2005-03-24 22:57 -------- d-----w- c:\program files\Games
2005-03-11 05:59 . 2005-03-11 05:59 -------- d-----w- c:\program files\Jeppesen
2005-02-28 04:45 . 2001-07-07 00:02 16302 ----a-w- c:\windows\system32\drivers\BridDFU.sys
2005-02-28 04:45 . 2005-02-28 04:45 -------- d-----w- c:\program files\Linksys WAP11
2005-02-28 04:45 . 2001-02-27 16:13 176128 ----a-w- c:\windows\system32\DartSnmp.dll
2005-02-28 04:45 . 2001-01-04 19:46 77824 ----a-w- c:\windows\system32\DartService.dll
2005-02-28 04:45 . 2001-01-04 19:42 184320 ----a-w- c:\windows\system32\DartSock.dll
2005-02-28 04:45 . 2005-02-28 04:45 -------- d-----w- C:\WAP11
2005-02-27 23:47 . 2005-02-27 23:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2005-02-27 23:47 . 2005-02-27 23:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2005-02-27 23:47 . 2006-06-01 01:40 -------- d-----w- c:\program files\QuickTime
2005-02-27 23:47 . 2005-02-27 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2005-02-27 23:47 . 2006-06-01 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2005-02-16 04:38 . 2005-02-25 00:07 -------- d-----w- c:\program files\Jets'n'Guns Demo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-05-05 09:47 . 2003-08-25 20:32 174592 ----a-w- c:\windows\system32\drivers\rdbss.sys
2006-05-05 09:41 . 2003-08-25 21:30 453120 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-04-20 11:51 . 2003-08-25 20:34 359808 ----a-w- c:\windows\system32\drivers\tcpip.sys
2006-04-19 23:41 . 2006-04-19 23:41 30544 ----a-w- c:\windows\dirdib.drv
2006-04-19 23:41 . 2006-04-19 23:41 30464 ----a-w- c:\windows\macromix.dll
2006-03-01 19:42 . 2004-12-09 15:40 91136 ----a-w- c:\windows\system32\mtxoci.dll
2006-03-01 19:42 . 2004-12-09 15:40 956416 ----a-w- c:\windows\system32\msdtctm.dll
2006-03-01 19:42 . 2004-12-09 15:40 66560 ----a-w- c:\windows\system32\mtxclu.dll
2006-03-01 19:42 . 2004-12-09 15:40 426496 ----a-w- c:\windows\system32\msdtcprx.dll
2006-03-01 19:42 . 2004-12-09 15:40 161280 ----a-w- c:\windows\system32\msdtcuiu.dll
2006-03-01 19:42 . 2003-08-25 20:34 11776 ----a-w- c:\windows\system32\xolehlp.dll
2006-01-04 03:35 . 2003-08-25 20:34 68096 ----a-w- c:\windows\system32\webclnt.dll
2005-12-29 02:54 . 2003-08-25 21:25 280064 ----a-w- c:\windows\system32\gdi32.dll
2005-10-20 22:20 . 2003-08-25 21:25 1082368 ----a-w- c:\windows\system32\esent.dll
2005-10-17 21:14 . 2003-08-25 20:34 118272 ----a-w- c:\windows\system32\t2embed.dll
2005-10-17 21:14 . 2003-08-25 21:25 80896 ----a-w- c:\windows\system32\fontsub.dll
2005-10-06 00:05 . 2003-08-25 20:34 1839488 ----a-w- c:\windows\system32\win32k.sys
2005-09-10 01:53 . 2003-08-25 21:25 2067968 ----a-w- c:\windows\system32\cdosys.dll
2005-09-01 01:41 . 2003-08-25 20:34 291840 ----a-w- c:\windows\system32\winsrv.dll
2005-08-30 03:54 . 2003-05-30 16:00 1287168 ----a-w- c:\windows\system32\quartz.dll
2005-08-23 03:35 . 2003-08-25 20:34 123392 ----a-w- c:\windows\system32\umpnpmgr.dll
2005-08-22 18:29 . 2003-08-25 20:32 197632 ----a-w- c:\windows\system32\netman.dll
2005-07-08 16:27 . 2003-08-25 20:34 249344 ----a-w- c:\windows\system32\tapisrv.dll
2005-06-29 01:46 . 2003-08-25 21:30 74240 ----a-w- c:\windows\system32\mscms.dll
2005-06-29 01:46 . 2003-08-25 21:25 254976 ----a-w- c:\windows\system32\icm32.dll
2005-06-15 17:49 . 2003-08-25 21:25 295936 ----a-w- c:\windows\system32\kerberos.dll
2005-06-10 04:09 . 2003-08-25 20:32 139528 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2005-05-27 02:04 . 2004-12-09 15:37 137216 ----a-w- c:\windows\system32\itss.dll
2005-05-27 02:04 . 2002-11-27 18:50 41472 ----a-w- c:\windows\system32\hhsetup.dll
2005-05-26 23:22 . 2002-09-22 03:13 10752 ----a-w- c:\windows\hh.exe
2005-05-26 11:16 . 2003-08-25 20:34 1343768 ----a-w- c:\windows\system32\wuaueng.dll
2005-05-26 11:16 . 2003-08-25 20:34 124184 ----a-w- c:\windows\system32\wuauclt.exe
2005-05-26 11:16 . 2003-08-25 21:25 198424 ----a-w- c:\windows\system32\iuengine.dll
2005-05-26 11:16 . 2003-08-25 21:25 75544 ----a-w- c:\windows\system32\cdm.dll
2005-05-10 23:45 . 2003-08-23 12:42 75776 ----a-w- c:\windows\system32\telnet.exe
2005-05-10 00:17 . 2003-08-25 20:33 332544 ----a-w- c:\windows\system32\drivers\srv.sys
2005-05-04 21:45 . 2003-08-25 21:31 15360 ----a-w- c:\windows\system32\msisip.dll
2005-05-04 21:45 . 2003-08-25 21:31 884736 ----a-w- c:\windows\system32\msimsg.dll
2005-05-04 21:45 . 2003-08-25 21:31 78848 ----a-w- c:\windows\system32\msiexec.exe
2005-05-04 21:45 . 2003-08-25 21:31 271360 ----a-w- c:\windows\system32\msihnd.dll
2005-05-04 21:45 . 2003-08-25 21:31 2890240 ----a-w- c:\windows\system32\msi.dll
2005-03-02 18:09 . 2003-08-25 20:34 577024 ----a-w- c:\windows\system32\user32.dll
2005-03-02 18:09 . 2003-08-25 21:25 56832 ----a-w- c:\windows\system32\authz.dll
2005-03-02 00:59 . 2003-08-25 20:32 2179328 ----a-w- c:\windows\system32\ntoskrnl.exe
2005-03-02 00:34 . 2002-08-29 08:04 2056832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2005-02-25 00:18 . 2005-02-25 00:17 69320 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-02-25 00:18 . 2005-02-25 00:17 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2005-01-22 04:31 . 2005-01-22 04:31 20 ----a-w- c:\windows\system32\drivers\SymRedir.cat
2005-01-22 04:31 . 2005-01-22 04:31 1133 ----a-w- c:\windows\system32\drivers\SymRedir.inf
2005-01-22 04:30 . 2002-08-25 05:00 124168 ----a-w- c:\windows\system32\SymStore.dll
2004-12-07 19:32 . 2003-08-25 20:33 96768 ----a-w- c:\windows\system32\srvsvc.dll
2004-11-16 21:17 . 2003-08-25 21:25 68096 ----a-w- c:\windows\system32\hlink.dll
2004-10-28 01:21 . 2003-08-25 21:30 721920 ----a-w- c:\windows\system32\lsasrv.dll
2004-09-29 22:28 . 2003-08-25 21:25 134912 ----a-w- c:\windows\system32\drivers\ipnat.sys
2004-09-23 01:45 . 2003-08-23 13:21 360176 ----a-w- c:\windows\system32\MSSCP.dll
2004-09-23 01:45 . 2003-08-23 13:21 311296 ----a-w- c:\windows\system32\MSWMDM.dll
2004-09-23 01:45 . 2003-08-23 13:21 25088 ----a-w- c:\windows\system32\MsPMSNSv.dll
2004-09-23 01:45 . 2003-08-23 13:21 169472 ----a-w- c:\windows\system32\MsPMSP.dll
2004-09-23 01:45 . 2003-08-23 13:22 141312 ----a-w- c:\windows\system32\msnetobj.dll
2004-09-23 01:45 . 2003-08-23 13:22 96768 ----a-w- c:\windows\system32\logagent.exe
2004-09-23 01:45 . 2003-08-23 13:22 6656 ----a-w- c:\windows\system32\laprxy.dll
2004-09-23 01:45 . 2003-08-23 13:22 95232 ----a-w- c:\windows\system32\drmstor.dll
2004-09-23 01:45 . 2003-08-23 13:22 527360 ----a-w- c:\windows\system32\drmv2clt.dll
2004-09-23 01:45 . 2003-08-23 13:22 253688 ----a-w- c:\windows\system32\drmclien.dll
2004-09-23 01:45 . 2003-08-23 13:22 233472 ----a-w- c:\windows\system32\blackbox.dll
2004-09-23 01:45 . 2003-08-23 13:21 161792 ----a-w- c:\windows\system32\cewmdm.dll
2004-09-23 01:45 . 2003-08-23 13:22 8192 ----a-w- c:\windows\system32\asferror.dll
2004-08-04 08:07 . 2003-08-25 21:25 1788 ----a-w- c:\windows\system32\dcache.bin
2004-08-04 08:02 . 2003-08-23 12:41 329728 ----a-w- c:\windows\system32\netsetup.exe
2004-08-04 08:01 . 2003-08-25 20:32 87176 ----a-w- c:\windows\system32\rdpwsx.dll
2004-08-04 08:01 . 2003-08-25 20:34 12168 ----a-w- c:\windows\system32\tsddd.dll
2004-08-04 08:01 . 2003-08-25 20:34 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2004-08-04 08:01 . 2003-08-25 20:34 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2004-08-04 08:01 . 2003-08-25 20:32 92168 ----a-w- c:\windows\system32\rdpdd.dll
2004-08-04 08:01 . 2003-08-23 12:49 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2004-08-04 07:55 . 2003-08-25 21:25 63488 ----a-w- c:\windows\system32\browselc.dll
2004-08-04 07:55 . 2003-08-25 21:25 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-08-04 06:15 . 2003-08-25 20:32 64896 ----a-w- c:\windows\system32\drivers\serial.sys
2004-08-04 06:15 . 2002-12-12 14:14 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2004-08-04 06:15 . 2003-08-25 20:32 107904 ----a-w- c:\windows\system32\drivers\mup.sys
2004-08-04 06:15 . 2003-08-23 12:42 574592 ----a-w- c:\windows\system32\drivers\ntfs.sys
2004-08-04 06:14 . 2003-08-25 20:32 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2004-08-04 06:14 . 2003-08-25 20:32 91776 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2004-08-04 06:14 . 2003-08-25 21:25 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2004-08-04 06:14 . 2003-08-25 20:32 182912 ----a-w- c:\windows\system32\drivers\ndis.sys
2004-08-04 06:14 . 2003-08-25 21:25 49664 ----a-w- c:\windows\system32\drivers\classpnp.sys
2004-08-04 06:14 . 2003-08-25 20:32 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys
2004-08-04 06:14 . 2003-08-25 20:32 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys
2004-08-04 06:14 . 2003-08-25 21:25 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2004-08-04 06:14 . 2003-08-25 21:25 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2004-08-04 06:14 . 2003-08-25 21:25 63744 ----a-w- c:\windows\system32\drivers\cdfs.sys
2004-08-04 06:13 . 2003-08-25 21:25 97280 ----a-w- c:\windows\system32\dpcdll.dll
2004-08-04 06:10 . 2003-08-23 13:19 85376 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2004-08-04 06:10 . 2003-08-23 13:19 19328 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2004-08-04 06:10 . 2003-08-23 13:19 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2004-08-04 06:10 . 2003-08-23 13:19 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2004-08-04 06:10 . 2003-08-23 13:19 15360 ----a-w- c:\windows\system32\drivers\streamip.sys
2004-08-04 06:10 . 2003-08-23 13:19 15360 ----a-w- c:\windows\system32\drivers\mpe.sys
2004-08-04 06:10 . 2003-08-23 13:19 11776 ----a-w- c:\windows\system32\drivers\bdasup.sys
2004-08-04 06:10 . 2003-08-23 13:19 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2005-07-16 12:41 . 2005-09-07 01:11 41573 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2005-07-16 12:41 . 2005-09-07 01:11 48223 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2005-07-16 12:41 . 2005-09-07 01:11 160871 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2006-06-16 5324584]
"RealPlayer"="c:\program files\Real\RealOne Player\realplay.exe" [2006-05-25 1003520]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-05-03 835654]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-08-23 151597]
"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 54296]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 58392]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-25 53248]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-10-26 100056]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2003-10-03 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-04-09 184320]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2006-02-09 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-01 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-05-03 323584]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Dataviz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-7-1 24576]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-9-12 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-9-12 51984]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]
Updates from HP.lnk - c:\program files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-8-23 16384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\My Games\\SmallBall Baseball\\smallball.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3757:TCP"= 3757:TCP:alpqgwoa
S2 fgcluazqt;Server Security;c:\windows\system32\svchost.exe -k netsvcs [8/25/2003 1:33 PM 14336]
S2 JEPPDRIVE;Smart Modular JeppDrive USB Driver;c:\windows\system32\Drivers\JeppD.sys --> c:\windows\system32\Drivers\JeppD.sys [?]
S2 mrtRate;mrtRate; [x]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fgcluazqt
.
Contents of the 'Scheduled Tasks' folder
2003-11-11 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-05-23 23:13]
2006-08-19 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [2002-11-15 09:31]
2006-08-24 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-29 19:24]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
mStart Page = hxxp://us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\h7ue0n4l.default\
FF - prefs.js: browser.search.selectedEngine - Google
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-<default> - (no file)
HKLM-Run-PS2 - c:\windows\system32\ps2.exe
AddRemove-{0730f573-ec62-4935-8427-06ffafaa1980} - c:\windows\system32\rlvknlg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2001-01-03 08:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fgcluazqt]
"ServiceDll"="c:\windows\system32\jyedq.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2001-01-03 8:39
ComboFix-quarantined-files.txt 2001-01-03 15:39
Pre-Run: 137,242,816,512 bytes free
Post-Run: 137,596,137,472 bytes free
- - End Of File - - A355588B87B631AB8F5539DD07ABB9F8
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:59 AM, on 1/3/2001
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?978336790187
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8947 bytes
Thanks again!
Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)
Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..
Good day Shaba,
Here is the new GMER file attached, have a great day.
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
NetSvcs::
fgcluazqt
Driver::
fgcluazqt
File::
c:\windows\system32\jyedq.dll
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Hello Shaba,
Here is the new combofix log.
Thanks
ComboFix 09-10-20.03 - Owner 01/04/2001 4:06.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.138 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FILE ::
"c:\windows\system32\jyedq.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\jyedq.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FGCLUAZQT
-------\Service_fgcluazqt
((((((((((((((((((((((((( Files Created from 2000-12-04 to 2001-01-04 )))))))))))))))))))))))))))))))
.
2006-08-16 07:22 . 2002-08-29 12:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2006-08-16 07:22 . 2002-08-29 12:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2006-08-16 07:22 . 2002-08-29 12:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2006-08-16 07:22 . 2002-08-29 12:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2006-07-20 18:15 . 2006-08-16 05:55 -------- d-----w- c:\documents and settings\Owner\Contacts
2006-06-22 10:47 . 2006-06-22 10:47 181248 -c----w- c:\windows\system32\dllcache\rasmans.dll
2006-06-16 21:34 . 2006-06-16 21:34 48936 ----a-w- c:\windows\system32\sirenacm.dll
2006-05-10 05:23 . 2006-05-10 05:23 532480 -c----w- c:\windows\system32\dllcache\mstime.dll
2006-05-10 05:23 . 2006-05-10 05:23 448512 -c----w- c:\windows\system32\dllcache\mshtmled.dll
2006-05-10 05:23 . 2006-05-10 05:23 39424 -c----w- c:\windows\system32\dllcache\pngfilt.dll
2006-05-10 05:22 . 2006-05-10 05:22 96256 -c----w- c:\windows\system32\dllcache\inseng.dll
2006-05-10 05:22 . 2006-05-10 05:22 55808 -c----w- c:\windows\system32\dllcache\extmgr.dll
2006-05-10 05:22 . 2006-05-10 05:22 357888 -c----w- c:\windows\system32\dllcache\dxtmsft.dll
2006-05-10 05:22 . 2006-05-10 05:22 205312 -c----w- c:\windows\system32\dllcache\dxtrans.dll
2006-05-10 05:22 . 2006-05-10 05:22 16384 -c----w- c:\windows\system32\dllcache\jsproxy.dll
2006-05-10 05:22 . 2006-05-10 05:22 151040 -c----w- c:\windows\system32\dllcache\cdfview.dll
2006-05-10 05:22 . 2006-05-10 05:22 1054208 -c----w- c:\windows\system32\dllcache\danim.dll
2006-05-09 14:10 . 2006-05-09 14:10 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeAUM
2006-05-09 11:00 . 2006-05-09 11:00 18432 -c----w- c:\windows\system32\dllcache\iedw.exe
2006-05-05 09:47 . 2006-05-05 09:47 174592 -c----w- c:\windows\system32\dllcache\rdbss.sys
2006-05-05 09:41 . 2006-05-05 09:41 453120 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2006-05-03 21:42 . 2006-05-03 22:55 3167744 ----a-w- c:\documents and settings\Owner\gosetup.exe
2006-04-24 02:55 . 2001-01-01 07:25 -------- d-----w- c:\program files\Destroyer Command
2006-04-20 11:51 . 2006-04-20 11:51 359808 -c----w- c:\windows\system32\dllcache\tcpip.sys
2006-04-19 23:47 . 2006-04-19 23:49 297 ----a-w- c:\windows\EReg072.dat
2006-04-19 23:45 . 2006-04-19 23:45 -------- d-----w- c:\program files\Electronic Arts
2006-04-19 23:40 . 2006-04-19 23:40 -------- d-----w- C:\VADV
2006-04-18 21:14 . 2006-04-18 21:14 147495 ----a-w- c:\windows\system32\rmocx.dll
2006-03-17 00:38 . 2006-03-17 00:38 28672 ------w- c:\windows\system32\verclsid.exe
2006-02-09 12:24 . 2006-02-09 12:24 -------- d-----w- c:\windows\Hewlett-Packard
2006-02-09 12:22 . 2004-02-04 17:22 40960 ----a-w- c:\windows\system32\d4channel.dll
2006-02-09 12:22 . 2003-07-02 18:15 61440 ----a-w- c:\windows\system32\PMLJNI.dll
2006-02-09 12:22 . 2003-06-20 17:21 36864 ----a-w- c:\windows\system32\hpbmmjno.dll
2006-02-09 12:22 . 2003-06-16 21:52 74752 ----a-w- c:\windows\system32\jst.dll
2006-02-09 12:21 . 2006-02-09 12:23 -------- d--h--w- c:\program files\Zero G Registry
2006-02-09 12:18 . 2003-07-25 19:20 61699 ----a-w- c:\windows\system32\HPZinw12.exe
2006-02-09 12:18 . 2003-07-21 21:24 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2006-02-09 12:18 . 2003-07-21 21:24 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2006-02-09 12:18 . 2003-12-10 20:32 49152 ----a-r- c:\windows\system32\hpbprnfx.exe
2006-02-09 12:18 . 2006-02-09 12:18 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2006-02-09 12:17 . 2006-02-09 12:19 13438 ----a-w- c:\windows\hpbins01.dat
2006-02-09 12:17 . 2004-04-08 12:39 1380 ------w- c:\windows\hpbmdl01.dat
2006-02-09 12:17 . 2004-03-15 18:02 412 ----a-r- c:\windows\system32\HP3AIOZ6.dat
2006-02-09 12:17 . 2004-03-03 11:06 221184 ----a-r- c:\windows\system32\HP3AIOZ6.dll
2006-02-09 12:15 . 2003-10-22 16:26 196608 ------w- c:\windows\system32\hpzipr12.dll
2006-02-09 12:15 . 2003-10-22 16:19 65536 ------w- c:\windows\system32\hpzipm12.exe
2006-02-09 12:15 . 2003-10-21 00:49 266296 ------w- c:\windows\system32\hpzidr12.dll
2006-02-09 12:15 . 2003-11-21 12:42 745472 ----a-r- c:\windows\system32\hpptpml.dll
2006-02-09 12:15 . 2003-09-26 11:24 274432 ----a-r- c:\windows\system32\hpgwiamd.dll
2006-02-09 12:15 . 2003-09-16 11:12 274432 ----a-r- c:\windows\system32\hpbovset.dll
2006-02-09 12:14 . 2001-08-17 20:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2006-02-09 12:14 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2006-02-08 01:31 . 2006-02-08 01:31 563712 ----a-w- c:\documents and settings\Owner\370_gotomypc.exe
2006-02-07 20:44 . 2001-08-17 20:47 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2006-02-07 20:44 . 2001-08-17 20:47 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2006-02-07 20:43 . 2004-08-04 05:58 207360 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2006-02-07 20:43 . 2004-08-04 05:58 207360 ----a-w- c:\windows\system32\drivers\Dot4.sys
2006-02-07 20:43 . 2001-08-17 20:47 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2006-02-07 20:43 . 2001-08-17 20:47 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2006-01-26 04:00 . 2006-01-26 04:00 -------- d-----w- c:\program files\Citrix
2005-12-19 23:25 . 2005-12-19 23:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2005-11-17 22:05 . 2005-11-17 22:05 552 ----a-w- c:\windows\system32\d3d8caps.dat
2005-10-28 21:58 . 2005-10-28 22:06 8464 ----a-w- c:\windows\system32\sporder.dll
2005-10-23 00:01 . 2006-07-20 18:15 -------- d-----w- c:\program files\MSN Messenger
2005-10-12 02:20 . 2005-10-12 02:17 966737 ----a-w- c:\windows\system32\g2viewer.exe
2005-09-18 13:41 . 2005-09-18 13:41 483401 ----a-w- c:\documents and settings\Owner\314_gotomypc.exe
2005-09-07 01:16 . 2005-09-07 01:16 -------- d-----w- c:\program files\filesubmit
2005-09-07 01:12 . 2005-09-07 01:12 0 ----a-w- c:\windows\nsreg.dat
2005-09-07 01:12 . 2005-09-07 01:12 99965 ----a-w- c:\windows\UninstallFirefox.exe
2005-09-07 01:11 . 2005-09-07 01:11 2654 ----a-w- c:\windows\mozver.dat
2005-09-03 18:12 . 2005-09-03 18:12 -------- d-----w- c:\windows\system32\BWKDLogs
2005-09-03 18:12 . 2001-01-01 07:28 -------- d-----w- c:\windows\system32\color
2005-09-03 18:10 . 2001-01-01 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2005-09-03 18:09 . 2001-01-01 07:29 -------- d-----w- c:\program files\Kodak
2005-08-11 08:41 . 2005-08-11 08:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Symantec
2005-08-11 01:47 . 2005-08-11 01:47 483401 ----a-w- c:\documents and settings\Guest\gotomypc.exe
2005-08-11 01:46 . 2005-08-11 01:46 -------- d-----w- c:\documents and settings\Guest\.jpi_cache
2005-08-11 01:46 . 2005-08-11 01:46 -------- d-----w- c:\documents and settings\Guest\.java
2005-08-03 21:41 . 2005-08-03 21:41 -------- d-----w- c:\program files\minicliptoolbar toolbar
2005-08-02 03:48 . 2005-09-05 23:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Aim
2005-08-02 03:47 . 2005-09-05 23:40 -------- d-----w- c:\program files\AIM
2005-07-13 01:04 . 2005-07-13 01:04 23304 ----a-w- c:\windows\system32\GWFSPidGen.dll
2005-07-12 15:49 . 2005-07-12 15:49 -------- d-----w- c:\program files\SymNetDrv
2005-07-11 22:31 . 2005-07-11 22:31 26 ----a-w- c:\windows\winstart.bat
2005-07-11 22:31 . 2005-07-11 22:31 123 ----a-w- c:\windows\tmpcpyis.bat
2005-07-11 22:31 . 2005-07-11 22:31 122 ----a-w- c:\windows\tmpdelis.bat
2005-07-11 22:25 . 2005-07-11 22:25 -------- d-----w- c:\program files\Maxis
2005-07-11 04:15 . 1999-04-17 07:06 10752 ----a-w- c:\windows\system32\aamd532.dll
2005-07-11 04:14 . 2005-10-28 22:03 -------- d-----w- c:\program files\Common Files\WhenU
2005-07-11 04:13 . 2005-07-11 04:13 -------- d-----w- c:\program files\MyEmoticons
2005-07-11 00:49 . 2003-11-04 22:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2005-07-11 00:49 . 2004-05-14 23:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2005-07-11 00:49 . 2004-05-14 23:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2005-07-11 00:49 . 2004-05-14 23:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2005-07-11 00:49 . 2004-05-14 23:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2005-07-11 00:49 . 2004-05-14 23:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2005-07-11 00:49 . 2004-05-14 23:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2005-07-11 00:49 . 2004-01-12 09:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2005-05-31 17:20 . 2005-05-31 17:20 79432 ----a-w- c:\windows\system32\GEARAspi.dll
2005-05-26 11:16 . 2005-05-26 11:16 18200 ----a-w- c:\windows\system32\wups2.dll
2005-04-11 02:06 . 2005-04-11 02:06 -------- d-----w- c:\program files\MsnMusic
2005-04-11 02:06 . 2005-02-10 16:52 245408 ----a-w- c:\windows\system32\unicows.dll
2005-04-05 18:17 . 2005-04-05 18:17 517848 ----a-w- c:\windows\system32\SymNeti.dll
2005-04-05 18:17 . 2005-04-05 18:17 132824 ----a-w- c:\windows\system32\SymRedir.dll
2005-04-05 18:17 . 2005-04-05 18:17 267192 ----a-w- c:\windows\system32\drivers\symtdi.sys
2005-04-05 18:17 . 2005-04-05 18:17 17976 ----a-w- c:\windows\system32\drivers\symredrv.sys
2005-04-05 18:16 . 2005-04-05 18:16 36984 ----a-w- c:\windows\system32\drivers\symids.sys
2005-04-05 18:16 . 2005-04-05 18:16 47192 ----a-w- c:\windows\system32\drivers\symndis.sys
2005-04-05 18:16 . 2005-04-05 18:16 173208 ----a-w- c:\windows\system32\drivers\symfw.sys
2005-04-05 18:16 . 2005-04-05 18:16 11512 ----a-w- c:\windows\system32\drivers\symdns.sys
2005-03-31 23:02 . 2001-01-01 07:39 -------- d-----w- c:\program files\JetFighter IV
2005-03-24 22:57 . 2005-03-24 22:57 -------- d-----w- c:\program files\Games
2005-03-11 05:59 . 2005-03-11 05:59 -------- d-----w- c:\program files\Jeppesen
2005-02-28 04:45 . 2001-07-07 00:02 16302 ----a-w- c:\windows\system32\drivers\BridDFU.sys
2005-02-28 04:45 . 2005-02-28 04:45 -------- d-----w- c:\program files\Linksys WAP11
2005-02-28 04:45 . 2001-02-27 16:13 176128 ----a-w- c:\windows\system32\DartSnmp.dll
2005-02-28 04:45 . 2001-01-04 19:46 77824 ----a-w- c:\windows\system32\DartService.dll
2005-02-28 04:45 . 2001-01-04 19:42 184320 ----a-w- c:\windows\system32\DartSock.dll
2005-02-28 04:45 . 2005-02-28 04:45 -------- d-----w- C:\WAP11
2005-02-27 23:47 . 2005-02-27 23:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2005-02-27 23:47 . 2005-02-27 23:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2005-02-27 23:47 . 2006-06-01 01:40 -------- d-----w- c:\program files\QuickTime
2005-02-27 23:47 . 2005-02-27 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2005-02-27 23:47 . 2006-06-01 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2005-02-16 04:38 . 2005-02-25 00:07 -------- d-----w- c:\program files\Jets'n'Guns Demo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-05-05 09:47 . 2003-08-25 20:32 174592 ----a-w- c:\windows\system32\drivers\rdbss.sys
2006-05-05 09:41 . 2003-08-25 21:30 453120 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-04-20 11:51 . 2003-08-25 20:34 359808 ------w- c:\windows\system32\drivers\tcpip.sys
2006-04-19 23:41 . 2006-04-19 23:41 30544 ----a-w- c:\windows\dirdib.drv
2006-04-19 23:41 . 2006-04-19 23:41 30464 ----a-w- c:\windows\macromix.dll
2006-03-01 19:42 . 2004-12-09 15:40 91136 ----a-w- c:\windows\system32\mtxoci.dll
2006-03-01 19:42 . 2004-12-09 15:40 956416 ----a-w- c:\windows\system32\msdtctm.dll
2006-03-01 19:42 . 2004-12-09 15:40 66560 ----a-w- c:\windows\system32\mtxclu.dll
2006-03-01 19:42 . 2004-12-09 15:40 426496 ----a-w- c:\windows\system32\msdtcprx.dll
2006-03-01 19:42 . 2004-12-09 15:40 161280 ----a-w- c:\windows\system32\msdtcuiu.dll
2006-03-01 19:42 . 2003-08-25 20:34 11776 ----a-w- c:\windows\system32\xolehlp.dll
2006-01-04 03:35 . 2003-08-25 20:34 68096 ----a-w- c:\windows\system32\webclnt.dll
2005-12-29 02:54 . 2003-08-25 21:25 280064 ----a-w- c:\windows\system32\gdi32.dll
2005-10-20 22:20 . 2003-08-25 21:25 1082368 ----a-w- c:\windows\system32\esent.dll
2005-10-17 21:14 . 2003-08-25 20:34 118272 ----a-w- c:\windows\system32\t2embed.dll
2005-10-17 21:14 . 2003-08-25 21:25 80896 ----a-w- c:\windows\system32\fontsub.dll
2005-10-06 00:05 . 2003-08-25 20:34 1839488 ----a-w- c:\windows\system32\win32k.sys
2005-09-10 01:53 . 2003-08-25 21:25 2067968 ----a-w- c:\windows\system32\cdosys.dll
2005-09-01 01:41 . 2003-08-25 20:34 291840 ----a-w- c:\windows\system32\winsrv.dll
2005-08-30 03:54 . 2003-05-30 16:00 1287168 ----a-w- c:\windows\system32\quartz.dll
2005-08-23 03:35 . 2003-08-25 20:34 123392 ----a-w- c:\windows\system32\umpnpmgr.dll
2005-08-22 18:29 . 2003-08-25 20:32 197632 ------w- c:\windows\system32\netman.dll
2005-07-08 16:27 . 2003-08-25 20:34 249344 ------w- c:\windows\system32\tapisrv.dll
2005-06-29 01:46 . 2003-08-25 21:30 74240 ----a-w- c:\windows\system32\mscms.dll
2005-06-29 01:46 . 2003-08-25 21:25 254976 ----a-w- c:\windows\system32\icm32.dll
2005-06-15 17:49 . 2003-08-25 21:25 295936 ----a-w- c:\windows\system32\kerberos.dll
2005-06-10 04:09 . 2003-08-25 20:32 139528 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2005-05-27 02:04 . 2004-12-09 15:37 137216 ----a-w- c:\windows\system32\itss.dll
2005-05-27 02:04 . 2002-11-27 18:50 41472 ----a-w- c:\windows\system32\hhsetup.dll
2005-05-26 23:22 . 2002-09-22 03:13 10752 ----a-w- c:\windows\hh.exe
2005-05-26 11:16 . 2003-08-25 20:34 1343768 ----a-w- c:\windows\system32\wuaueng.dll
2005-05-26 11:16 . 2003-08-25 20:34 124184 ------w- c:\windows\system32\wuauclt.exe
2005-05-26 11:16 . 2003-08-25 21:25 198424 ----a-w- c:\windows\system32\iuengine.dll
2005-05-26 11:16 . 2003-08-25 21:25 75544 ----a-w- c:\windows\system32\cdm.dll
2005-05-10 23:45 . 2003-08-23 12:42 75776 ----a-w- c:\windows\system32\telnet.exe
2005-05-10 00:17 . 2003-08-25 20:33 332544 ----a-w- c:\windows\system32\drivers\srv.sys
2005-05-04 21:45 . 2003-08-25 21:31 15360 ----a-w- c:\windows\system32\msisip.dll
2005-05-04 21:45 . 2003-08-25 21:31 884736 ----a-w- c:\windows\system32\msimsg.dll
2005-05-04 21:45 . 2003-08-25 21:31 78848 ----a-w- c:\windows\system32\msiexec.exe
2005-05-04 21:45 . 2003-08-25 21:31 271360 ----a-w- c:\windows\system32\msihnd.dll
2005-05-04 21:45 . 2003-08-25 21:31 2890240 ----a-w- c:\windows\system32\msi.dll
2005-03-02 18:09 . 2003-08-25 20:34 577024 ------w- c:\windows\system32\user32.dll
2005-03-02 18:09 . 2003-08-25 21:25 56832 ----a-w- c:\windows\system32\authz.dll
2005-03-02 00:59 . 2003-08-25 20:32 2179328 ------w- c:\windows\system32\ntoskrnl.exe
2005-03-02 00:34 . 2002-08-29 08:04 2056832 ------w- c:\windows\system32\ntkrnlpa.exe
2005-02-25 00:18 . 2005-02-25 00:17 69320 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-02-25 00:18 . 2005-02-25 00:17 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2005-01-22 04:31 . 2005-01-22 04:31 20 ----a-w- c:\windows\system32\drivers\SymRedir.cat
2005-01-22 04:31 . 2005-01-22 04:31 1133 ----a-w- c:\windows\system32\drivers\SymRedir.inf
2005-01-22 04:30 . 2002-08-25 05:00 124168 ----a-w- c:\windows\system32\SymStore.dll
2004-12-07 19:32 . 2003-08-25 20:33 96768 ----a-w- c:\windows\system32\srvsvc.dll
2004-11-16 21:17 . 2003-08-25 21:25 68096 ----a-w- c:\windows\system32\hlink.dll
2004-10-28 01:21 . 2003-08-25 21:30 721920 ----a-w- c:\windows\system32\lsasrv.dll
2004-09-29 22:28 . 2003-08-25 21:25 134912 ----a-w- c:\windows\system32\drivers\ipnat.sys
2004-09-23 01:45 . 2003-08-23 13:21 360176 ----a-w- c:\windows\system32\MSSCP.dll
2004-09-23 01:45 . 2003-08-23 13:21 311296 ----a-w- c:\windows\system32\MSWMDM.dll
2004-09-23 01:45 . 2003-08-23 13:21 25088 ------w- c:\windows\system32\MsPMSNSv.dll
2004-09-23 01:45 . 2003-08-23 13:21 169472 ----a-w- c:\windows\system32\MsPMSP.dll
2004-09-23 01:45 . 2003-08-23 13:22 141312 ----a-w- c:\windows\system32\msnetobj.dll
2004-09-23 01:45 . 2003-08-23 13:22 96768 ----a-w- c:\windows\system32\logagent.exe
2004-09-23 01:45 . 2003-08-23 13:22 6656 ----a-w- c:\windows\system32\laprxy.dll
2004-09-23 01:45 . 2003-08-23 13:22 95232 ----a-w- c:\windows\system32\drmstor.dll
2004-09-23 01:45 . 2003-08-23 13:22 527360 ----a-w- c:\windows\system32\drmv2clt.dll
2004-09-23 01:45 . 2003-08-23 13:22 253688 ----a-w- c:\windows\system32\drmclien.dll
2004-09-23 01:45 . 2003-08-23 13:22 233472 ----a-w- c:\windows\system32\blackbox.dll
2004-09-23 01:45 . 2003-08-23 13:21 161792 ----a-w- c:\windows\system32\cewmdm.dll
2004-09-23 01:45 . 2003-08-23 13:22 8192 ----a-w- c:\windows\system32\asferror.dll
2004-08-04 08:07 . 2003-08-25 21:25 1788 ----a-w- c:\windows\system32\dcache.bin
2004-08-04 08:02 . 2003-08-23 12:41 329728 ----a-w- c:\windows\system32\netsetup.exe
2004-08-04 08:01 . 2003-08-25 20:32 87176 ----a-w- c:\windows\system32\rdpwsx.dll
2004-08-04 08:01 . 2003-08-25 20:34 12168 ----a-w- c:\windows\system32\tsddd.dll
2004-08-04 08:01 . 2003-08-25 20:34 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2004-08-04 08:01 . 2003-08-25 20:34 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2004-08-04 08:01 . 2003-08-25 20:32 92168 ----a-w- c:\windows\system32\rdpdd.dll
2004-08-04 08:01 . 2003-08-23 12:49 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2004-08-04 07:55 . 2003-08-25 21:25 63488 ----a-w- c:\windows\system32\browselc.dll
2004-08-04 07:55 . 2003-08-25 21:25 285696 ----a-w- c:\windows\system32\atmfd.dll
2004-08-04 06:15 . 2003-08-25 20:32 64896 ----a-w- c:\windows\system32\drivers\serial.sys
2004-08-04 06:15 . 2002-12-12 14:14 140928 ----a-w- c:\windows\system32\drivers\ks.sys
2004-08-04 06:15 . 2003-08-25 20:32 107904 ----a-w- c:\windows\system32\drivers\mup.sys
2004-08-04 06:15 . 2003-08-23 12:42 574592 ------w- c:\windows\system32\drivers\ntfs.sys
2004-08-04 06:14 . 2003-08-25 20:32 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2004-08-04 06:14 . 2003-08-25 20:32 91776 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2004-08-04 06:14 . 2003-08-25 21:25 74752 ----a-w- c:\windows\system32\drivers\ipsec.sys
2004-08-04 06:14 . 2003-08-25 20:32 182912 ------w- c:\windows\system32\drivers\ndis.sys
2004-08-04 06:14 . 2003-08-25 21:25 49664 ----a-w- c:\windows\system32\drivers\classpnp.sys
2004-08-04 06:14 . 2003-08-25 20:32 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys
2004-08-04 06:14 . 2003-08-25 20:32 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys
2004-08-04 06:14 . 2003-08-25 21:25 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2004-08-04 06:14 . 2003-08-25 21:25 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2004-08-04 06:14 . 2003-08-25 21:25 63744 ----a-w- c:\windows\system32\drivers\cdfs.sys
2004-08-04 06:13 . 2003-08-25 21:25 97280 ----a-w- c:\windows\system32\dpcdll.dll
2004-08-04 06:10 . 2003-08-23 13:19 85376 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2004-08-04 06:10 . 2003-08-23 13:19 19328 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2004-08-04 06:10 . 2003-08-23 13:19 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2004-08-04 06:10 . 2003-08-23 13:19 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2004-08-04 06:10 . 2003-08-23 13:19 15360 ----a-w- c:\windows\system32\drivers\streamip.sys
2004-08-04 06:10 . 2003-08-23 13:19 15360 ----a-w- c:\windows\system32\drivers\mpe.sys
2004-08-04 06:10 . 2003-08-23 13:19 11776 ----a-w- c:\windows\system32\drivers\bdasup.sys
2004-08-04 06:10 . 2003-08-23 13:19 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2005-07-16 12:41 . 2005-09-07 01:11 41573 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2005-07-16 12:41 . 2005-09-07 01:11 48223 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2005-07-16 12:41 . 2005-09-07 01:11 160871 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((( SnapShot@2001-01-03_15.35.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-01-04 05:21 . 2001-01-04 05:21 68961 c:\windows\system32\drivers\gmer.sys
+ 2001-01-04 05:21 . 2001-01-04 05:20 573440 c:\windows\gmer.exe
+ 2001-01-04 05:21 . 2001-01-04 05:21 565311 c:\windows\gmer.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2006-06-16 5324584]
"RealPlayer"="c:\program files\Real\RealOne Player\realplay.exe" [2006-05-25 1003520]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-05-03 835654]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-08-23 151597]
"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 54296]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 58392]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-25 53248]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-10-26 100056]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2003-10-03 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-04-09 184320]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2006-02-09 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-01 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-05-03 323584]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Dataviz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-7-1 24576]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-9-12 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-9-12 51984]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]
Updates from HP.lnk - c:\program files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-8-23 16384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\My Games\\SmallBall Baseball\\smallball.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3757:TCP"= 3757:TCP:alpqgwoa
S2 JEPPDRIVE;Smart Modular JeppDrive USB Driver;c:\windows\system32\Drivers\JeppD.sys --> c:\windows\system32\Drivers\JeppD.sys [?]
S2 mrtRate;mrtRate; [x]
.
Contents of the 'Scheduled Tasks' folder
2003-11-11 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-05-23 23:13]
2006-08-19 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [2002-11-15 09:31]
2006-08-24 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-29 19:24]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://srch-us9.hpwis.com/
mStart Page = hxxp://us9.hpwis.com/
mSearch Bar = hxxp://srch-us9.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\h7ue0n4l.default\
FF - prefs.js: browser.search.selectedEngine - Google
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2001-01-04 04:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\program files\Softex\OmniPass\opxpgina.dll
- - - - - - - > 'explorer.exe'(484)
c:\windows\system32\nView.dll
c:\windows\System32\msls31.dll
c:\windows\System32\shdoclc.dll
c:\windows\System32\msimtf.dll
c:\windows\System32\MSCTF.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\brss01a.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\combofix\CF20954.exe
c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Messenger\msmsgs.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2001-01-04 4:28 - machine was rebooted
ComboFix-quarantined-files.txt 2001-01-04 11:28
ComboFix2.txt 2001-01-03 15:39
Pre-Run: 137,594,888,192 bytes free
Post-Run: 137,493,827,584 bytes free
- - End Of File - - 2D12B353004F514499CACAA6BEAD73DB
Looks better :)
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Hello Shaba,
The computer is running better now, but some web sites are still blocked.
I cant get the browser to load Kaspersy or Microsoft web sites. Any ideas?
Thanks texsun
That then might indicate that conficker is still present.
Are you able to access them via webproxy (www.myproxy.ca)?
Hello Shaba,
I was able to connect through the proxy web site, but got attacked somehow by another piece of malware before I could run the scan. A bogus anti-virus program has installed itself and is preventing access to the Kaspersky site even via proxy. At this point Windows will not completely load.
Thanks Texsun
I see.
Are you able to use another computer for transferring logs/tools?
Hello Shaba,
Yes there is another computer available for transferring tools and files.
Have a good day
Good :)
Please download and run this (http://support.kaspersky.com/faq?chapter=207800963&print=true&qid=208279973). Let me know if it helped.
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
Everyone else please begin a New Topic.