-
I dont use any virus protection other than Spybot. My computer is too old to run them constantly and efficiently, which is the same reason i dont have a firewall. And i dont have a lot of room on my hard drive. I dont download things very often and im very careful when i do. The only two times i've had to post in this forum are when my friend michael gave me a virus, and when my sister gave me a virus.
Hijack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:23 AM, on 4/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\program files\ncsoft\launcher\NCLauncher.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aaron\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gunbound.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: Mount Virtual Drive.lnk = C:\Program Files\Walker Brothers\MountVD\MountVD.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wil...d=menu_ie_link
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wil...enu_ie_exclude
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wil...menu_ie_report
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.1.87.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...9/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1...datePortal.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/...jolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...45/mcfscan.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - (no file)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - (no file)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 15582 bytes
Combofix Log
ComboFix 09-04-25.01 - Aaron 04/26/2009 4:34.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.653 [GMT -7:00]
Running from: c:\documents and settings\Aaron\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Aaron\Desktop\CFScript.txt
FW: COMODO Firewall Pro *enabled*
* Created a new restore point
FILE ::
c:\documents and settings\Aaron\Desktop\aimb0YdXL.exe
c:\documents and settings\Aaron\Desktop\Aimboyd.rar
c:\documents and settings\Aaron\My Documents\Incomplete\T-4315505-vagina song desandnate (rare track).snd
c:\documents and settings\Aaron\My Documents\Incomplete\T-460090-2 am alexz johnson two guys shoot their cream inside hot girl's tight ass [cumshot].mp3
c:\documents and settings\Aaron\My Documents\My Music\brokencyde dieing to live CD quality.mp3
c:\documents and settings\Aaron\My Documents\My Music\dealer dj s3rl.mp3
c:\documents and settings\Aaron\My Documents\My Music\dieing to live brokencyde.mp3
c:\documents and settings\Aaron\My Documents\My Music\dieing to live brokencyde.wma
c:\documents and settings\Aaron\My Documents\My Music\djs3rl weekend has come(hot remix).mp3
c:\documents and settings\Aaron\My Documents\My Music\forever gamer.mp3
c:\documents and settings\Aaron\My Documents\My Music\i dont care apocalypictia MTV.mp3
c:\documents and settings\Aaron\My Documents\My Music\im on boat lonley island.mp3
c:\documents and settings\Aaron\My Documents\My Music\korn clown.mp3
c:\documents and settings\Aaron\My Documents\My Music\so hard 2 take brokencyde.mp3
c:\documents and settings\Aaron\My Documents\My Music\so hard to take brokencyde.mp3
c:\documents and settings\Aaron\My Documents\My Music\taking lyfe from me acoustic MTV.mp3
c:\documents and settings\Aaron\My Documents\My Received Files\aimboydxl.zip
c:\documents and settings\LocalService\Desktop\ca_setup(2).exe
c:\documents and settings\LocalService\Desktop\ca_setup.exe
c:\program files\Cain\Abel.exe
c:\program files\Mobius\GunBoundWC\SEXInjector.dll
c:\program files\Mobius\GunBoundWC\SEXLoader.exe
c:\program files\Silkroad\ServerList.exe
c:\windows\Sewmsv.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Aaron\Desktop\aimb0YdXL.exe
c:\documents and settings\Aaron\Desktop\Aimboyd.rar
c:\documents and settings\Aaron\My Documents\Incomplete\T-4315505-vagina song desandnate (rare track).snd
c:\documents and settings\Aaron\My Documents\Incomplete\T-460090-2 am alexz johnson two guys shoot their cream inside hot girl's tight ass [cumshot].mp3
c:\documents and settings\Aaron\My Documents\My Music\brokencyde dieing to live CD quality.mp3
c:\documents and settings\Aaron\My Documents\My Music\dealer dj s3rl.mp3
c:\documents and settings\Aaron\My Documents\My Music\dieing to live brokencyde.mp3
c:\documents and settings\Aaron\My Documents\My Music\dieing to live brokencyde.wma
c:\documents and settings\Aaron\My Documents\My Music\djs3rl weekend has come(hot remix).mp3
c:\documents and settings\Aaron\My Documents\My Music\forever gamer.mp3
c:\documents and settings\Aaron\My Documents\My Music\i dont care apocalypictia MTV.mp3
c:\documents and settings\Aaron\My Documents\My Music\im on boat lonley island.mp3
c:\documents and settings\Aaron\My Documents\My Music\korn clown.mp3
c:\documents and settings\Aaron\My Documents\My Music\so hard 2 take brokencyde.mp3
c:\documents and settings\Aaron\My Documents\My Music\so hard to take brokencyde.mp3
c:\documents and settings\Aaron\My Documents\My Music\taking lyfe from me acoustic MTV.mp3
c:\documents and settings\Aaron\My Documents\My Received Files\aimboydxl.zip
c:\documents and settings\LocalService\Desktop\ca_setup(2).exe
c:\documents and settings\LocalService\Desktop\ca_setup.exe
c:\program files\Cain\Abel.exe
c:\program files\Mobius\GunBoundWC\SEXInjector.dll
c:\program files\Mobius\GunBoundWC\SEXLoader.exe
c:\program files\Silkroad\ServerList.exe
c:\windows\Sewmsv.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.
2009-04-24 22:53 . 2009-04-24 22:53 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-24 22:53 . 2009-04-24 22:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-23 07:25 . 2009-04-23 07:25 -------- d-----w c:\program files\ERUNT
2009-04-23 06:32 . 2009-04-23 06:32 -------- d-----w c:\program files\Safer Networking
2009-04-16 22:12 . 2009-03-06 14:44 283648 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 22:12 . 2009-02-09 10:20 399360 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 22:12 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 22:12 . 2009-02-06 17:14 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 22:12 . 2009-02-06 16:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 22:12 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 22:12 . 2005-07-26 04:39 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-16 22:12 . 2009-02-09 10:20 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 22:12 . 2009-02-09 10:20 616960 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 22:12 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 22:11 . 2009-03-27 07:09 1193414 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 22:11 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 02:10 . 2009-04-14 02:10 268 ---ha-w C:\sqmdata04.sqm
2009-04-14 02:10 . 2009-04-14 02:10 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-08 06:41 . 2009-04-25 00:21 -------- d-----w c:\documents and settings\Aaron\Application Data\Skype
2009-04-08 06:41 . 2009-04-08 06:41 -------- d-----r c:\program files\Skype
2009-04-08 06:41 . 2009-04-08 06:41 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 11:35 . 2007-12-30 01:55 -------- d-----w c:\program files\Silkroad
2009-04-26 11:35 . 2008-02-09 03:53 -------- d-----w c:\program files\Cain
2009-04-25 05:14 . 2005-03-27 19:10 -------- d-----w c:\program files\Common Files\Adobe
2009-04-24 22:53 . 2005-03-04 22:18 -------- d-----w c:\program files\Java
2009-04-24 22:30 . 2005-03-04 22:13 1743 ----a-w C:\SMax.log
2009-04-23 06:01 . 2005-08-22 02:52 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-23 05:56 . 2005-08-22 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-18 07:52 . 2008-06-17 07:42 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 14:18 . 2009-03-21 14:18 986112 ------w c:\windows\SYSTEM32\DLLCACHE\kernel32.dll
2009-03-16 14:39 . 2005-09-27 23:56 -------- d-s---w c:\program files\Xfire
2009-03-16 06:45 . 2007-07-01 12:36 -------- d--h--w c:\documents and settings\Aaron\Application Data\ijjigame
2009-03-16 05:54 . 2009-03-16 05:54 1417 ----a-w C:\cmdline.txt
2009-03-15 07:54 . 2005-09-27 23:56 -------- d-----w c:\documents and settings\Aaron\Application Data\Xfire
2009-03-11 22:21 . 2009-03-11 22:21 268 ---ha-w C:\sqmdata03.sqm
2009-03-11 22:21 . 2009-03-11 22:21 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-06 14:44 . 2004-08-04 11:00 283648 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-03 00:18 . 2007-10-10 23:56 826368 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
2009-03-03 00:18 . 2004-08-04 11:00 826368 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-02-28 04:54 . 2007-10-10 10:59 636072 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2009-02-26 18:46 . 2009-02-26 18:46 42320 ----a-w c:\windows\SYSTEM32\xfcodec.dll
2009-02-20 10:20 . 2007-10-10 10:59 70656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2009-02-20 10:20 . 2007-10-10 10:59 13824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2009-02-20 05:14 . 2007-10-10 05:46 161792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2009-02-09 10:20 . 2007-11-07 09:26 723456 ------w c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll
2009-02-09 10:20 . 2004-08-04 11:00 723456 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 10:20 . 2004-08-04 11:00 399360 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 10:20 . 2004-08-04 11:00 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 10:20 . 2004-08-04 11:00 616960 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 10:19 . 2008-03-19 09:47 1846272 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-09 10:19 . 2004-08-04 11:00 1846272 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-06 17:24 . 2008-10-15 23:51 2180480 ------w c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe
2009-02-06 17:22 . 2008-10-15 23:51 2136064 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2009-02-06 17:22 . 1980-01-01 06:00 2136064 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 17:14 . 2004-08-04 11:00 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 16:54 . 2004-08-04 11:00 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 16:49 . 2008-10-15 23:51 2057728 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2009-02-06 16:49 . 2008-10-15 23:51 2015744 ------w c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe
2009-02-06 16:49 . 1980-01-01 06:00 2015744 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-03 20:08 . 2009-02-03 20:08 55808 ------w c:\windows\SYSTEM32\DLLCACHE\secur32.dll
2009-02-03 20:08 . 2004-08-04 11:00 55808 ----a-w c:\windows\SYSTEM32\secur32.dll
2008-07-31 22:38 . 2005-03-12 06:01 69552 ----a-w c:\documents and settings\Aaron\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-05-11 21:45 . 2006-05-11 21:45 82536 ----a-w c:\documents and settings\Administrator.ARAKNID\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-03-29 15:49 . 2006-03-29 15:49 9583368 ----a-w c:\documents and settings\Aaron\DesktopDoctor1.5.1.exe
2005-08-21 11:14 . 2005-08-21 11:14 9346144 ------w c:\program files\DivXCreate.exe
2005-08-14 04:49 . 2005-08-14 04:49 774144 ----a-w c:\program files\RngInterstitial.dll
2005-03-21 05:12 . 2005-03-21 05:12 128 ----a-w c:\documents and settings\Aaron\Local Settings\Application Data\fusioncache.dat
2003-09-03 14:46 . 2006-10-14 02:25 10960 ----a-w c:\program files\EULA.txt
2008-12-23 08:2005-08-13 03:45 51:14 . c:\program files\mozilla firefox\components\jar50.dll
2008-12-23 08:2005-08-13 03:45 51:15 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-23 08:2006-12-26 17:18 51:15 . c:\program files\mozilla firefox\components\myspell.dll
2008-12-23 08:2006-12-26 17:18 51:21 . c:\program files\mozilla firefox\components\spellchk.dll
2008-12-23 08:2005-08-13 03:45 51:22 . c:\program files\mozilla firefox\components\xpinstal.dll
2007-04-30 01:52 . 2006-11-13 00:10 848 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-24_20.01.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-24 22:53 . 2009-04-24 22:53 16384 c:\windows\temp\Perflib_Perfdata_c10.dat
+ 2009-04-24 22:53 . 2009-04-24 22:53 148888 c:\windows\SYSTEM32\javaws.exe
+ 2009-04-24 22:53 . 2009-04-24 22:53 144792 c:\windows\SYSTEM32\javaw.exe
+ 2009-04-24 22:53 . 2009-04-24 22:53 144792 c:\windows\SYSTEM32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe" [2005-05-09 192512]
"PlayNC Launcher"="c:\program files\ncsoft\launcher\NCLauncher.exe" [2009-04-17 38136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools\daemon.exe" [2008-08-08 490952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-28 24103720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-15 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-06 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-14 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-14 277296]
"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 36904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920]
"VirusScannerPro"="c:\progra~1\AVANQU~1\Fix-It\MemCheck.exe" [2007-09-01 173312]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2007-11-16 166304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-17 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2007-10-05 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-25 218496]
c:\documents and settings\Aaron\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [1998-6-6 325632]
Mount Virtual Drive.lnk - c:\program files\Walker Brothers\MountVD\MountVD.exe [2005-2-5 430080]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Starcraft\\starcraft.exe"=
"c:\\Valve\\Steam\\SteamApps\\araknid77\\counter-strike source\\hl2.exe"=
"c:\\Valve\\Steam\\SteamApps\\araknid77\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\BYOND\\bin\\byond.exe"=
"c:\\Program Files\\Guild Wars\\Gw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\ScifienceStudios\\ChexQuest\\Legacy.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Program Files\\trillian\\trillian.exe"=
"c:\\Program Files\\StarportGE\\GEClient.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Defcon\\defcon.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Ad Muncher\\AdMunch.exe"=
"c:\\Documents and Settings\\Aaron\\Desktop\\New Folder (2)\\Red_Vex.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 Fadpu16E;Fadpu16E; [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-17 2794234]
R3 Revolution1;Revolution1;c:\documents and settings\Aaron\Desktop\Revolution_8.3\Revolution_Engine_8.3_ShaK3\SHAK3.sys [2007-07-02 20864]
R3 SysInfo;SysInfo;c:\program files\PlayOnline\SquareEnix\PlayOnlineViewer\polcfg\SysInfo.sys [2007-05-21 6912]
R3 TSHAK3T1;TSHAK3T1; [x]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-02-15 2368]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-05-20 93696]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{474366b0-e908-11d9-8d06-00038a000015}]
\Shell\AutoRun\command - f:\jdsecure\Windows\JDSecure31.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2005-03-28 c:\windows\Tasks\DFRG.job
- c:\windows\SYSTEM32\DFRG.MSC [2004-08-04 11:00]
2009-04-26 c:\windows\Tasks\SDMsgUpdate (SmartDrawTrial).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2005-12-25 18:09]
2005-04-25 c:\windows\Tasks\WebReg 20050424214649.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 08:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gunbound.ijji.com/
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_wil...d=menu_ie_link
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wil...enu_ie_exclude
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wil...menu_ie_report
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\krhpll0a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/xx-bork/
FF - component: c:\progra~1\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\SiteAdvisor\6261\FF\components\FFHook.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 04:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3349751597-659321019-3976771729-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-3349751597-659321019-3976771729-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9e,f1,65,10,46,87,24,0f,62,8c,69,21,9f,ee,e5,1c,84,5f,06,ce,cb,10,8b,
03,b6,51,4f,94,12,66,03,bf,c8,ea,43,17,1b,d7,d2,90,b5,cc,ba,0d,99,5e,3b,6a,\
"??"=hex:6e,af,73,41,78,1c,c8,aa,45,dc,4e,03,b3,67,6c,ad
[HKEY_USERS\S-1-5-21-3349751597-659321019-3976771729-1006\Software\SecuROM\License information*]
"datasecu"=hex:69,13,a7,05,21,7b,9d,64,d4,df,d4,1f,75,8d,c6,ff,b4,31,2d,52,d6,
6f,e6,70,ba,dc,9f,75,ec,b5,76,b7,94,c2,85,57,de,d8,ee,25,9c,f1,a1,ff,cc,bc,\
"rkeysecu"=hex:f2,bd,75,b6,a6,ef,3d,87,fb,d6,0d,c3,81,dc,7b,3a
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-26 4:44
ComboFix-quarantined-files.txt 2009-04-26 11:43
ComboFix2.txt 2009-04-25 17:12
ComboFix3.txt 2009-04-24 22:40
ComboFix4.txt 2009-04-24 20:11
Pre-Run: 6,553,432,064 bytes free
Post-Run: 6,518,136,832 bytes free
321 --- E O F --- 2009-04-17 10:07
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
