Please help

Posted 9/22/2007 2:26 PM
#54016
User avatar

will215 Member

Date Joined Nov 2016
Total Posts: 4
Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 8:01:33 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Advanced Privacy Protector\pptray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.shareware.us/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://aimtoday.aol.com/today/aimtoday.adp?type=2&product=9&platform=1&channel=336&build=6089&SN=DFLFGEHMENCO&CC=BHNH&PC=HDLNDJCBBA&segment=0&UTC=1162772994&LT=1162754994&nlogin=101
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O2 - BHO: Norton Personal Firewall 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Personal Firewall 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Nulware] C:\WINDOWS\System32\nulware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [NI.UGDC_0003_N108M2407] "C:\Documents and Settings\willaim Lee\Desktop\installer_en.exe" -nag
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [AdvPrivProt] C:\Program Files\Advanced Privacy Protector\pptray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\ControlPad\Misc\a_menu.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - https://67.15.101.3/g_bin/eng/poker_2_0_0_46.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - https://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - https://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: msmhost - {93FF4DFA-988E-4272-B0B6-DD5268E187A3} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {ACC8B220-FBD5-4A2A-ABD7-112DA3A74292} - C:\WINDOWS\msmdev.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



anti-spyware log



AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:52:31 AM 9/18/2007

+ Scan result:



C:\WINDOWS\Downloaded Program Files\RCX41.tmp -> Adware.180Solutions : No action taken.
C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP552\A0128400.exe -> Adware.Maxifiles : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP552\A0128446.exe -> Adware.Maxifiles : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP548\A0118724.exe -> Adware.UltimateDefender : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP552\A0128394.exe -> Adware.UltimateDefender : No action taken.
C:\WINDOWS\msmdev.dll -> Downloader.Agent.dag : No action taken.
[2780] C:\WINDOWS\msmdev.dll -> Downloader.Agent.dag : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP523\A0115822.exe -> Downloader.Zlob.bvj : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP480\A0110003.exe -> Dropper.Small : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP480\A0110030.exe -> Dropper.Small : No action taken.
C:\Documents and Settings\willaim Lee\Desktop\installer_en.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : No action taken.
C:\System Volume Information\_restore{5AE6A13B-5306-4D47-A6DB-B710F764CD6F}\RP548\A0120725.exe -> Not-A-Virus.Downloader.Win32.WinFixer.z : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@nielsen.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@3.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@ehg-yahoo.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@hotlog[1].txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\willaim Lee\Cookies\willaim_lee@yadro[1].txt -> TrackingCookie.Yadro : No action taken.


::Report end



Rootlog



OOTCHK-(17-09-07)-LOG, by ejvindh
Sat 09/22/2007 10:06:18.72

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2007-09-22 10:06:20
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...
C:\WINDOWS\win.tmp
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\winpoet_postinstallation.txt
C:\WINDOWS\WinPoET_PreInstallation.txt
C:\WINDOWS\WinSxS
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WMSysPrx.prx
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
C:\WINDOWS\_SETUPD_.EXE

hidden processes: 0
hidden services: 0
hidden files: 15

Combofix log

ComboFix 07-09-21.2 - "willaim Lee" 2007-09-21 18:28:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.126 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\WILLAI~1\Desktop\installer_en.exe
C:\DOCUME~1\WILLAI~1\FAVORI~1\Error Cleaner.url
C:\DOCUME~1\WILLAI~1\FAVORI~1\Privacy Protector.url
C:\DOCUME~1\WILLAI~1\FAVORI~1\Spyware&Malware Protection.url
C:\Program Files\Common Files\download
C:\Program Files\Common Files\download\3DEmoticons.zip
C:\Program Files\Common Files\inetget2
C:\Program Files\Common Files\windows
C:\Program Files\Common Files\windows\AutoIt3.exe
C:\Program Files\dns
C:\Program Files\dns\affid.dat
C:\Program Files\dns\cwebpage.dll
C:\Program Files\dns\uid.dat
C:\Program Files\dns\urls.dat
C:\Program Files\dns\version.txt
C:\Program Files\dns\x.bmp
C:\Program Files\Ultimate Defender
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\Uninstall.exe
c:\RECYCLER\desktopA.sys
C:\WINDOWS\dat.txt
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\msmdev.dll
C:\WINDOWS\msmhost.dll
C:\WINDOWS\nsduo.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\wmpdev.dll
C:\WINDOWS\wmphost.dll

.
((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-21 18:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 20:35 <DIR> d-------- C:\Program Files\CCleaner
2007-09-17 20:06 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-16 19:16 <DIR> d-------- C:\HijackThis
2007-09-14 19:57 <DIR> d-------- C:\Program Files\Spyware Medic
2007-09-12 07:03 <DIR> d-------- C:\eea76f180bf833a187b8a56b8d1c66
2007-09-10 16:45 <DIR> d-------- C:\ac15180f32e97f35c622abd5e6
2007-09-10 15:25 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-09-10 15:25 <DIR> d-------- C:\Program Files\Crawler
2007-09-10 15:25 <DIR> d-------- C:\DOCUME~1\WILLAI~1\APPLIC~1\Spyware Terminator
2007-09-10 15:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-09-05 18:15 <DIR> d-------- C:\DOCUME~1\WILLAI~1\APPLIC~1\Spyware Medic
2007-09-05 14:49 <DIR> d-------- C:\Program Files\Advanced Privacy Protector
2007-09-03 11:27 <DIR> d-------- C:\DOCUME~1\WILLAI~1\APPLIC~1\Google
2007-09-03 11:22 <DIR> d-------- C:\DOCUME~1\WILLAI~1\APPLIC~1\PC Tools
2007-09-03 11:20 22,528 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
2007-09-03 11:20 15,872 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
2007-09-03 11:20 15,872 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
2007-09-03 11:20 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2007-09-03 11:20 <DIR> d-------- C:\Program Files\Google
2007-09-03 11:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2007-09-03 11:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-09-01 16:17 <DIR> d-------- C:\Program Files\SpyRemover
2007-09-01 16:16 <DIR> d-------- C:\DOCUME~1\WILLAI~1\APPLIC~1\Viewpoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 18:34 --------- d-------- C:\DOCUME~1\WILLAI~1\APPLIC~1\uTorrent
2007-09-20 18:28 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-03 15:06 --------- d-------- C:\Program Files\BearShare
2007-08-18 19:38 --------- d-------- C:\Program Files\PartyGaming
2007-07-30 13:16 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-24 22:46 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 22:45 --------- d-------- C:\Program Files\BeamFile
2007-07-24 22:44 --------- d-------- C:\Program Files\AIM+
2007-07-20 20:06 --------- d-------- C:\Program Files\Common Files\Vbox
2007-02-12 20:05 24192 --a--c--- C:\DOCUME~1\WILLAI~1\usbsermptxp.sys
2007-02-12 20:05 22768 --a--c--- C:\DOCUME~1\WILLAI~1\usbsermpt.sys
2006-11-17 13:35 5552 --a--c--- C:\DOCUME~1\WILLAI~1\APPLIC~1\FNTCACHE.BIN
2006-08-22 14:37 774144 --a------ C:\Program Files\RngInterstitial.dll
2005-11-21 15:15 1736 --a--c--- C:\Program Files\main.ini
2005-07-13 15:02 34929897 --a------ C:\Program Files\MS_LITE.exe
2005-04-02 22:06:41 91,136 --sh--w C:\WINDOWS\system32\nulware.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Nulware"="C:\WINDOWS\System32\nulware.exe" [2005-04-02 18:06]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-23 16:43]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 13:06]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-05-17 11:41]
"NI.UGDC_0003_N108M2407"="C:\Documents and Settings\willaim Lee\Desktop\installer_en.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Aim6"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2007-05-17 11:41]
"AdvPrivProt"="C:\Program Files\Advanced Privacy Protector\pptray.exe" [2002-10-30 18:24]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-20 20:06:11]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= https://www.gmer.net
Rootkit scan 2007-09-21 18:36:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\win.tmp
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\winpoet_postinstallation.txt
C:\WINDOWS\WinPoET_PreInstallation.txt
C:\WINDOWS\WinSxS
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WMSysPrx.prx
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
C:\WINDOWS\_SETUPD_.EXE

scan completed successfully
hidden files: 15

**************************************************************************
.
Completion time: 2007-09-21 18:40:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 18:40
.
--- E O F ---
Hi...any questions?...juz msg me..thanks
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, December 2, 2022, 2:01 PM (GMT +1)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
59 Guest(s), 0 Registered Member(s) are currently online.