QUOTE
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:28:12, on 02/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\john\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Flashget] "C:\PROGRA~1\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Intralove] "C:\ProgramData\poke eggs eggs.ahm6ot"
O4 - HKCU\..\Run: [Proc Deaf Delete Peak] "C:\ProgramData\rule media play.dk9l3"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 7601 bytes
Scan saved at 13:28:12, on 02/12/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\john\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Flashget] "C:\PROGRA~1\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Intralove] "C:\ProgramData\poke eggs eggs.ahm6ot"
O4 - HKCU\..\Run: [Proc Deaf Delete Peak] "C:\ProgramData\rule media play.dk9l3"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 7601 bytes
thanx
this is the COMBOFIX file
QUOTE
ComboFix 07-12-02.5 - john 2007-12-02 14:16:07.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1992 [GMT 0:00]
Running from: C:\Users\john\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\john\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.
2007-12-02 09:27 . 2007-12-02 09:28 <DIR> d-------- C:\Users\All Users\Adobe
2007-12-02 09:27 . 2007-12-02 09:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-02 09:03 . 2007-12-02 09:03 <DIR> d-------- C:\Users\All Users\CheckPoint
2007-12-02 09:03 . 2007-12-02 09:03 <DIR> d-------- C:\ProgramData\CheckPoint
2007-12-02 00:08 . 2007-12-02 00:08 <DIR> dr-h----- C:\Users\john\AppData\Roaming\SecuROM
2007-12-02 00:08 . 2007-12-02 00:11 <DIR> d-------- C:\Users\john\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2007-12-02 00:08 . 2007-12-02 00:08 98,304 --a------ C:\Windows\system32CmdLineExt.dll
2007-12-02 00:06 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2007-12-01 23:53 . 2007-12-01 23:53 <DIR> d-------- C:\Program Files\Electronic Arts
2007-11-30 15:52 . 2007-11-30 15:52 <DIR> d-------- C:\Program Files\Atari
2007-11-29 23:36 . 2007-11-29 23:46 1,905 --a------ C:\Windows\diagwrn.xml
2007-11-29 23:36 . 2007-11-29 23:46 1,905 --a------ C:\Windows\diagerr.xml
2007-11-28 19:54 . 2007-11-28 19:54 <DIR> d-------- C:\Users\All Users\TEMP
2007-11-28 19:54 . 2007-11-28 19:54 <DIR> d-------- C:\ProgramData\TEMP
2007-11-28 19:50 . 2007-11-28 19:51 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2007-11-28 18:31 . 2007-11-28 18:31 311,296 --a------ C:\Windows\System32\mswmdm.dll
2007-11-28 18:31 . 2007-11-28 18:31 36,864 --a------ C:\Windows\System32\wmdmps.dll
2007-11-28 18:31 . 2007-11-28 18:31 31,744 --a------ C:\Windows\System32\wmdmlog.dll
2007-11-28 17:28 . 2007-11-28 17:28 <DIR> d-------- C:\Users\All Users\vsosdk
2007-11-28 17:28 . 2007-11-28 17:28 <DIR> d-------- C:\ProgramData\vsosdk
2007-11-28 17:15 . 2007-11-28 17:15 <DIR> d-------- C:\Users\john\AppData\Roaming\Nero
2007-11-28 17:15 . 2007-11-28 17:15 <DIR> d-------- C:\Program Files\Nero
2007-11-28 17:15 . 2007-11-28 17:15 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-28 17:15 . 2007-08-03 12:48 3,036,456 --a------ C:\Windows\System32\BCGCBPRO860u80.dll
2007-11-28 17:15 . 2006-03-17 12:45 1,757,184 --a------ C:\Windows\System32\imagX7.dll
2007-11-28 17:15 . 2006-03-17 12:45 802,816 --a------ C:\Windows\System32\imagXRA7.dll
2007-11-28 17:15 . 2006-03-17 12:45 497,296 --a------ C:\Windows\System32\imagXpr7.dll
2007-11-28 17:15 . 2006-03-17 15:49 368,640 --a------ C:\Windows\System32\TwnLib4.dll
2007-11-28 17:15 . 2006-03-17 12:45 258,048 --a------ C:\Windows\System32\imagXR7.dll
2007-11-28 17:15 . 2007-08-03 12:48 33,576 --a------ C:\Windows\System32\BCGPOleAcc.dll
2007-11-27 23:08 . 2007-11-27 23:08 <DIR> d-------- C:\Program Files\Google
2007-11-27 20:49 . 2007-11-27 20:49 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-27 20:35 . 2007-12-01 23:49 <DIR> d-------- C:\Downloads
2007-11-27 20:34 . 2007-11-27 20:34 <DIR> d-------- C:\Users\john\AppData\Roaming\FlashGet
2007-11-27 20:34 . 2007-11-27 23:12 <DIR> d-------- C:\Program Files\FlashGet
2007-11-27 20:25 . 2007-11-27 20:39 <DIR> d-------- C:\Program Files\LeechGet 2007
2007-11-27 17:30 . 2007-11-28 23:31 <DIR> d-------- C:\Users\All Users\Messenger Plus!
2007-11-27 17:30 . 2007-11-28 23:31 <DIR> d-------- C:\ProgramData\Messenger Plus!
2007-11-27 17:10 . 2007-11-27 17:10 <DIR> d-------- C:\Program Files\phenomedia
2007-11-27 17:07 . 2007-11-27 17:07 <DIR> d-------- C:\Users\john\AppData\Roaming\Media Player Classic
2007-11-27 17:06 . 2007-11-27 17:06 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-27 17:00 . 2007-11-27 17:01 <DIR> d-------- C:\Users\All Users\PARTSCRCURB
2007-11-27 17:00 . 2007-11-27 17:00 <DIR> d-------- C:\Users\All Users\file joy proc deaf
2007-11-27 17:00 . 2007-11-27 17:01 <DIR> d-------- C:\ProgramData\PARTSCRCURB
2007-11-27 17:00 . 2007-11-27 17:00 <DIR> d-------- C:\ProgramData\file joy proc deaf
2007-11-27 16:59 . 2007-11-27 16:59 <DIR> d-------- C:\Program Files\Windows Live
2007-11-27 16:59 . 2007-11-27 16:59 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-11-27 16:59 . 2007-11-27 16:59 <DIR> d-------- C:\Program Files\Adverts
2007-11-27 16:27 . 2007-11-30 15:35 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-11-27 16:26 . 2007-11-27 16:26 <DIR> d-------- C:\Windows\PCHEALTH
2007-11-27 16:26 . 2007-11-27 16:59 <DIR> d-------- C:\Program Files\MSN Messenger
2007-11-26 22:18 . 2007-11-26 22:18 <DIR> d-------- C:\Windows\th-TH
2007-11-26 22:18 . 2007-11-26 22:18 <DIR> d-------- C:\Windows\System32\drivers\th-TH
2007-11-26 22:12 . 2007-12-02 09:15 476,638 --a------ C:\Windows\System32\perfh01D.dat
2007-11-26 22:12 . 2007-11-26 22:09 290,490 --a------ C:\Windows\System32\perfi01D.dat
2007-11-26 22:12 . 2007-12-02 09:15 85,592 --a------ C:\Windows\System32\perfc01D.dat
2007-11-26 22:12 . 2007-11-26 22:09 35,978 --a------ C:\Windows\System32\perfd01D.dat
2007-11-26 22:10 . 2007-11-26 22:10 <DIR> d-------- C:\Windows\System32\sv
2007-11-26 22:10 . 2007-11-26 22:10 <DIR> d-------- C:\Windows\System32\drivers\sv-SE
2007-11-26 22:10 . 2007-11-26 22:10 <DIR> d-------- C:\Windows\System32\041D
2007-11-26 22:10 . 2007-11-26 22:10 <DIR> d-------- C:\Windows\sv-SE
2007-11-26 08:12 . 2007-11-26 08:12 1,152,000 --a------ C:\Windows\System32\themecpl.dll
2007-11-26 08:12 . 2007-11-26 08:12 233,888 --a------ C:\Windows\System32\DreamScene.dll
2007-11-26 08:11 . 2007-11-26 08:11 <DIR> d-------- C:\Program Files\BitLocker
2007-11-26 08:11 . 2007-11-26 08:11 1,171,848 --a------ C:\Windows\System32\SecureKeyBackupCPL.dll
2007-11-26 08:11 . 2007-11-26 08:11 711 --a------ C:\Windows\System32\CPSOKBTasks.xml
2007-11-26 08:03 . 2007-11-26 08:45 <DIR> d-------- C:\Users\All Users\NVIDIA
2007-11-26 08:03 . 2007-11-26 08:45 <DIR> d-------- C:\ProgramData\NVIDIA
2007-11-26 07:57 . 2007-11-26 07:57 2,048 --a------ C:\Windows\System32\tzres.dll
2007-11-26 07:55 . 2007-11-26 07:55 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-11-26 07:55 . 2007-11-26 07:55 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-11-26 07:55 . 2007-11-26 07:55 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-11-26 07:55 . 2007-11-26 07:55 4,096 --a------ C:\Windows\System32\msdxm.ocx
2007-11-26 07:55 . 2007-11-26 07:55 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-11-26 07:53 . 2007-11-26 07:53 1,824,768 --a------ C:\Windows\System32\inetcpl.cpl
2007-11-26 07:53 . 2007-11-26 07:53 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2007-11-26 07:53 . 2007-11-26 07:53 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-11-26 07:53 . 2007-11-26 07:53 737,792 --a------ C:\Windows\System32\inetcomm.dll
2007-11-26 07:53 . 2007-11-26 07:53 84,480 --a------ C:\Windows\System32\INETRES.dll
2007-11-26 07:53 . 2007-11-26 07:53 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2007-11-26 07:52 . 2007-11-26 07:52 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-26 07:35 . 2007-11-27 20:37 <DIR> d-------- C:\Program Files\Smart DVD CD Burner
2007-11-26 07:32 . 2007-11-28 17:40 <DIR> d-------- C:\Users\john\AppData\Roaming\Vso
2007-11-26 07:32 . 2007-11-26 07:32 <DIR> d-------- C:\Users\All Users\Google
2007-11-26 07:32 . 2007-11-26 07:32 <DIR> d-------- C:\Program Files\VSO
2007-11-26 07:32 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2007-11-26 07:32 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2007-11-26 07:32 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2007-11-26 07:32 . 2007-11-26 07:32 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2007-11-26 07:32 . 2007-11-26 07:32 47,360 --a------ C:\Users\john\AppData\Roaming\pcouffin.sys
2007-11-26 07:27 . 2007-11-26 07:27 1,156 --a------ C:\Windows\mozver.dat
2007-11-26 07:20 . 2007-11-26 07:20 0 --a------ C:\Windows\nsreg.dat
2007-11-26 07:16 . 2007-11-26 07:16 <DIR> d-------- C:\Program Files\Earth 3D Screensaver
2007-11-26 07:15 . 2007-11-26 07:15 <DIR> d-------- C:\Windows\System32\3Planesoft
2007-11-26 07:15 . 2007-11-26 07:15 <DIR> d-------- C:\Program Files\Christmas 3D Screensaver
2007-11-26 07:15 . 2007-11-26 07:16 <DIR> d-------- C:\Program Files\3Planesoft Screensaver Manager
2007-11-26 06:43 . 2007-12-02 12:10 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2007-11-26 06:40 . 2007-11-26 06:40 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2007-11-26 06:40 . 2007-11-26 06:40 <DIR> d-------- C:\Users\All Users\Raxco
2007-11-26 06:40 . 2007-11-26 06:40 <DIR> d-------- C:\ProgramData\Raxco
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 09:07 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Sidebar
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Photo Gallery
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Mail
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Journal
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Defender
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Collaboration
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Calendar
2007-11-26 08:10 --------- d-----w C:\Program Files\Microsoft Games
2007-11-26 07:58 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-26 07:58 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-26 07:58 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-26 07:58 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-26 07:58 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-26 07:58 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-26 07:58 3,471,544 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-26 07:58 299,008 ----a-w C:\Windows\System32\wlansec.dll
2007-11-26 07:58 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-26 07:58 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-26 07:58 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-26 07:58 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-26 07:58 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2007-11-26 07:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-11-26 07:53 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-11-25 16:59 174 --sha-w C:\Program Files\desktop.ini
2007-09-28 17:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-09-28 17:05 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-09-28 17:05 739,840 ----a-w C:\Windows\System32\divx.dll
2007-09-12 05:28 86,016 ----a-w C:\Windows\System32\nvsvc.dll
2007-09-12 05:28 81,920 ----a-w C:\Windows\System32\nvmctray.dll
2007-09-12 05:28 8,497,696 ----a-w C:\Windows\System32\nvcpl.dll
2007-09-12 05:28 753,664 ----a-w C:\Windows\System32\nvcplui.exe
2007-09-12 05:28 6,942,720 ----a-w C:\Windows\System32\nvoglv32.dll
2007-09-12 05:28 6,344,704 ----a-w C:\Windows\System32\nvdisps.dll
2007-09-12 05:28 5,509,120 ----a-w C:\Windows\System32\nvdispsr.dll
2007-09-12 05:28 458,752 ----a-w C:\Windows\System32\nvmccssr.dll
2007-09-12 05:28 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
2007-09-12 05:28 4,988,928 ----a-w C:\Windows\System32\nvd3dum.dll
2007-09-12 05:28 364,544 ----a-w C:\Windows\System32\nvapi.dll
2007-09-12 05:28 36,864 ----a-w C:\Windows\System32\nvcod100.dll
2007-09-12 05:28 36,864 ----a-w C:\Windows\System32\nvcod.dll
2007-09-12 05:28 356,352 ----a-w C:\Windows\System32\nvuninst.exe
2007-09-12 05:28 356,352 ----a-w C:\Windows\System32\nvudisp.exe
2007-09-12 05:28 307,200 ----a-w C:\Windows\System32\nvexpbar.dll
2007-09-12 05:28 3,629,056 ----a-w C:\Windows\System32\nvvitvsr.dll
2007-09-12 05:28 3,551,232 ----a-w C:\Windows\System32\nvvitvs.dll
2007-09-12 05:28 3,334,144 ----a-w C:\Windows\System32\nvgames.dll
2007-09-12 05:28 3,166,208 ----a-w C:\Windows\System32\nvgamesr.dll
2007-09-12 05:28 229,376 ----a-w C:\Windows\System32\nvmccs.dll
2007-09-12 05:28 2,854,912 ----a-w C:\Windows\System32\nvmoblsr.dll
2007-09-12 05:28 2,441,216 ----a-w C:\Windows\System32\nvwssr.dll
2007-09-12 05:28 2,371,584 ----a-w C:\Windows\System32\nvwss.dll
2007-09-12 05:28 188,416 ----a-w C:\Windows\System32\nvmccss.dll
2007-09-12 05:28 147,456 ----a-w C:\Windows\System32\nvcolor.exe
2007-09-12 05:28 1,521,664 ----a-w C:\Windows\System32\nvwgf2um.dll
2007-09-12 05:28 1,150,976 ----a-w C:\Windows\System32\nvmobls.dll
2007-09-12 05:28 1,073,152 ----a-w C:\Windows\System32\nvcpluir.dll
2007-09-04 17:56 164,352 ----a-w C:\Windows\System32\unrar.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 12:33]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Intralove"="C:\ProgramData\poke eggs eggs.ahm6ot" [2007-11-27 17:00]
"Proc Deaf Delete Peak"="C:\ProgramData\rule media play.dk9l3" [2007-11-27 17:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2007-11-27 23:08]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 14:09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-02 04:33]
"RTHDCPL"="RTHDCPL.EXE" []
"SkyTel"="SkyTel.EXE" []
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 08:14 C:\Windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" []
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10]
"NvSvc"="RUNDLL32.exe" [2006-11-02 09:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 09:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 09:45 C:\Windows\System32\rundll32.exe]
"Flashget"="C:\PROGRA~1\FlashGet\FlashGet.exe" [2007-11-27 23:12]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdcBase.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-04 05:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
R0 nvstor32;nvstor32;C:\Windows\system32\DRIVERS\nvstor32.sys
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\Windows\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}
S3 winusb;WinUsb Driver;C:\Windows\system32\DRIVERS\winusb.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService wlansvc UmRdpService EMDMgmt WPDBusEnum TabletInputService UxSms
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c2dfb1e-9b77-11dc-9c15-806e6f6e6963}]
\shell\AutoRun\command - D:\autorun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-02 13:20:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 14:18:33
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-02 14:19:15
.
--- E O F ---
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1992 [GMT 0:00]
Running from: C:\Users\john\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\john\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.
2007-12-02 09:27 . 2007-12-02 09:28 <DIR> d-------- C:\Users\All Users\Adobe
2007-12-02 09:27 . 2007-12-02 09:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-02 09:03 . 2007-12-02 09:03 <DIR> d-------- C:\Users\All Users\CheckPoint
2007-12-02 09:03 . 2007-12-02 09:03 <DIR> d-------- C:\ProgramData\CheckPoint
2007-12-02 00:08 . 2007-12-02 00:08 <DIR> dr-h----- C:\Users\john\AppData\Roaming\SecuROM
2007-12-02 00:08 . 2007-12-02 00:11 <DIR> d-------- C:\Users\john\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2007-12-02 00:08 . 2007-12-02 00:08 98,304 --a------ C:\Windows\system32CmdLineExt.dll
2007-12-02 00:06 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2007-12-01 23:53 . 2007-12-01 23:53 <DIR> d-------- C:\Program Files\Electronic Arts
2007-11-30 15:52 . 2007-11-30 15:52 <DIR> d-------- C:\Program Files\Atari
2007-11-29 23:36 . 2007-11-29 23:46 1,905 --a------ C:\Windows\diagwrn.xml
2007-11-29 23:36 . 2007-11-29 23:46 1,905 --a------ C:\Windows\diagerr.xml
2007-11-28 19:54 . 2007-11-28 19:54 <DIR> d-------- C:\Users\All Users\TEMP
2007-11-28 19:54 . 2007-11-28 19:54 <DIR> d-------- C:\ProgramData\TEMP
2007-11-28 19:50 . 2007-11-28 19:51 <DIR> d-------- C:\Program Files\WinAVI MP4 Converter
2007-11-28 18:31 . 2007-11-28 18:31 311,296 --a------ C:\Windows\System32\mswmdm.dll
2007-11-28 18:31 . 2007-11-28 18:31 36,864 --a------ C:\Windows\System32\wmdmps.dll
2007-11-28 18:31 . 2007-11-28 18:31 31,744 --a------ C:\Windows\System32\wmdmlog.dll
2007-11-28 17:28 . 2007-11-28 17:28 <DIR> d-------- C:\Users\All Users\vsosdk
2007-11-28 17:28 . 2007-11-28 17:28 <DIR> d-------- C:\ProgramData\vsosdk
2007-11-28 17:15 . 2007-11-28 17:15 <DIR> d-------- C:\Users\john\AppData\Roaming\Nero
2007-11-28 17:15 . 2007-11-28 17:15 <DIR> d-------- C:\Program Files\Nero
2007-11-28 17:15 . 2007-11-28 17:15 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-28 17:15 . 2007-08-03 12:48 3,036,456 --a------ C:\Windows\System32\BCGCBPRO860u80.dll
2007-11-28 17:15 . 2006-03-17 12:45 1,757,184 --a------ C:\Windows\System32\imagX7.dll
2007-11-28 17:15 . 2006-03-17 12:45 802,816 --a------ C:\Windows\System32\imagXRA7.dll
2007-11-28 17:15 . 2006-03-17 12:45 497,296 --a------ C:\Windows\System32\imagXpr7.dll
2007-11-28 17:15 . 2006-03-17 15:49 368,640 --a------ C:\Windows\System32\TwnLib4.dll
2007-11-28 17:15 . 2006-03-17 12:45 258,048 --a------ C:\Windows\System32\imagXR7.dll
2007-11-28 17:15 . 2007-08-03 12:48 33,576 --a------ C:\Windows\System32\BCGPOleAcc.dll
2007-11-27 23:08 . 2007-11-27 23:08 <DIR> d-------- C:\Program Files\Google
2007-11-27 20:49 . 2007-11-27 20:49 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-27 20:35 . 2007-12-01 23:49 <DIR> d-------- C:\Downloads
2007-11-27 20:34 . 2007-11-27 20:34 <DIR> d-------- C:\Users\john\AppData\Roaming\FlashGet
2007-11-27 20:34 . 2007-11-27 23:12 <DIR> d-------- C:\Program Files\FlashGet
2007-11-27 20:25 . 2007-11-27 20:39 <DIR> d-------- C:\Program Files\LeechGet 2007
2007-11-27 17:30 . 2007-11-28 23:31 <DIR> d-------- C:\Users\All Users\Messenger Plus!
2007-11-27 17:30 . 2007-11-28 23:31 <DIR> d-------- C:\ProgramData\Messenger Plus!
2007-11-27 17:10 . 2007-11-27 17:10 <DIR> d-------- C:\Program Files\phenomedia
2007-11-27 17:07 . 2007-11-27 17:07 <DIR> d-------- C:\Users\john\AppData\Roaming\Media Player Classic
2007-11-27 17:06 . 2007-11-27 17:06 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-27 17:00 . 2007-11-27 17:01 <DIR> d-------- C:\Users\All Users\PARTSCRCURB
2007-11-27 17:00 . 2007-11-27 17:00 <DIR> d-------- C:\Users\All Users\file joy proc deaf
2007-11-27 17:00 . 2007-11-27 17:01 <DIR> d-------- C:\ProgramData\PARTSCRCURB
2007-11-27 17:00 . 2007-11-27 17:00 <DIR> d-------- C:\ProgramData\file joy proc deaf
2007-11-27 16:59 . 2007-11-27 16:59 <DIR> d-------- C:\Program Files\Windows Live
2007-11-27 16:59 . 2007-11-27 16:59 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-11-27 16:59 . 2007-11-27 16:59 <DIR> d-------- C:\Program Files\Adverts
2007-11-27 16:27 . 2007-11-30 15:35 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-11-27 16:26 . 2007-11-27 16:26 <DIR> d-------- C:\Windows\PCHEALTH
2007-11-27 16:26 . 2007-11-27 16:59 <DIR> d-------- C:\Program Files\MSN Messenger
2007-11-26 22:18 . 2007-11-26 22:18 <DIR> d-------- C:\Windows\th-TH
2007-11-26 22:18 . 2007-11-26 22:18 <DIR> d-------- C:\Windows\System32\drivers\th-TH
2007-11-26 22:12 . 2007-12-02 09:15 476,638 --a------ C:\Windows\System32\perfh01D.dat
2007-11-26 22:12 . 2007-11-26 22:09 290,490 --a------ C:\Windows\System32\perfi01D.dat
2007-11-26 22:12 . 2007-12-02 09:15 85,592 --a------ C:\Windows\System32\perfc01D.dat
2007-11-26 22:12 . 2007-11-26 22:09 35,978 --a------ C:\Windows\System32\perfd01D.dat
2007-11-26 22:10 . 2007-11-26 22:10 <DIR> d-------- C:\Windows\System32\sv
2007-11-26 22:10 . 2007-11-26 22:10 <DIR> d-------- C:\Windows\System32\drivers\sv-SE
2007-11-26 22:10 . 2007-11-26 22:10 <DIR> d-------- C:\Windows\System32\041D
2007-11-26 22:10 . 2007-11-26 22:10 <DIR> d-------- C:\Windows\sv-SE
2007-11-26 08:12 . 2007-11-26 08:12 1,152,000 --a------ C:\Windows\System32\themecpl.dll
2007-11-26 08:12 . 2007-11-26 08:12 233,888 --a------ C:\Windows\System32\DreamScene.dll
2007-11-26 08:11 . 2007-11-26 08:11 <DIR> d-------- C:\Program Files\BitLocker
2007-11-26 08:11 . 2007-11-26 08:11 1,171,848 --a------ C:\Windows\System32\SecureKeyBackupCPL.dll
2007-11-26 08:11 . 2007-11-26 08:11 711 --a------ C:\Windows\System32\CPSOKBTasks.xml
2007-11-26 08:03 . 2007-11-26 08:45 <DIR> d-------- C:\Users\All Users\NVIDIA
2007-11-26 08:03 . 2007-11-26 08:45 <DIR> d-------- C:\ProgramData\NVIDIA
2007-11-26 07:57 . 2007-11-26 07:57 2,048 --a------ C:\Windows\System32\tzres.dll
2007-11-26 07:55 . 2007-11-26 07:55 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2007-11-26 07:55 . 2007-11-26 07:55 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2007-11-26 07:55 . 2007-11-26 07:55 7,680 --a------ C:\Windows\System32\spwmp.dll
2007-11-26 07:55 . 2007-11-26 07:55 4,096 --a------ C:\Windows\System32\msdxm.ocx
2007-11-26 07:55 . 2007-11-26 07:55 4,096 --a------ C:\Windows\System32\dxmasf.dll
2007-11-26 07:53 . 2007-11-26 07:53 1,824,768 --a------ C:\Windows\System32\inetcpl.cpl
2007-11-26 07:53 . 2007-11-26 07:53 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2007-11-26 07:53 . 2007-11-26 07:53 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2007-11-26 07:53 . 2007-11-26 07:53 737,792 --a------ C:\Windows\System32\inetcomm.dll
2007-11-26 07:53 . 2007-11-26 07:53 84,480 --a------ C:\Windows\System32\INETRES.dll
2007-11-26 07:53 . 2007-11-26 07:53 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2007-11-26 07:52 . 2007-11-26 07:52 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-26 07:35 . 2007-11-27 20:37 <DIR> d-------- C:\Program Files\Smart DVD CD Burner
2007-11-26 07:32 . 2007-11-28 17:40 <DIR> d-------- C:\Users\john\AppData\Roaming\Vso
2007-11-26 07:32 . 2007-11-26 07:32 <DIR> d-------- C:\Users\All Users\Google
2007-11-26 07:32 . 2007-11-26 07:32 <DIR> d-------- C:\Program Files\VSO
2007-11-26 07:32 . 2006-09-29 11:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2007-11-26 07:32 . 2006-09-29 11:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2007-11-26 07:32 . 2006-09-29 11:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2007-11-26 07:32 . 2007-11-26 07:32 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2007-11-26 07:32 . 2007-11-26 07:32 47,360 --a------ C:\Users\john\AppData\Roaming\pcouffin.sys
2007-11-26 07:27 . 2007-11-26 07:27 1,156 --a------ C:\Windows\mozver.dat
2007-11-26 07:20 . 2007-11-26 07:20 0 --a------ C:\Windows\nsreg.dat
2007-11-26 07:16 . 2007-11-26 07:16 <DIR> d-------- C:\Program Files\Earth 3D Screensaver
2007-11-26 07:15 . 2007-11-26 07:15 <DIR> d-------- C:\Windows\System32\3Planesoft
2007-11-26 07:15 . 2007-11-26 07:15 <DIR> d-------- C:\Program Files\Christmas 3D Screensaver
2007-11-26 07:15 . 2007-11-26 07:16 <DIR> d-------- C:\Program Files\3Planesoft Screensaver Manager
2007-11-26 06:43 . 2007-12-02 12:10 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2007-11-26 06:40 . 2007-11-26 06:40 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2007-11-26 06:40 . 2007-11-26 06:40 <DIR> d-------- C:\Users\All Users\Raxco
2007-11-26 06:40 . 2007-11-26 06:40 <DIR> d-------- C:\ProgramData\Raxco
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 09:07 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Sidebar
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Photo Gallery
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Mail
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Journal
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Defender
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Collaboration
2007-11-26 22:18 --------- d-----w C:\Program Files\Windows Calendar
2007-11-26 08:10 --------- d-----w C:\Program Files\Microsoft Games
2007-11-26 07:58 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-26 07:58 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-26 07:58 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-26 07:58 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-26 07:58 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-26 07:58 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-26 07:58 3,471,544 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-26 07:58 299,008 ----a-w C:\Windows\System32\wlansec.dll
2007-11-26 07:58 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-26 07:58 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-26 07:58 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-26 07:58 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-26 07:58 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2007-11-26 07:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-11-26 07:53 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-11-25 16:59 174 --sha-w C:\Program Files\desktop.ini
2007-09-28 17:07 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-09-28 17:05 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-09-28 17:05 739,840 ----a-w C:\Windows\System32\divx.dll
2007-09-12 05:28 86,016 ----a-w C:\Windows\System32\nvsvc.dll
2007-09-12 05:28 81,920 ----a-w C:\Windows\System32\nvmctray.dll
2007-09-12 05:28 8,497,696 ----a-w C:\Windows\System32\nvcpl.dll
2007-09-12 05:28 753,664 ----a-w C:\Windows\System32\nvcplui.exe
2007-09-12 05:28 6,942,720 ----a-w C:\Windows\System32\nvoglv32.dll
2007-09-12 05:28 6,344,704 ----a-w C:\Windows\System32\nvdisps.dll
2007-09-12 05:28 5,509,120 ----a-w C:\Windows\System32\nvdispsr.dll
2007-09-12 05:28 458,752 ----a-w C:\Windows\System32\nvmccssr.dll
2007-09-12 05:28 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
2007-09-12 05:28 4,988,928 ----a-w C:\Windows\System32\nvd3dum.dll
2007-09-12 05:28 364,544 ----a-w C:\Windows\System32\nvapi.dll
2007-09-12 05:28 36,864 ----a-w C:\Windows\System32\nvcod100.dll
2007-09-12 05:28 36,864 ----a-w C:\Windows\System32\nvcod.dll
2007-09-12 05:28 356,352 ----a-w C:\Windows\System32\nvuninst.exe
2007-09-12 05:28 356,352 ----a-w C:\Windows\System32\nvudisp.exe
2007-09-12 05:28 307,200 ----a-w C:\Windows\System32\nvexpbar.dll
2007-09-12 05:28 3,629,056 ----a-w C:\Windows\System32\nvvitvsr.dll
2007-09-12 05:28 3,551,232 ----a-w C:\Windows\System32\nvvitvs.dll
2007-09-12 05:28 3,334,144 ----a-w C:\Windows\System32\nvgames.dll
2007-09-12 05:28 3,166,208 ----a-w C:\Windows\System32\nvgamesr.dll
2007-09-12 05:28 229,376 ----a-w C:\Windows\System32\nvmccs.dll
2007-09-12 05:28 2,854,912 ----a-w C:\Windows\System32\nvmoblsr.dll
2007-09-12 05:28 2,441,216 ----a-w C:\Windows\System32\nvwssr.dll
2007-09-12 05:28 2,371,584 ----a-w C:\Windows\System32\nvwss.dll
2007-09-12 05:28 188,416 ----a-w C:\Windows\System32\nvmccss.dll
2007-09-12 05:28 147,456 ----a-w C:\Windows\System32\nvcolor.exe
2007-09-12 05:28 1,521,664 ----a-w C:\Windows\System32\nvwgf2um.dll
2007-09-12 05:28 1,150,976 ----a-w C:\Windows\System32\nvmobls.dll
2007-09-12 05:28 1,073,152 ----a-w C:\Windows\System32\nvcpluir.dll
2007-09-04 17:56 164,352 ----a-w C:\Windows\System32\unrar.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 12:33]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Intralove"="C:\ProgramData\poke eggs eggs.ahm6ot" [2007-11-27 17:00]
"Proc Deaf Delete Peak"="C:\ProgramData\rule media play.dk9l3" [2007-11-27 17:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2007-11-27 23:08]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 14:09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-02 04:33]
"RTHDCPL"="RTHDCPL.EXE" []
"SkyTel"="SkyTel.EXE" []
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 08:14 C:\Windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" []
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10]
"NvSvc"="RUNDLL32.exe" [2006-11-02 09:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 09:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 09:45 C:\Windows\System32\rundll32.exe]
"Flashget"="C:\PROGRA~1\FlashGet\FlashGet.exe" [2007-11-27 23:12]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdcBase.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-04 05:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
R0 nvstor32;nvstor32;C:\Windows\system32\DRIVERS\nvstor32.sys
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe -k WindowsMobile
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\Windows\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}
S3 winusb;WinUsb Driver;C:\Windows\system32\DRIVERS\winusb.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService wlansvc UmRdpService EMDMgmt WPDBusEnum TabletInputService UxSms
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c2dfb1e-9b77-11dc-9c15-806e6f6e6963}]
\shell\AutoRun\command - D:\autorun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-02 13:20:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 14:18:33
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-02 14:19:15
.
--- E O F ---