Jump to content

h.s

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. It looks to me like everything is stable thanks to you. B) IE now works without a problem after I used ComboFix. Here is the F-Secure Online Scanner report: Scanning Report Monday, September 28, 2009 15:30:20 - 15:54:27 Computer name: BLADE Scanning type: Scan system for malware, spyware and rootkits Target: C:\ E:\ F:\ 3 malware found TrackingCookie.2o7 (spyware) * System (Disinfected) TrackingCookie.Atdmt (spyware) * System (Disinfected) TrackingCookie.Atwola (spyware) * System (Disinfected) Statistics Scanned: * Files: 48504 * System: 3914 * Not scanned: 7 Actions: * Disinfected: 3 * Renamed: 0 * Deleted: 0 * Not cleaned: 0 * Submitted: 0 Files not scanned: * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\DOCUMENTS AND SETTINGS\HARSH\LOCAL SETTINGS\TEMP\ETILQS_RVQPGVLO06XFCAWVEIXY Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 2 Out of date service pack!! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! Trend Micro OfficeScan Client Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: SpyHunter Spybot - Search & Destroy HijackThis 2.0.2 TuneUp Companion 1.5.9 Java 6 Update 7 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 9.1.3 `````````````````````````````` Process Check: objlist.exe by Laurent Trend Micro OfficeScan Client pccntmon.exe Trend Micro OfficeScan Client ntrtscan.exe Trend Micro OfficeScan Client tmlisten.exe Trend Micro OfficeScan Client TmPfw.exe Trend Micro OfficeScan Client CNTAoSMgr.exe Trend Micro OfficeScan Client tmproxy.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````
  2. ComboFix 09-09-25.01 - Harsh 09/25/2009 19:21.4.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2700 [GMT -4:00] Running from: c:\documents and settings\Harsh\Desktop\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {9AC2629D-D77E-4A61-9E41-C3603E4B7582} FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . ((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 ))))))))))))))))))))))))))))))) . 2009-09-23 20:04 . 2009-09-23 20:04 -------- dc----w- c:\program files\Uniblue 2009-09-20 23:23 . 2009-09-20 23:23 -------- dc----w- c:\program files\JoshMadison 2009-09-18 22:37 . 2009-09-18 22:37 -------- dc----w- c:\documents and settings\NetworkService\Application Data\Azureus 2009-09-18 21:31 . 2009-09-18 21:31 -------- dc----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-09-18 21:31 . 2009-09-18 21:31 -------- dc----w- c:\program files\DAEMON Tools Toolbar 2009-09-18 21:31 . 2009-09-20 20:38 -------- dc----w- c:\program files\DAEMON Tools Lite 2009-09-18 19:43 . 2009-09-18 19:43 -------- dc----w- C:\Downloads 2009-09-18 02:23 . 2009-09-18 21:53 -------- dc----w- c:\documents and settings\Harsh\Application Data\DAEMON Tools Lite 2009-09-17 23:41 . 2009-09-17 23:43 -------- dc----w- c:\program files\Spybot - Search & Destroy 2009-09-16 22:32 . 2009-09-16 22:32 -------- dc----w- c:\program files\Enigma Software Group 2009-09-16 20:47 . 2009-09-16 20:47 -------- dc----w- c:\documents and settings\Harsh\Application Data\Malwarebytes 2009-09-16 20:45 . 2009-09-10 18:54 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-16 20:45 . 2009-09-16 20:47 -------- dc----w- c:\program files\MAM 2009-09-16 20:45 . 2009-09-10 18:53 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2009-09-13 00:56 . 2009-05-07 07:04 157712 -c--a-w- c:\windows\system32\drivers\tmcomm.sys 2009-09-13 00:54 . 2009-09-13 00:54 -------- dc----w- C:\VIRUS 2009-09-13 00:53 . 2009-07-20 16:00 72072 -c--a-w- c:\windows\system32\drivers\tmtdi.sys 2009-09-13 00:53 . 2009-07-20 16:00 335888 -c--a-w- c:\windows\system32\drivers\TM_CFW.sys 2009-09-13 00:22 . 2009-09-13 00:22 -------- dc----w- c:\documents and settings\Harsh\Application Data\AVG8 2009-09-12 23:57 . 2009-09-12 23:57 -------- dc----w- c:\documents and settings\Harsh\Local Settings\Application Data\FreeFixer 2009-09-12 23:57 . 2009-09-12 23:57 -------- dc----w- c:\documents and settings\Harsh\Application Data\FreeFixer 2009-09-12 23:57 . 2009-09-12 23:57 -------- dc----w- c:\program files\FreeFixer 2009-09-12 23:46 . 2009-09-13 00:33 -------- dc----w- c:\program files\Panda Security 2009-09-12 23:42 . 2009-09-14 05:08 32 -csha-w- c:\windows\system32\drivers\fidbox2.dat 2009-09-12 23:42 . 2009-09-14 05:08 32 -csha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-12 23:15 . 2009-09-13 00:37 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 23:15 . 2009-09-12 23:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-12 22:04 . 2009-09-12 22:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-09-12 21:42 . 2009-09-13 17:09 -------- dc----w- c:\program files\Common Files\ParetoLogic 2009-09-12 21:42 . 2009-09-13 17:09 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-09-12 21:42 . 2009-09-12 21:42 -------- dc----w- c:\documents and settings\Harsh\Local Settings\Application Data\Downloaded Installations 2009-09-12 21:19 . 2009-09-12 21:19 -------- dcsh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-04 00:02 . 2009-09-15 00:57 -------- dc----w- C:\alg 2009-09-04 00:02 . 2002-04-24 13:32 26832 -c--a-w- c:\windows\system\CTL3DV2.DLL 2009-09-03 18:07 . 2009-09-03 18:07 41872 -c--a-w- c:\windows\system32\xfcodec.dll 2009-09-02 12:57 . 2009-09-24 18:52 45 -c--a-w- c:\documents and settings\Harsh\jagex_runescape_preferences2.dat 2009-09-02 03:28 . 2009-09-02 03:28 -------- dc----w- c:\windows\system32\log 2009-09-02 03:27 . 2009-09-16 23:16 -------- dc----w- c:\program files\Trend Micro 2009-09-02 00:05 . 2009-09-02 00:31 -------- dc----w- C:\vcs5BGEffects 2009-09-02 00:05 . 2009-09-02 00:35 -------- dc----w- c:\program files\AV Vcs 6.0 DIAMOND 2009-09-01 23:55 . 2009-09-01 23:55 -------- dc----w- C:\AV_LOGS 2009-09-01 23:53 . 2008-12-10 20:56 17792 -c--a-w- c:\windows\system32\drivers\vcsvad.sys 2009-09-01 23:53 . 2009-09-01 23:56 -------- dc----w- c:\program files\AV Vcs 7.0 GOLD 2009-09-01 23:49 . 2009-09-01 23:49 -------- dc----w- c:\documents and settings\Harsh\Application Data\Screaming Bee 2009-09-01 23:49 . 2009-09-01 23:49 -------- dc----w- c:\program files\Screaming Bee 2009-08-29 21:03 . 2009-09-03 14:47 -------- dc----w- c:\program files\TuneUpMedia 2009-08-29 21:03 . 2009-09-23 01:32 -------- dc----w- c:\documents and settings\Harsh\Application Data\TuneUpMedia 2009-08-29 21:03 . 2009-08-29 21:03 -------- dc----w- c:\documents and settings\All Users\Application Data\TuneUpMedia 2009-08-29 03:14 . 2009-08-29 03:14 -------- dc----w- C:\TempDVD 2009-08-29 03:14 . 2009-08-29 03:14 -------- dc----w- C:\dvdsanta 2009-08-28 00:26 . 2009-08-28 00:26 164056 -c--a-w- c:\windows\Crazi Video Pro Uninstaller.exe 2009-08-27 01:34 . 2009-08-27 01:34 -------- dc----w- c:\documents and settings\Harsh\Application Data\Creative 2009-08-27 01:33 . 2009-08-27 01:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Creative 2009-08-27 01:33 . 2009-08-27 01:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2} 2009-08-27 01:33 . 2009-08-27 01:33 -------- dc----w- c:\program files\Creative 2009-08-27 01:33 . 2009-08-27 01:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{56E59A1F-0DC5-4811-98E4-BA033E048C84} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-25 23:19 . 2008-09-27 22:55 -------- dc----w- c:\program files\PeerGuardian2 2009-09-25 23:19 . 2008-10-04 23:05 -------- dc----w- c:\documents and settings\Harsh\Application Data\Xfire 2009-09-25 21:28 . 2009-05-03 23:24 190144 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-09-25 20:59 . 2009-06-24 21:07 138808 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-25 04:12 . 2008-09-28 03:49 -------- dc----w- c:\documents and settings\Harsh\Application Data\Azureus 2009-09-24 19:19 . 2008-10-07 20:30 38 -c--a-w- c:\documents and settings\Harsh\jagex_runescape_preferences.dat 2009-09-24 03:11 . 2008-09-27 22:40 -------- dc----w- c:\documents and settings\Harsh\Application Data\mIRC 2009-09-23 23:56 . 2008-10-04 23:05 -------- dc----w- c:\program files\Xfire 2009-09-23 23:53 . 2008-09-27 22:40 -------- dc----w- c:\program files\mIRC 2009-09-23 01:31 . 2008-09-28 00:08 -------- dc----w- c:\documents and settings\Harsh\Application Data\LimeWire 2009-09-22 22:44 . 2008-09-27 23:01 -------- dc----w- c:\program files\RegScrubXP 2009-09-19 04:30 . 2008-09-27 22:00 -------- dc-h--w- c:\program files\InstallShield Installation Information 2009-09-18 22:51 . 2009-05-17 00:35 -------- dc----w- c:\documents and settings\Harsh\Application Data\Orbit 2009-09-18 17:02 . 2008-09-27 22:30 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-18 02:23 . 2008-09-27 23:55 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-09-17 23:46 . 2008-09-27 22:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-14 05:08 . 2009-09-12 23:42 32 -csha-w- c:\windows\system32\drivers\fidbox2.idx 2009-09-14 05:08 . 2009-09-12 23:42 32 -csha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-13 00:32 . 2009-01-13 02:22 -------- dc----w- c:\documents and settings\Harsh\Application Data\id Software 2009-09-13 00:31 . 2009-04-30 02:08 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-12 22:05 . 2009-01-27 02:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0 2009-09-12 22:05 . 2009-01-27 02:23 -------- dc----w- c:\program files\Lavasoft 2009-09-12 22:05 . 2008-09-27 22:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-10 15:48 . 2009-03-21 19:09 -------- dc----w- c:\program files\Microsoft Silverlight 2009-09-10 03:27 . 2009-04-25 00:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-29 21:03 . 2008-12-26 22:47 -------- dc----w- c:\program files\iTunes 2009-08-29 21:02 . 2008-09-28 03:48 -------- dc----w- c:\program files\Vuze 2009-08-29 03:14 . 2008-12-24 19:44 -------- dc----w- c:\documents and settings\Harsh\Application Data\DVD Flick 2009-08-29 03:14 . 2008-12-24 19:40 -------- dc----w- c:\program files\dvdSanta 2009-08-29 02:53 . 2008-10-09 01:50 -------- dc----w- c:\program files\DivX 2009-08-29 02:53 . 2009-07-11 04:52 -------- dc----w- c:\program files\Common Files\DivX Shared 2009-08-29 02:16 . 2009-07-14 03:40 -------- dc----w- c:\documents and settings\Harsh\Application Data\Hamachi 2009-08-28 01:35 . 2008-11-23 02:37 -------- dc----w- c:\documents and settings\Harsh\Application Data\River Past G5 2009-08-28 00:26 . 2008-11-23 02:37 -------- dc----w- c:\program files\Common Files\River Past 2009-08-28 00:26 . 2008-11-23 02:37 -------- dc----w- c:\documents and settings\All Users\Application Data\River Past G5 2009-08-28 00:26 . 2008-11-23 02:37 -------- dc----w- c:\program files\River Past 2009-08-23 14:59 . 2008-09-27 22:24 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-23 14:59 . 2008-09-27 22:24 -------- dc----w- c:\program files\AGEIA Technologies 2009-08-23 14:58 . 2009-08-23 14:58 -------- dc----w- c:\program files\NVIDIA Corporation 2009-08-23 14:58 . 2009-08-23 14:58 -------- dc----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-08-22 20:50 . 2008-10-19 01:22 -------- dc----w- c:\documents and settings\Harsh\Application Data\Apple Computer 2009-08-20 00:02 . 2009-02-23 00:06 56324 -c-ha-w- c:\windows\system32\mlfcache.dat 2009-08-17 07:04 . 2009-08-17 07:04 2173472 -c--a-w- c:\windows\system32\nvcplui.exe 2009-08-17 07:04 . 2009-08-17 07:04 81920 -c--a-w- c:\windows\system32\nvwddi.dll 2009-08-17 07:03 . 2009-08-17 07:03 3170304 -c--a-w- c:\windows\system32\nvwss.dll 2009-08-17 07:03 . 2009-08-17 07:03 4026368 -c--a-w- c:\windows\system32\nvvitvs.dll 2009-08-17 07:03 . 2009-08-17 07:03 188416 -c--a-w- c:\windows\system32\nvmccss.dll 2009-08-17 07:03 . 2009-08-17 07:03 1286144 -c--a-w- c:\windows\system32\nvmobls.dll 2009-08-17 07:03 . 2009-08-17 07:03 3547136 -c--a-w- c:\windows\system32\nvgames.dll 2009-08-17 07:03 . 2009-08-17 07:03 4923392 -c--a-w- c:\windows\system32\nvdisps.dll 2009-08-17 07:03 . 2009-08-17 07:03 86016 -c--a-w- c:\windows\system32\nvmctray.dll 2009-08-17 07:03 . 2009-08-17 07:03 168004 -c--a-w- c:\windows\system32\nvsvc32.exe 2009-08-17 07:03 . 2009-08-17 07:03 143360 -c--a-w- c:\windows\system32\nvcolor.exe 2009-08-17 07:03 . 2009-08-17 07:03 13877248 -c--a-w- c:\windows\system32\nvcpl.dll 2009-08-17 07:02 . 2009-08-17 07:02 229376 -c--a-w- c:\windows\system32\nvmccs.dll 2009-08-17 04:57 . 2009-08-17 04:57 2189856 -c--a-w- c:\windows\system32\nvcuvid.dll 2009-08-17 04:57 . 2009-08-17 04:57 1706528 -c--a-w- c:\windows\system32\nvcuvenc.dll 2009-08-17 04:57 . 2009-08-17 04:57 1597690 -c--a-w- c:\windows\system32\nvdata.bin 2009-08-17 04:57 . 2009-01-18 03:17 485920 -c--a-w- c:\windows\system32\nvudisp.exe 2009-08-17 04:57 . 2009-01-18 03:16 10457088 -c--a-w- c:\windows\system32\nvoglnt.dll 2009-08-17 04:57 . 2009-01-18 03:16 868352 -c--a-w- c:\windows\system32\nvapi.dll 2009-08-17 04:57 . 2009-01-18 03:16 2002944 -c--a-w- c:\windows\system32\nvcuda.dll 2009-08-17 04:57 . 2009-01-18 03:16 155648 -c--a-w- c:\windows\system32\nvcodins.dll 2009-08-17 04:57 . 2009-01-18 03:16 155648 -c--a-w- c:\windows\system32\nvcod.dll 2009-08-17 04:57 . 2008-09-17 13:55 7729568 -c--a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-17 04:57 . 2008-09-17 13:55 5845760 -c--a-w- c:\windows\system32\nv4_disp.dll 2009-08-14 17:36 . 2009-08-14 17:36 70936 -c--a-w- c:\windows\system32\PhysXLoader.dll 2009-08-13 18:34 . 2008-10-22 00:47 -------- dc----w- c:\program files\Opera 2009-08-11 21:33 . 2009-08-11 21:33 -------- dc----w- c:\program files\CrossLoop 2009-08-11 19:45 . 2009-08-11 19:45 -------- dc----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-08-11 19:45 . 2009-08-11 19:45 -------- dc----w- c:\program files\DVD Shrink 2009-08-11 16:35 . 2009-01-18 03:17 485920 -c--a-w- c:\windows\system32\NVUNINST.EXE 2009-08-10 00:30 . 2009-08-10 00:05 -------- dc----w- c:\documents and settings\Harsh\Application Data\Download Manager 2009-08-08 21:27 . 2009-08-08 21:27 -------- dc----w- c:\program files\LimeWire 2009-08-05 09:11 . 2004-08-03 23:56 204800 -c--a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 21:41 . 2009-08-03 20:30 -------- dc----w- c:\documents and settings\Harsh\Application Data\mp3rocket 2009-08-03 20:31 . 2009-08-03 20:30 -------- dc----w- c:\program files\MP3 Rocket 2009-08-03 04:21 . 2009-08-03 04:21 23320 -c--a-w- c:\windows\system32\PhysXDevice.dll 2009-08-03 01:50 . 2009-08-03 01:50 -------- dc----w- c:\program files\Sorian AI Mod 2009-07-29 21:36 . 2008-09-28 14:34 -------- dc----w- c:\documents and settings\Harsh\Application Data\vlc 2009-07-29 21:21 . 2009-07-29 21:21 -------- dc----w- c:\documents and settings\Harsh\Application Data\MozillaControl 2009-07-29 21:21 . 2009-07-29 21:21 -------- dc----w- c:\program files\Mozilla ActiveX Control v1.7.12 2009-07-29 21:21 . 2009-07-29 21:20 -------- dc----w- c:\program files\Graboid 2009-07-17 20:52 . 2008-09-27 21:08 68456 -c--a-w- c:\documents and settings\Harsh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-17 18:55 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2007-09-20 04:50 286208 -c--a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 16:16 . 2009-07-26 22:30 2060288 -c--a-w- c:\windows\system32\usbaaplrc.dll 2009-07-09 16:16 . 2008-12-26 20:50 39424 -c--a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-03 17:09 . 2007-09-20 04:59 915456 ------w- c:\windows\system32\wininet.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-17_16.13.21 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-27 23:55 . 2009-09-24 15:52 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2008-09-27 23:55 . 2009-03-26 21:58 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe - 2009-08-16 18:49 . 2009-08-16 18:49 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2009-09-23 02:38 . 2009-09-23 02:38 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2009-09-23 02:38 . 2009-09-23 02:38 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll - 2009-08-16 18:49 . 2009-08-16 18:49 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2009-05-19 20:51 . 2009-09-24 18:52 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll - 2009-05-19 20:51 . 2009-09-13 12:48 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll + 2009-05-19 20:51 . 2009-09-24 18:52 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll - 2009-05-19 20:51 . 2009-09-13 12:48 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll + 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2007-09-20 04:35 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\TCPIP.SYS + 2007-09-20 04:35 . 2008-06-20 11:59 361600 c:\windows\system32\dllcache\tcpip.sys + 2009-09-20 20:35 . 2009-09-18 04:40 170816 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat + 2009-09-20 23:23 . 2009-09-20 23:23 408576 c:\windows\Installer\981d3c.msi + 2009-09-23 02:38 . 2009-09-23 02:38 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll - 2009-08-16 18:49 . 2009-08-16 18:49 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll - 2009-08-16 18:49 . 2009-08-16 18:49 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2009-09-23 02:38 . 2009-09-23 02:38 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll - 2009-08-16 18:49 . 2009-08-16 18:49 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2009-09-23 02:38 . 2009-09-23 02:38 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll - 2009-08-16 18:49 . 2009-08-16 18:49 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2009-09-23 02:38 . 2009-09-23 02:38 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2009-08-16 18:49 . 2009-08-16 18:49 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2009-09-23 02:38 . 2009-09-23 02:38 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll - 2009-08-16 18:49 . 2009-08-16 18:49 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-09-23 02:38 . 2009-09-23 02:38 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-09-23 02:38 . 2009-09-23 02:38 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-16 18:49 . 2009-08-16 18:49 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-16 18:49 . 2009-08-16 18:49 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-09-23 02:38 . 2009-09-23 02:38 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-16 18:49 . 2009-08-16 18:49 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-09-23 02:38 . 2009-09-23 02:38 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-16 18:49 . 2009-08-16 18:49 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-09-23 02:38 . 2009-09-23 02:38 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-16 18:49 . 2009-08-16 18:49 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-09-23 02:38 . 2009-09-23 02:38 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-16 18:49 . 2009-08-16 18:49 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-09-23 02:38 . 2009-09-23 02:38 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-16 18:49 . 2009-08-16 18:49 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-09-23 02:38 . 2009-09-23 02:38 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-16 18:49 . 2009-08-16 18:49 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2009-09-23 02:38 . 2009-09-23 02:38 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2009-09-23 02:38 . 2009-09-23 02:38 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-16 18:49 . 2009-08-16 18:49 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-09-23 02:38 . 2009-09-23 02:38 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2009-08-16 18:49 . 2009-08-16 18:49 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2009-09-23 03:07 . 2009-09-23 03:07 24721920 c:\windows\Installer\2e53075.msi + 2009-09-23 03:07 . 2009-09-23 03:07 15699216 c:\windows\Installer\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}\shift.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824] "EVEREST AutoStart"="c:\documents and settings\Harsh\Desktop\Everest-Ultimate-Edition-4.60.1601-hardal\everest.exe" [2008-12-24 2159200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.23\RivaTuner.exe" [2009-02-15 2777088] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-07-20 714024] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent "mount.exe"=c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe /z "PSwitch"=c:\docume~1\Harsh\LOCALS~1\Temp\RarSFX0\App\ProxySwitcher.exe "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CmUsbSound"=RunDll32 cmcnfgu.cpl,CMICtrlWnd "HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "nwiz"=nwiz.exe /install "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "RTHDCPL"=RTHDCPL.EXE "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Alcmtr"=ALCMTR.EXE "AlcWzrd"=ALCWZRD.EXE "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "SoundMan"=SOUNDMAN.EXE "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow "Malwarebytes Anti-Malware (reboot)"="c:\program files\MAM\mam.exe" /runcleanupscript "SpyHunter Security Suite"=c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "e:\\Games\\UnrealTournament\\System\\UnrealTournament.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\River Past\\Crazi Video\\CraziVideo.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "24537:TCP"= 24537:TCP:vuze "24537:UDP"= 24537:UDP:vuze1 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/26/2009 10:26 PM 64160] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [12/7/2008 3:17 PM 15976] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/1/2008 3:13 AM 34064] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/12/2009 8:53 PM 36368] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [9/27/2008 8:35 PM 22784] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [9/12/2009 8:53 PM 335888] R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [9/1/2009 7:53 PM 17792] S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [9/28/2008 1:18 AM 26144] S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [9/12/2009 8:53 PM 225296] S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [1/31/2009 8:19 PM 37488] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 7:42 AM 64000] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 1:19 PM 23064] S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [3/25/2009 12:35 PM 25472] S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [9/12/2009 8:53 PM 488768] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [9/12/2009 8:53 PM 652552] --- Other Services/Drivers In Memory --- *NewlyCreated* - EVERESTDRIVER *NewlyCreated* - PGFILTER *NewlyCreated* - PNKBSTRB *Deregistered* - EverestDriver *Deregistered* - pgfilter [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-12 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-12-06 14:38] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Harsh\Application Data\Mozilla\Firefox\Profiles\iocfi8gf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gamespot.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\documents and settings\Harsh\Application Data\Move Networks\plugins\npqmp071504000001.dll FF - plugin: c:\documents and settings\Harsh\Application Data\Mozilla\Firefox\Profiles\iocfi8gf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\Harsh\Application Data\Mozilla\Firefox\Profiles\iocfi8gf.default\extensions\tcastv1@tom.com\plugins\nptcast40.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-25 19:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1960408961-1647877149-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:6b,15,45,50,47,ea,b4,ce,7d,5e,7e,12,06,78,44,cd,41,1b,1d,4f,f6,bc,04, e1,ce,1e,1d,79,84,0c,d7,a8,c6,38,e6,85,5d,60,fe,ad,d8,1b,f1,45,a0,08,e6,00,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-1960408961-1647877149-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:87,8d,0f,e6,99,03,5b,33,19,70,fa,de,cf,5c,7d,98,0a,f7,43,26,0f, bd,f2,27,ed,a1,ec,3c,95,3f,cf,f9,32,a5,23,3a,a9,bf,1d,4b,3b,70,d6,f1,26,85,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1856) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2009-09-25 19:25 ComboFix-quarantined-files.txt 2009-09-25 23:25 ComboFix2.txt 2009-09-22 22:37 ComboFix3.txt 2009-09-18 17:22 ComboFix4.txt 2009-09-17 16:14 Pre-Run: 5,283,901,440 bytes free Post-Run: 5,244,694,528 bytes free 381 --- E O F --- 2009-09-10 03:29
  3. Hey, sorry about the late response. I still cannot get rid of AntiVir and Norton AntiVirus thing. Thanks ComboFix 09-09-22.01 - Harsh 09/22/2009 18:33.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2442 [GMT -4:00] Running from: c:\documents and settings\Harsh\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Harsh\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton AntiVirus Gaming Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {9AC2629D-D77E-4A61-9E41-C3603E4B7582} FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . ((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 ))))))))))))))))))))))))))))))) . 2009-09-20 23:23 . 2009-09-20 23:23 -------- dc----w- c:\program files\JoshMadison 2009-09-18 22:37 . 2009-09-18 22:37 -------- dc----w- c:\documents and settings\NetworkService\Application Data\Azureus 2009-09-18 21:31 . 2009-09-18 21:31 -------- dc----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-09-18 21:31 . 2009-09-18 21:31 -------- dc----w- c:\program files\DAEMON Tools Toolbar 2009-09-18 21:31 . 2009-09-20 20:38 -------- dc----w- c:\program files\DAEMON Tools Lite 2009-09-18 19:43 . 2009-09-18 19:43 -------- dc----w- C:\Downloads 2009-09-18 02:23 . 2009-09-18 21:53 -------- dc----w- c:\documents and settings\Harsh\Application Data\DAEMON Tools Lite 2009-09-17 23:41 . 2009-09-17 23:43 -------- dc----w- c:\program files\Spybot - Search & Destroy 2009-09-16 22:32 . 2009-09-16 22:32 -------- dc----w- c:\program files\Enigma Software Group 2009-09-16 20:47 . 2009-09-16 20:47 -------- dc----w- c:\documents and settings\Harsh\Application Data\Malwarebytes 2009-09-16 20:45 . 2009-09-10 18:54 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-16 20:45 . 2009-09-16 20:47 -------- dc----w- c:\program files\MAM 2009-09-16 20:45 . 2009-09-10 18:53 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2009-09-13 00:56 . 2009-05-07 07:04 157712 -c--a-w- c:\windows\system32\drivers\tmcomm.sys 2009-09-13 00:54 . 2009-09-13 00:54 -------- dc----w- C:\VIRUS 2009-09-13 00:53 . 2009-07-20 16:00 72072 -c--a-w- c:\windows\system32\drivers\tmtdi.sys 2009-09-13 00:53 . 2009-07-20 16:00 335888 -c--a-w- c:\windows\system32\drivers\TM_CFW.sys 2009-09-13 00:22 . 2009-09-13 00:22 -------- dc----w- c:\documents and settings\Harsh\Application Data\AVG8 2009-09-12 23:57 . 2009-09-12 23:57 -------- dc----w- c:\documents and settings\Harsh\Local Settings\Application Data\FreeFixer 2009-09-12 23:57 . 2009-09-12 23:57 -------- dc----w- c:\documents and settings\Harsh\Application Data\FreeFixer 2009-09-12 23:57 . 2009-09-12 23:57 -------- dc----w- c:\program files\FreeFixer 2009-09-12 23:46 . 2009-09-13 00:33 -------- dc----w- c:\program files\Panda Security 2009-09-12 23:42 . 2009-09-14 05:08 32 -csha-w- c:\windows\system32\drivers\fidbox2.dat 2009-09-12 23:42 . 2009-09-14 05:08 32 -csha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-12 23:15 . 2009-09-13 00:37 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 23:15 . 2009-09-12 23:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-12 22:04 . 2009-09-12 22:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-09-12 21:42 . 2009-09-13 17:09 -------- dc----w- c:\program files\Common Files\ParetoLogic 2009-09-12 21:42 . 2009-09-13 17:09 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-09-12 21:42 . 2009-09-12 21:42 -------- dc----w- c:\documents and settings\Harsh\Local Settings\Application Data\Downloaded Installations 2009-09-12 21:19 . 2009-09-12 21:19 -------- dcsh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-04 00:02 . 2009-09-15 00:57 -------- dc----w- C:\alg 2009-09-04 00:02 . 2002-04-24 13:32 26832 -c--a-w- c:\windows\system\CTL3DV2.DLL 2009-09-03 18:07 . 2009-09-03 18:07 41872 -c--a-w- c:\windows\system32\xfcodec.dll 2009-09-02 12:57 . 2009-09-20 11:54 45 -c--a-w- c:\documents and settings\Harsh\jagex_runescape_preferences2.dat 2009-09-02 03:28 . 2009-09-02 03:28 -------- dc----w- c:\windows\system32\log 2009-09-02 03:27 . 2009-09-16 23:16 -------- dc----w- c:\program files\Trend Micro 2009-09-02 00:05 . 2009-09-02 00:31 -------- dc----w- C:\vcs5BGEffects 2009-09-02 00:05 . 2009-09-02 00:35 -------- dc----w- c:\program files\AV Vcs 6.0 DIAMOND 2009-09-01 23:55 . 2009-09-01 23:55 -------- dc----w- C:\AV_LOGS 2009-09-01 23:53 . 2008-12-10 20:56 17792 -c--a-w- c:\windows\system32\drivers\vcsvad.sys 2009-09-01 23:53 . 2009-09-01 23:56 -------- dc----w- c:\program files\AV Vcs 7.0 GOLD 2009-09-01 23:49 . 2009-09-01 23:49 -------- dc----w- c:\documents and settings\Harsh\Application Data\Screaming Bee 2009-09-01 23:49 . 2009-09-01 23:49 -------- dc----w- c:\program files\Screaming Bee 2009-08-29 21:03 . 2009-09-03 14:47 -------- dc----w- c:\program files\TuneUpMedia 2009-08-29 21:03 . 2009-09-19 19:09 -------- dc----w- c:\documents and settings\Harsh\Application Data\TuneUpMedia 2009-08-29 21:03 . 2009-08-29 21:03 -------- dc----w- c:\documents and settings\All Users\Application Data\TuneUpMedia 2009-08-29 03:14 . 2009-08-29 03:14 -------- dc----w- C:\TempDVD 2009-08-29 03:14 . 2009-08-29 03:14 -------- dc----w- C:\dvdsanta 2009-08-28 00:26 . 2009-08-28 00:26 164056 -c--a-w- c:\windows\Crazi Video Pro Uninstaller.exe 2009-08-27 01:34 . 2009-08-27 01:34 -------- dc----w- c:\documents and settings\Harsh\Application Data\Creative 2009-08-27 01:33 . 2009-08-27 01:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Creative 2009-08-27 01:33 . 2009-08-27 01:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2} 2009-08-27 01:33 . 2009-08-27 01:33 -------- dc----w- c:\program files\Creative 2009-08-27 01:33 . 2009-08-27 01:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{56E59A1F-0DC5-4811-98E4-BA033E048C84} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-22 22:35 . 2008-09-27 22:55 -------- dc----w- c:\program files\PeerGuardian2 2009-09-22 22:29 . 2008-10-04 23:05 -------- dc----w- c:\documents and settings\Harsh\Application Data\Xfire 2009-09-22 21:31 . 2008-10-04 23:05 -------- dc----w- c:\program files\Xfire 2009-09-22 02:26 . 2008-09-27 22:40 -------- dc----w- c:\documents and settings\Harsh\Application Data\mIRC 2009-09-21 19:01 . 2008-09-28 03:49 -------- dc----w- c:\documents and settings\Harsh\Application Data\Azureus 2009-09-21 03:10 . 2008-09-27 22:40 -------- dc----w- c:\program files\mIRC 2009-09-21 02:32 . 2009-05-03 23:24 189104 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-09-21 01:50 . 2009-06-24 21:07 139584 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-20 13:26 . 2008-10-07 20:30 37 -c--a-w- c:\documents and settings\Harsh\jagex_runescape_preferences.dat 2009-09-19 19:09 . 2008-09-28 00:08 -------- dc----w- c:\documents and settings\Harsh\Application Data\LimeWire 2009-09-19 04:30 . 2008-09-27 22:00 -------- dc-h--w- c:\program files\InstallShield Installation Information 2009-09-18 22:51 . 2009-05-17 00:35 -------- dc----w- c:\documents and settings\Harsh\Application Data\Orbit 2009-09-18 17:35 . 2008-09-27 23:01 -------- dc----w- c:\program files\RegScrubXP 2009-09-18 17:02 . 2008-09-27 22:30 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-18 02:23 . 2008-09-27 23:55 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-09-17 23:46 . 2008-09-27 22:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-14 05:08 . 2009-09-12 23:42 32 -csha-w- c:\windows\system32\drivers\fidbox2.idx 2009-09-14 05:08 . 2009-09-12 23:42 32 -csha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-13 00:32 . 2009-01-13 02:22 -------- dc----w- c:\documents and settings\Harsh\Application Data\id Software 2009-09-13 00:31 . 2009-04-30 02:08 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-12 22:05 . 2009-01-27 02:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0 2009-09-12 22:05 . 2009-01-27 02:23 -------- dc----w- c:\program files\Lavasoft 2009-09-12 22:05 . 2008-09-27 22:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-10 15:48 . 2009-03-21 19:09 -------- dc----w- c:\program files\Microsoft Silverlight 2009-09-10 03:27 . 2009-04-25 00:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-29 21:03 . 2008-12-26 22:47 -------- dc----w- c:\program files\iTunes 2009-08-29 21:02 . 2008-09-28 03:48 -------- dc----w- c:\program files\Vuze 2009-08-29 03:14 . 2008-12-24 19:44 -------- dc----w- c:\documents and settings\Harsh\Application Data\DVD Flick 2009-08-29 03:14 . 2008-12-24 19:40 -------- dc----w- c:\program files\dvdSanta 2009-08-29 02:53 . 2008-10-09 01:50 -------- dc----w- c:\program files\DivX 2009-08-29 02:53 . 2009-07-11 04:52 -------- dc----w- c:\program files\Common Files\DivX Shared 2009-08-29 02:16 . 2009-07-14 03:40 -------- dc----w- c:\documents and settings\Harsh\Application Data\Hamachi 2009-08-28 01:35 . 2008-11-23 02:37 -------- dc----w- c:\documents and settings\Harsh\Application Data\River Past G5 2009-08-28 00:26 . 2008-11-23 02:37 -------- dc----w- c:\program files\Common Files\River Past 2009-08-28 00:26 . 2008-11-23 02:37 -------- dc----w- c:\documents and settings\All Users\Application Data\River Past G5 2009-08-28 00:26 . 2008-11-23 02:37 -------- dc----w- c:\program files\River Past 2009-08-23 14:59 . 2008-09-27 22:24 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-23 14:59 . 2008-09-27 22:24 -------- dc----w- c:\program files\AGEIA Technologies 2009-08-23 14:58 . 2009-08-23 14:58 -------- dc----w- c:\program files\NVIDIA Corporation 2009-08-23 14:58 . 2009-08-23 14:58 -------- dc----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-08-22 20:50 . 2008-10-19 01:22 -------- dc----w- c:\documents and settings\Harsh\Application Data\Apple Computer 2009-08-20 00:02 . 2009-02-23 00:06 56324 -c-ha-w- c:\windows\system32\mlfcache.dat 2009-08-17 07:04 . 2009-08-17 07:04 2173472 -c--a-w- c:\windows\system32\nvcplui.exe 2009-08-17 07:04 . 2009-08-17 07:04 81920 -c--a-w- c:\windows\system32\nvwddi.dll 2009-08-17 07:03 . 2009-08-17 07:03 3170304 -c--a-w- c:\windows\system32\nvwss.dll 2009-08-17 07:03 . 2009-08-17 07:03 4026368 -c--a-w- c:\windows\system32\nvvitvs.dll 2009-08-17 07:03 . 2009-08-17 07:03 188416 -c--a-w- c:\windows\system32\nvmccss.dll 2009-08-17 07:03 . 2009-08-17 07:03 1286144 -c--a-w- c:\windows\system32\nvmobls.dll 2009-08-17 07:03 . 2009-08-17 07:03 3547136 -c--a-w- c:\windows\system32\nvgames.dll 2009-08-17 07:03 . 2009-08-17 07:03 4923392 -c--a-w- c:\windows\system32\nvdisps.dll 2009-08-17 07:03 . 2009-08-17 07:03 86016 -c--a-w- c:\windows\system32\nvmctray.dll 2009-08-17 07:03 . 2009-08-17 07:03 168004 -c--a-w- c:\windows\system32\nvsvc32.exe 2009-08-17 07:03 . 2009-08-17 07:03 143360 -c--a-w- c:\windows\system32\nvcolor.exe 2009-08-17 07:03 . 2009-08-17 07:03 13877248 -c--a-w- c:\windows\system32\nvcpl.dll 2009-08-17 07:02 . 2009-08-17 07:02 229376 -c--a-w- c:\windows\system32\nvmccs.dll 2009-08-17 04:57 . 2009-08-17 04:57 2189856 -c--a-w- c:\windows\system32\nvcuvid.dll 2009-08-17 04:57 . 2009-08-17 04:57 1706528 -c--a-w- c:\windows\system32\nvcuvenc.dll 2009-08-17 04:57 . 2009-08-17 04:57 1597690 -c--a-w- c:\windows\system32\nvdata.bin 2009-08-17 04:57 . 2009-01-18 03:17 485920 -c--a-w- c:\windows\system32\nvudisp.exe 2009-08-17 04:57 . 2009-01-18 03:16 10457088 -c--a-w- c:\windows\system32\nvoglnt.dll 2009-08-17 04:57 . 2009-01-18 03:16 868352 -c--a-w- c:\windows\system32\nvapi.dll 2009-08-17 04:57 . 2009-01-18 03:16 2002944 -c--a-w- c:\windows\system32\nvcuda.dll 2009-08-17 04:57 . 2009-01-18 03:16 155648 -c--a-w- c:\windows\system32\nvcodins.dll 2009-08-17 04:57 . 2009-01-18 03:16 155648 -c--a-w- c:\windows\system32\nvcod.dll 2009-08-17 04:57 . 2008-09-17 13:55 7729568 -c--a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-17 04:57 . 2008-09-17 13:55 5845760 -c--a-w- c:\windows\system32\nv4_disp.dll 2009-08-14 17:36 . 2009-08-14 17:36 70936 -c--a-w- c:\windows\system32\PhysXLoader.dll 2009-08-13 18:34 . 2008-10-22 00:47 -------- dc----w- c:\program files\Opera 2009-08-11 21:33 . 2009-08-11 21:33 -------- dc----w- c:\program files\CrossLoop 2009-08-11 19:45 . 2009-08-11 19:45 -------- dc----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-08-11 19:45 . 2009-08-11 19:45 -------- dc----w- c:\program files\DVD Shrink 2009-08-11 16:35 . 2009-01-18 03:17 485920 -c--a-w- c:\windows\system32\NVUNINST.EXE 2009-08-10 00:30 . 2009-08-10 00:05 -------- dc----w- c:\documents and settings\Harsh\Application Data\Download Manager 2009-08-08 21:27 . 2009-08-08 21:27 -------- dc----w- c:\program files\LimeWire 2009-08-05 09:11 . 2004-08-03 23:56 204800 -c--a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 21:41 . 2009-08-03 20:30 -------- dc----w- c:\documents and settings\Harsh\Application Data\mp3rocket 2009-08-03 20:31 . 2009-08-03 20:30 -------- dc----w- c:\program files\MP3 Rocket 2009-08-03 04:21 . 2009-08-03 04:21 23320 -c--a-w- c:\windows\system32\PhysXDevice.dll 2009-08-03 01:50 . 2009-08-03 01:50 -------- dc----w- c:\program files\Sorian AI Mod 2009-07-29 21:36 . 2008-09-28 14:34 -------- dc----w- c:\documents and settings\Harsh\Application Data\vlc 2009-07-29 21:21 . 2009-07-29 21:21 -------- dc----w- c:\documents and settings\Harsh\Application Data\MozillaControl 2009-07-29 21:21 . 2009-07-29 21:21 -------- dc----w- c:\program files\Mozilla ActiveX Control v1.7.12 2009-07-29 21:21 . 2009-07-29 21:20 -------- dc----w- c:\program files\Graboid 2009-07-26 22:48 . 2008-10-02 19:35 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-26 22:35 . 2008-10-19 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-26 22:33 . 2009-07-26 22:32 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-26 22:32 . 2009-07-26 22:32 -------- dc----w- c:\program files\iPod 2009-07-26 22:32 . 2008-10-19 01:21 -------- dc----w- c:\program files\Common Files\Apple 2009-07-26 22:31 . 2009-07-26 22:31 -------- dc----w- c:\program files\Bonjour 2009-07-26 22:31 . 2008-12-26 21:36 -------- dc----w- c:\program files\QuickTime 2009-07-25 12:20 . 2008-10-02 19:35 -------- dc----w- c:\program files\NOS 2009-07-17 20:52 . 2008-09-27 21:08 68456 -c--a-w- c:\documents and settings\Harsh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-17 18:55 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2007-09-20 04:50 286208 -c--a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 16:16 . 2009-07-26 22:30 2060288 -c--a-w- c:\windows\system32\usbaaplrc.dll 2009-07-09 16:16 . 2008-12-26 20:50 39424 -c--a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-03 17:09 . 2007-09-20 04:59 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 18:36 . 2004-08-03 23:56 95744 -c--a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-03 23:56 661504 -c--a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-03 23:56 517120 -c--a-w- c:\windows\system32\mqsnap.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-17_16.13.21 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-22 13:09 . 2009-09-22 13:09 16384 c:\windows\temp\Perflib_Perfdata_158.dat + 2009-05-19 20:51 . 2009-09-20 11:54 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll - 2009-05-19 20:51 . 2009-09-13 12:48 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll + 2009-05-19 20:51 . 2009-09-20 11:54 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll - 2009-05-19 20:51 . 2009-09-13 12:48 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll + 2007-09-20 04:35 . 2008-06-20 11:59 361600 c:\windows\system32\drivers\TCPIP.SYS + 2007-09-20 04:35 . 2008-06-20 11:59 361600 c:\windows\system32\dllcache\tcpip.sys + 2009-09-20 20:35 . 2009-09-18 04:40 170816 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat + 2009-09-20 23:23 . 2009-09-20 23:23 408576 c:\windows\Installer\981d3c.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824] "EVEREST AutoStart"="c:\documents and settings\Harsh\Desktop\Everest-Ultimate-Edition-4.60.1601-hardal\everest.exe" [2008-12-24 2159200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.23\RivaTuner.exe" [2009-02-15 2777088] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-07-20 714024] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent "mount.exe"=c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe /z "PSwitch"=c:\docume~1\Harsh\LOCALS~1\Temp\RarSFX0\App\ProxySwitcher.exe "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CmUsbSound"=RunDll32 cmcnfgu.cpl,CMICtrlWnd "HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "nwiz"=nwiz.exe /install "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "RTHDCPL"=RTHDCPL.EXE "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Alcmtr"=ALCMTR.EXE "AlcWzrd"=ALCWZRD.EXE "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "SoundMan"=SOUNDMAN.EXE "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow "Malwarebytes Anti-Malware (reboot)"="c:\program files\MAM\mam.exe" /runcleanupscript "SpyHunter Security Suite"=c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "e:\\Games\\UnrealTournament\\System\\UnrealTournament.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\River Past\\Crazi Video\\CraziVideo.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "24537:TCP"= 24537:TCP:vuze "24537:UDP"= 24537:UDP:vuze1 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/26/2009 10:26 PM 64160] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [12/7/2008 3:17 PM 15976] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/1/2008 3:13 AM 34064] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/12/2009 8:53 PM 36368] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [9/27/2008 8:35 PM 22784] R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Harsh\Desktop\Everest-Ultimate-Edition-4.60.1601-hardal\kerneld.wnt [12/30/2008 11:25 PM 26224] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [9/12/2009 8:53 PM 335888] R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [9/1/2009 7:53 PM 17792] S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [9/28/2008 1:18 AM 26144] S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [9/12/2009 8:53 PM 225296] S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [1/31/2009 8:19 PM 37488] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 7:42 AM 64000] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 1:19 PM 23064] S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [3/25/2009 12:35 PM 25472] S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [9/12/2009 8:53 PM 488768] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [9/12/2009 8:53 PM 652552] --- Other Services/Drivers In Memory --- *NewlyCreated* - EVERESTDRIVER *NewlyCreated* - PGFILTER [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-12 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-12-06 14:38] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Harsh\Application Data\Mozilla\Firefox\Profiles\iocfi8gf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gamespot.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\documents and settings\Harsh\Application Data\Move Networks\plugins\npqmp071504000001.dll FF - plugin: c:\documents and settings\Harsh\Application Data\Mozilla\Firefox\Profiles\iocfi8gf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\Harsh\Application Data\Mozilla\Firefox\Profiles\iocfi8gf.default\extensions\tcastv1@tom.com\plugins\nptcast40.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-22 18:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\documents and settings\Harsh\Desktop\Everest-Ultimate-Edition-4.60.1601-hardal\kerneld.wnt" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1960408961-1647877149-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:6b,15,45,50,47,ea,b4,ce,7d,5e,7e,12,06,78,44,cd,41,1b,1d,4f,f6,bc,04, e1,ce,1e,1d,79,84,0c,d7,a8,c6,38,e6,85,5d,60,fe,ad,d8,1b,f1,45,a0,08,e6,00,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-1960408961-1647877149-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:87,8d,0f,e6,99,03,5b,33,19,70,fa,de,cf,5c,7d,98,0a,f7,43,26,0f, bd,f2,27,ed,a1,ec,3c,95,3f,cf,f9,32,a5,23,3a,a9,bf,1d,4b,3b,70,d6,f1,26,85,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1676) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2009-09-22 18:37 ComboFix-quarantined-files.txt 2009-09-22 22:37 ComboFix2.txt 2009-09-18 17:22 ComboFix3.txt 2009-09-17 16:14 Pre-Run: 5,404,696,576 bytes free Post-Run: 5,351,899,136 bytes free 351 --- E O F --- 2009-09-10 03:29 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:38:07 PM, on 9/22/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\dkservice.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [DeathAdder] "C:\Program Files\Razer\DeathAdder\razerhid.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.23\RivaTuner.exe" /S O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe" O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Documents and Settings\Harsh\Desktop\Everest-Ultimate-Edition-4.60.1601-hardal\everest.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- End of file - 7181 bytes
  4. Hello screen. Avira and Norton Antivirus do not show up under add/remove programs area. I am pretty sure I do not have either of them installed. I tried installing both of them last week before the rootkit.tdss got removed yesterday (don't ask me how but rootkit.tdss does not show up anymore under MBAM after scanning last night) but it kept getting blocked while trying to install when I tried last week. The only AV program that I know I have installed currently and working is Trend Micro Open Office. I uninstalled Viewpoint Manager btw. It is still showing up under ComboFix.. From those 4 listed anti-virus programs, I only have Trend Micro OfficeScan AntiVirus istalled. None of the other 3 are installed - doesn't make sense. Maybe it is stuck in the registry someplace? I used RegScrubXP and it does not show up under there.. I dunno.. -H.S ComboFix 09-09-16.05 - Harsh 09/18/2009 13:14.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2810 [GMT -4:00] Running from: c:\documents and settings\Harsh\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Harsh\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton AntiVirus Gaming Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {9AC2629D-D77E-4A61-9E41-C3603E4B7582} FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\TCPIP.SYS c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\TCPIP.SYS . ((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 ))))))))))))))))))))))))))))))) . 2009-09-18 02:23 . 2009-09-18 02:23 -------- dc----w- c:\documents and settings\Harsh\Application Data\DAEMON Tools Lite 2009-09-17 23:41 . 2009-09-17 23:43 -------- dc----w- c:\program files\Spybot - Search & Destroy 2009-09-16 22:32 . 2009-09-16 22:32 -------- dc----w- c:\program files\Enigma Software Group 2009-09-16 20:47 . 2009-09-16 20:47 -------- dc----w- c:\documents and settings\Harsh\Application Data\Malwarebytes 2009-09-16 20:45 . 2009-09-10 18:54 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-16 20:45 . 2009-09-16 20:47 -------- dc----w- c:\program files\MAM 2009-09-16 20:45 . 2009-09-10 18:53 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2009-09-13 00:56 . 2009-05-07 07:04 157712 -c--a-w- c:\windows\system32\drivers\tmcomm.sys 2009-09-13 00:54 . 2009-09-13 00:54 -------- dc----w- C:\VIRUS 2009-09-13 00:53 . 2009-07-20 16:00 72072 -c--a-w- c:\windows\system32\drivers\tmtdi.sys 2009-09-13 00:53 . 2009-07-20 16:00 335888 -c--a-w- c:\windows\system32\drivers\TM_CFW.sys 2009-09-13 00:22 . 2009-09-13 00:22 -------- dc----w- c:\documents and settings\Harsh\Application Data\AVG8 2009-09-12 23:57 . 2009-09-12 23:57 -------- dc----w- c:\documents and settings\Harsh\Local Settings\Application Data\FreeFixer 2009-09-12 23:57 . 2009-09-12 23:57 -------- dc----w- c:\documents and settings\Harsh\Application Data\FreeFixer 2009-09-12 23:57 . 2009-09-12 23:57 -------- dc----w- c:\program files\FreeFixer 2009-09-12 23:46 . 2009-09-13 00:33 -------- dc----w- c:\program files\Panda Security 2009-09-12 23:42 . 2009-09-14 05:08 32 -csha-w- c:\windows\system32\drivers\fidbox2.dat 2009-09-12 23:42 . 2009-09-14 05:08 32 -csha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-12 23:15 . 2009-09-13 00:37 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 23:15 . 2009-09-12 23:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-12 22:04 . 2009-09-12 22:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-09-12 21:42 . 2009-09-13 17:09 -------- dc----w- c:\program files\Common Files\ParetoLogic 2009-09-12 21:42 . 2009-09-13 17:09 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-09-12 21:42 . 2009-09-12 21:42 -------- dc----w- c:\documents and settings\Harsh\Local Settings\Application Data\Downloaded Installations 2009-09-12 21:19 . 2009-09-12 21:19 -------- dcsh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-04 00:02 . 2009-09-15 00:57 -------- dc----w- C:\alg 2009-09-04 00:02 . 2002-04-24 13:32 26832 -c--a-w- c:\windows\system\CTL3DV2.DLL 2009-09-03 18:07 . 2009-09-03 18:07 41872 -c--a-w- c:\windows\system32\xfcodec.dll 2009-09-02 12:57 . 2009-09-13 12:48 45 -c--a-w- c:\documents and settings\Harsh\jagex_runescape_preferences2.dat 2009-09-02 03:28 . 2009-09-02 03:28 -------- dc----w- c:\windows\system32\log 2009-09-02 03:27 . 2009-09-16 23:16 -------- dc----w- c:\program files\Trend Micro 2009-09-02 00:05 . 2009-09-02 00:31 -------- dc----w- C:\vcs5BGEffects 2009-09-02 00:05 . 2009-09-02 00:35 -------- dc----w- c:\program files\AV Vcs 6.0 DIAMOND 2009-09-01 23:55 . 2009-09-01 23:55 -------- dc----w- C:\AV_LOGS 2009-09-01 23:53 . 2008-12-10 20:56 17792 -c--a-w- c:\windows\system32\drivers\vcsvad.sys 2009-09-01 23:53 . 2009-09-01 23:56 -------- dc----w- c:\program files\AV Vcs 7.0 GOLD 2009-09-01 23:49 . 2009-09-01 23:49 -------- dc----w- c:\documents and settings\Harsh\Application Data\Screaming Bee 2009-09-01 23:49 . 2009-09-01 23:49 -------- dc----w- c:\program files\Screaming Bee 2009-08-29 21:03 . 2009-09-03 14:47 -------- dc----w- c:\program files\TuneUpMedia 2009-08-29 21:03 . 2009-09-15 23:36 -------- dc----w- c:\documents and settings\Harsh\Application Data\TuneUpMedia 2009-08-29 21:03 . 2009-08-29 21:03 -------- dc----w- c:\documents and settings\All Users\Application Data\TuneUpMedia 2009-08-29 03:14 . 2009-08-29 03:14 -------- dc----w- C:\TempDVD 2009-08-29 03:14 . 2009-08-29 03:14 -------- dc----w- C:\dvdsanta 2009-08-28 00:26 . 2009-08-28 00:26 164056 -c--a-w- c:\windows\Crazi Video Pro Uninstaller.exe 2009-08-27 01:34 . 2009-08-27 01:34 -------- dc----w- c:\documents and settings\Harsh\Application Data\Creative 2009-08-27 01:33 . 2009-08-27 01:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Creative 2009-08-27 01:33 . 2009-08-27 01:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2} 2009-08-27 01:33 . 2009-08-27 01:33 -------- dc----w- c:\program files\Creative 2009-08-27 01:33 . 2009-08-27 01:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{56E59A1F-0DC5-4811-98E4-BA033E048C84} 2009-08-23 14:58 . 2009-08-23 14:58 -------- dc----w- c:\program files\NVIDIA Corporation 2009-08-23 14:58 . 2009-08-23 14:58 -------- dc----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-08-23 14:57 . 2009-08-23 14:57 -------- dc----w- C:\NVIDIA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-18 17:18 . 2008-09-27 22:55 -------- dc----w- c:\program files\PeerGuardian2 2009-09-18 17:12 . 2008-09-28 03:49 -------- dc----w- c:\documents and settings\Harsh\Application Data\Azureus 2009-09-18 17:02 . 2008-09-27 22:30 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-18 03:26 . 2008-10-04 23:05 -------- dc----w- c:\documents and settings\Harsh\Application Data\Xfire 2009-09-18 03:26 . 2008-09-27 22:40 -------- dc----w- c:\documents and settings\Harsh\Application Data\mIRC 2009-09-18 02:23 . 2008-09-27 23:55 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-09-17 23:46 . 2008-09-27 22:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-17 23:25 . 2008-09-27 22:40 -------- dc----w- c:\program files\mIRC 2009-09-17 21:20 . 2008-10-04 23:05 -------- dc----w- c:\program files\Xfire 2009-09-17 19:48 . 2009-05-03 23:24 189184 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-09-17 19:08 . 2009-06-24 21:07 138064 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-16 02:32 . 2008-09-27 23:01 -------- dc----w- c:\program files\RegScrubXP 2009-09-15 23:17 . 2008-09-28 00:08 -------- dc----w- c:\documents and settings\Harsh\Application Data\LimeWire 2009-09-14 05:08 . 2009-09-12 23:42 32 -csha-w- c:\windows\system32\drivers\fidbox2.idx 2009-09-14 05:08 . 2009-09-12 23:42 32 -csha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-13 14:21 . 2008-10-07 20:30 37 -c--a-w- c:\documents and settings\Harsh\jagex_runescape_preferences.dat 2009-09-13 00:32 . 2009-01-13 02:22 -------- dc----w- c:\documents and settings\Harsh\Application Data\id Software 2009-09-13 00:31 . 2009-04-30 02:08 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-12 22:05 . 2009-01-27 02:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0 2009-09-12 22:05 . 2009-01-27 02:23 -------- dc----w- c:\program files\Lavasoft 2009-09-12 22:05 . 2008-09-27 22:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-10 15:48 . 2009-03-21 19:09 -------- dc----w- c:\program files\Microsoft Silverlight 2009-09-10 03:27 . 2009-04-25 00:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-29 21:03 . 2008-12-26 22:47 -------- dc----w- c:\program files\iTunes 2009-08-29 21:02 . 2008-09-28 03:48 -------- dc----w- c:\program files\Vuze 2009-08-29 03:14 . 2008-12-24 19:44 -------- dc----w- c:\documents and settings\Harsh\Application Data\DVD Flick 2009-08-29 03:14 . 2008-12-24 19:40 -------- dc----w- c:\program files\dvdSanta 2009-08-29 02:53 . 2008-10-09 01:50 -------- dc----w- c:\program files\DivX 2009-08-29 02:53 . 2009-07-11 04:52 -------- dc----w- c:\program files\Common Files\DivX Shared 2009-08-29 02:16 . 2009-07-14 03:40 -------- dc----w- c:\documents and settings\Harsh\Application Data\Hamachi 2009-08-28 01:35 . 2008-11-23 02:37 -------- dc----w- c:\documents and settings\Harsh\Application Data\River Past G5 2009-08-28 00:26 . 2008-11-23 02:37 -------- dc----w- c:\program files\Common Files\River Past 2009-08-28 00:26 . 2008-11-23 02:37 -------- dc----w- c:\documents and settings\All Users\Application Data\River Past G5 2009-08-28 00:26 . 2008-11-23 02:37 -------- dc----w- c:\program files\River Past 2009-08-23 14:59 . 2008-09-27 22:24 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-23 14:59 . 2008-09-27 22:24 -------- dc----w- c:\program files\AGEIA Technologies 2009-08-22 20:50 . 2008-10-19 01:22 -------- dc----w- c:\documents and settings\Harsh\Application Data\Apple Computer 2009-08-20 00:02 . 2009-02-23 00:06 56324 -c-ha-w- c:\windows\system32\mlfcache.dat 2009-08-17 07:04 . 2009-08-17 07:04 2173472 -c--a-w- c:\windows\system32\nvcplui.exe 2009-08-17 07:04 . 2009-08-17 07:04 81920 -c--a-w- c:\windows\system32\nvwddi.dll 2009-08-17 07:03 . 2009-08-17 07:03 3170304 -c--a-w- c:\windows\system32\nvwss.dll 2009-08-17 07:03 . 2009-08-17 07:03 4026368 -c--a-w- c:\windows\system32\nvvitvs.dll 2009-08-17 07:03 . 2009-08-17 07:03 188416 -c--a-w- c:\windows\system32\nvmccss.dll 2009-08-17 07:03 . 2009-08-17 07:03 1286144 -c--a-w- c:\windows\system32\nvmobls.dll 2009-08-17 07:03 . 2009-08-17 07:03 3547136 -c--a-w- c:\windows\system32\nvgames.dll 2009-08-17 07:03 . 2009-08-17 07:03 4923392 -c--a-w- c:\windows\system32\nvdisps.dll 2009-08-17 07:03 . 2009-08-17 07:03 86016 -c--a-w- c:\windows\system32\nvmctray.dll 2009-08-17 07:03 . 2009-08-17 07:03 168004 -c--a-w- c:\windows\system32\nvsvc32.exe 2009-08-17 07:03 . 2009-08-17 07:03 143360 -c--a-w- c:\windows\system32\nvcolor.exe 2009-08-17 07:03 . 2009-08-17 07:03 13877248 -c--a-w- c:\windows\system32\nvcpl.dll 2009-08-17 07:02 . 2009-08-17 07:02 229376 -c--a-w- c:\windows\system32\nvmccs.dll 2009-08-17 04:57 . 2009-08-17 04:57 2189856 -c--a-w- c:\windows\system32\nvcuvid.dll 2009-08-17 04:57 . 2009-08-17 04:57 1706528 -c--a-w- c:\windows\system32\nvcuvenc.dll 2009-08-17 04:57 . 2009-08-17 04:57 1597690 -c--a-w- c:\windows\system32\nvdata.bin 2009-08-17 04:57 . 2009-01-18 03:17 485920 -c--a-w- c:\windows\system32\nvudisp.exe 2009-08-17 04:57 . 2009-01-18 03:16 10457088 -c--a-w- c:\windows\system32\nvoglnt.dll 2009-08-17 04:57 . 2009-01-18 03:16 868352 -c--a-w- c:\windows\system32\nvapi.dll 2009-08-17 04:57 . 2009-01-18 03:16 2002944 -c--a-w- c:\windows\system32\nvcuda.dll 2009-08-17 04:57 . 2009-01-18 03:16 155648 -c--a-w- c:\windows\system32\nvcodins.dll 2009-08-17 04:57 . 2009-01-18 03:16 155648 -c--a-w- c:\windows\system32\nvcod.dll 2009-08-17 04:57 . 2008-09-17 13:55 7729568 -c--a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-17 04:57 . 2008-09-17 13:55 5845760 -c--a-w- c:\windows\system32\nv4_disp.dll 2009-08-14 17:36 . 2009-08-14 17:36 70936 -c--a-w- c:\windows\system32\PhysXLoader.dll 2009-08-13 18:34 . 2008-10-22 00:47 -------- dc----w- c:\program files\Opera 2009-08-11 21:33 . 2009-08-11 21:33 -------- dc----w- c:\program files\CrossLoop 2009-08-11 19:45 . 2009-08-11 19:45 -------- dc----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-08-11 19:45 . 2009-08-11 19:45 -------- dc----w- c:\program files\DVD Shrink 2009-08-11 16:35 . 2009-01-18 03:17 485920 -c--a-w- c:\windows\system32\NVUNINST.EXE 2009-08-10 00:30 . 2009-08-10 00:05 -------- dc----w- c:\documents and settings\Harsh\Application Data\Download Manager 2009-08-08 22:42 . 2008-09-27 22:00 -------- dc-h--w- c:\program files\InstallShield Installation Information 2009-08-08 21:27 . 2009-08-08 21:27 -------- dc----w- c:\program files\LimeWire 2009-08-05 09:11 . 2004-08-03 23:56 204800 -c--a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 21:41 . 2009-08-03 20:30 -------- dc----w- c:\documents and settings\Harsh\Application Data\mp3rocket 2009-08-03 20:31 . 2009-08-03 20:30 -------- dc----w- c:\program files\MP3 Rocket 2009-08-03 04:21 . 2009-08-03 04:21 23320 -c--a-w- c:\windows\system32\PhysXDevice.dll 2009-08-03 01:50 . 2009-08-03 01:50 -------- dc----w- c:\program files\Sorian AI Mod 2009-07-29 21:36 . 2008-09-28 14:34 -------- dc----w- c:\documents and settings\Harsh\Application Data\vlc 2009-07-29 21:21 . 2009-07-29 21:21 -------- dc----w- c:\documents and settings\Harsh\Application Data\MozillaControl 2009-07-29 21:21 . 2009-07-29 21:21 -------- dc----w- c:\program files\Mozilla ActiveX Control v1.7.12 2009-07-29 21:21 . 2009-07-29 21:20 -------- dc----w- c:\program files\Graboid 2009-07-26 22:48 . 2008-10-02 19:35 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-26 22:35 . 2008-10-19 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-26 22:33 . 2009-07-26 22:32 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-26 22:32 . 2009-07-26 22:32 -------- dc----w- c:\program files\iPod 2009-07-26 22:32 . 2008-10-19 01:21 -------- dc----w- c:\program files\Common Files\Apple 2009-07-26 22:31 . 2009-07-26 22:31 -------- dc----w- c:\program files\Bonjour 2009-07-26 22:31 . 2008-12-26 21:36 -------- dc----w- c:\program files\QuickTime 2009-07-25 12:20 . 2008-10-02 19:35 -------- dc----w- c:\program files\NOS 2009-07-22 20:00 . 2009-07-22 20:00 -------- dc----w- c:\program files\Driver Sweeper 2009-07-17 20:52 . 2008-09-27 21:08 68456 -c--a-w- c:\documents and settings\Harsh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-17 18:55 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2007-09-20 04:50 286208 -c--a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 16:16 . 2009-07-26 22:30 2060288 -c--a-w- c:\windows\system32\usbaaplrc.dll 2009-07-09 16:16 . 2008-12-26 20:50 39424 -c--a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-03 17:09 . 2007-09-20 04:59 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 18:36 . 2004-08-03 23:56 95744 -c--a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-03 23:56 661504 -c--a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-03 23:56 517120 -c--a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2004-08-03 23:56 48640 -c--a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2004-08-03 23:56 471552 -c--a-w- c:\windows\system32\mqutil.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-17_16.13.21 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-18 17:17 . 2009-09-18 17:17 16384 c:\windows\temp\Perflib_Perfdata_130.dat + 2009-09-18 17:18 . 2009-07-20 16:01 296224 c:\windows\temp\CGE222.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824] "EVEREST AutoStart"="c:\documents and settings\Harsh\Desktop\Everest-Ultimate-Edition-4.60.1601-hardal\everest.exe" [2008-12-24 2159200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.23\RivaTuner.exe" [2009-02-15 2777088] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-07-20 714024] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent "mount.exe"=c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe /z "PSwitch"=c:\docume~1\Harsh\LOCALS~1\Temp\RarSFX0\App\ProxySwitcher.exe "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CmUsbSound"=RunDll32 cmcnfgu.cpl,CMICtrlWnd "HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "nwiz"=nwiz.exe /install "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "RTHDCPL"=RTHDCPL.EXE "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Alcmtr"=ALCMTR.EXE "AlcWzrd"=ALCWZRD.EXE "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "SoundMan"=SOUNDMAN.EXE "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow "Malwarebytes Anti-Malware (reboot)"="c:\program files\MAM\mam.exe" /runcleanupscript "SpyHunter Security Suite"=c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "e:\\Games\\UnrealTournament\\System\\UnrealTournament.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\River Past\\Crazi Video\\CraziVideo.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "24537:TCP"= 24537:TCP:vuze "24537:UDP"= 24537:UDP:*:Disabled:vuze1 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/26/2009 10:26 PM 64160] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [12/7/2008 3:17 PM 15976] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/1/2008 3:13 AM 34064] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/12/2009 8:53 PM 36368] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [9/27/2008 8:35 PM 22784] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [9/12/2009 8:53 PM 335888] R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [9/1/2009 7:53 PM 17792] S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [9/28/2008 1:18 AM 26144] S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [9/12/2009 8:53 PM 225296] S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [1/31/2009 8:19 PM 37488] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 7:42 AM 64000] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 1:19 PM 23064] S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [3/25/2009 12:35 PM 25472] S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [9/12/2009 8:53 PM 488768] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [9/12/2009 8:53 PM 652552] --- Other Services/Drivers In Memory --- *NewlyCreated* - PGFILTER *Deregistered* - pgfilter [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-12 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-12-06 14:38] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Harsh\Application Data\Mozilla\Firefox\Profiles\iocfi8gf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gamespot.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\documents and settings\Harsh\Application Data\Move Networks\plugins\npqmp071504000001.dll FF - plugin: c:\documents and settings\Harsh\Application Data\Mozilla\Firefox\Profiles\iocfi8gf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\Harsh\Application Data\Mozilla\Firefox\Profiles\iocfi8gf.default\extensions\tcastv1@tom.com\plugins\nptcast40.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-18 13:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1960408961-1647877149-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:6b,15,45,50,47,ea,b4,ce,7d,5e,7e,12,06,78,44,cd,41,1b,1d,4f,f6,bc,04, e1,ce,1e,1d,79,84,0c,d7,a8,c6,38,e6,85,5d,60,fe,ad,d8,1b,f1,45,a0,08,e6,00,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-1960408961-1647877149-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:87,8d,0f,e6,99,03,5b,33,19,70,fa,de,cf,5c,7d,98,0a,f7,43,26,0f, bd,f2,27,ed,a1,ec,3c,95,3f,cf,f9,32,a5,23,3a,a9,bf,1d,4b,3b,70,d6,f1,26,85,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3084) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Creative\Shared Files\CTDevSrv.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\windows\system32\msiexec.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\program files\Razer\DeathAdder\razerofa.exe c:\program files\Trend Micro\OfficeScan Client\Misc\xpupg.exe c:\program files\Trend Micro\OfficeScan Client\PccNTUpd.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-18 13:22 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-18 17:21 ComboFix2.txt 2009-09-17 16:14 Pre-Run: 5,579,206,656 bytes free Post-Run: 5,872,115,712 bytes free 358 --- E O F --- 2009-09-10 03:29 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:24:44 PM, on 9/18/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\dkservice.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [DeathAdder] "C:\Program Files\Razer\DeathAdder\razerhid.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.23\RivaTuner.exe" /S O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe" O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Documents and Settings\Harsh\Desktop\Everest-Ultimate-Edition-4.60.1601-hardal\everest.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- End of file - 7220 bytes
  5. Hello. Thanks for responding. Just so you know, I left Combofix running at like 12pm so if you notice the time-stamp, just keep in mind that I scanned using that earlier. I just got home a little while ago and just ran Hijackthis. H.S ComboFix 09-09-16.05 - Harsh 09/17/2009 12:11.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2772 [GMT -4:00] Running from: c:\documents and settings\Harsh\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Norton AntiVirus Gaming Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {9AC2629D-D77E-4A61-9E41-C3603E4B7582} FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Harsh\Application Data\inst.exe c:\windows\Installer\16b295c.msp c:\windows\Installer\173a953.msp c:\windows\Installer\1762213.msp c:\windows\Installer\1802520.msp c:\windows\Installer\1802526.msp c:\windows\Installer\180252c.msp c:\windows\Installer\1847782.msp c:\windows\Installer\1847788.msp c:\windows\Installer\184778e.msp c:\windows\Installer\18ac6ce.msp c:\windows\Installer\18ef82b.msp c:\windows\Installer\18ef831.msp c:\windows\Installer\18ef837.msp c:\windows\Installer\196fa66.msp c:\windows\Installer\196fa6c.msp c:\windows\Installer\196fa72.msp c:\windows\Installer\19f312f.msp c:\windows\Installer\1a226e.msp c:\windows\Installer\1a2274.msp c:\windows\Installer\1a227a.msp c:\windows\Installer\1ae884f.msp c:\windows\Installer\1b1d372.msp c:\windows\Installer\1b1d378.msp c:\windows\Installer\1c6ba95.msp c:\windows\Installer\2259d53.msp c:\windows\Installer\2259d59.msp c:\windows\Installer\23ff93.msp c:\windows\Installer\23ff99.msp c:\windows\Installer\2745c88.msp c:\windows\Installer\2805b55.msp c:\windows\Installer\29d87f6.msp c:\windows\Installer\29d87fc.msp c:\windows\Installer\29d8802.msp c:\windows\Installer\2b90b6b.msp c:\windows\Installer\2c4411c.msi c:\windows\Installer\2c4411d.msp c:\windows\Installer\2c4411e.msp c:\windows\Installer\2c4411f.msp c:\windows\Installer\2c44120.msp c:\windows\Installer\2c44121.msp c:\windows\Installer\2c44122.msp c:\windows\Installer\2c44123.msp c:\windows\Installer\2c44124.msp c:\windows\Installer\2c44125.msp c:\windows\Installer\3417655.msp c:\windows\Installer\36af9e5.msi c:\windows\Installer\3758abb.msp c:\windows\Installer\533b01.msp c:\windows\Installer\6606a31.msp c:\windows\Installer\6606a37.msp c:\windows\Installer\6606a3d.msp c:\windows\Installer\6785ef1.msp c:\windows\Installer\97b373.msp c:\windows\Installer\97b379.msp c:\windows\Installer\dd1f8b.msp c:\windows\Installer\dd1f91.msp c:\windows\Installer\dd1f97.msp c:\windows\system32\Client.exe . ((((((((((((((((((((((((( Files Created from 2009-08-17 to 2009-09-17 ))))))))))))))))))))))))))))))) . 2009-09-16 22:32 . 2009-09-16 22:32 -------- dc----w- c:\program files\Enigma Software Group 2009-09-16 20:47 . 2009-09-16 20:47 -------- dc----w- c:\documents and settings\Harsh\Application Data\Malwarebytes 2009-09-16 20:45 . 2009-09-10 18:54 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-16 20:45 . 2009-09-16 20:47 -------- dc----w- c:\program files\MAM 2009-09-16 20:45 . 2009-09-10 18:53 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2009-09-13 00:56 . 2009-05-07 07:04 157712 -c--a-w- c:\windows\system32\drivers\tmcomm.sys 2009-09-13 00:54 . 2009-09-13 00:54 -------- dc----w- C:\VIRUS 2009-09-13 00:53 . 2009-07-20 16:00 72072 -c--a-w- c:\windows\system32\drivers\tmtdi.sys 2009-09-13 00:53 . 2009-07-20 16:00 335888 -c--a-w- c:\windows\system32\drivers\TM_CFW.sys 2009-09-13 00:22 . 2009-09-13 00:22 -------- dc----w- c:\documents and settings\Harsh\Application Data\AVG8 2009-09-12 23:57 . 2009-09-12 23:57 -------- dc----w- c:\documents and settings\Harsh\Local Settings\Application Data\FreeFixer 2009-09-12 23:57 . 2009-09-12 23:57 -------- dc----w- c:\documents and settings\Harsh\Application Data\FreeFixer 2009-09-12 23:57 . 2009-09-12 23:57 -------- dc----w- c:\program files\FreeFixer 2009-09-12 23:46 . 2009-09-13 00:33 -------- dc----w- c:\program files\Panda Security 2009-09-12 23:42 . 2009-09-14 05:08 32 -csha-w- c:\windows\system32\drivers\fidbox2.dat 2009-09-12 23:42 . 2009-09-14 05:08 32 -csha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-12 23:15 . 2009-09-13 00:37 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-12 23:15 . 2009-09-12 23:15 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-12 22:04 . 2009-09-12 22:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-09-12 21:42 . 2009-09-13 17:09 -------- dc----w- c:\program files\Common Files\ParetoLogic 2009-09-12 21:42 . 2009-09-13 17:09 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-09-12 21:42 . 2009-09-12 21:42 -------- dc----w- c:\documents and settings\Harsh\Local Settings\Application Data\Downloaded Installations 2009-09-12 21:19 . 2009-09-12 21:19 -------- dcsh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-04 00:02 . 2009-09-15 00:57 -------- dc----w- C:\alg 2009-09-04 00:02 . 2002-04-24 13:32 26832 -c--a-w- c:\windows\system\CTL3DV2.DLL 2009-09-03 18:07 . 2009-09-03 18:07 41872 -c--a-w- c:\windows\system32\xfcodec.dll 2009-09-02 12:57 . 2009-09-13 12:48 45 -c--a-w- c:\documents and settings\Harsh\jagex_runescape_preferences2.dat 2009-09-02 03:28 . 2009-09-02 03:28 -------- dc----w- c:\windows\system32\log 2009-09-02 03:27 . 2009-09-16 23:16 -------- dc----w- c:\program files\Trend Micro 2009-09-02 00:05 . 2009-09-02 00:31 -------- dc----w- C:\vcs5BGEffects 2009-09-02 00:05 . 2009-09-02 00:35 -------- dc----w- c:\program files\AV Vcs 6.0 DIAMOND 2009-09-01 23:55 . 2009-09-01 23:55 -------- dc----w- C:\AV_LOGS 2009-09-01 23:53 . 2008-12-10 20:56 17792 -c--a-w- c:\windows\system32\drivers\vcsvad.sys 2009-09-01 23:53 . 2009-09-01 23:56 -------- dc----w- c:\program files\AV Vcs 7.0 GOLD 2009-09-01 23:49 . 2009-09-01 23:49 -------- dc----w- c:\documents and settings\Harsh\Application Data\Screaming Bee 2009-09-01 23:49 . 2009-09-01 23:49 -------- dc----w- c:\program files\Screaming Bee 2009-08-29 21:03 . 2009-09-03 14:47 -------- dc----w- c:\program files\TuneUpMedia 2009-08-29 21:03 . 2009-09-15 23:36 -------- dc----w- c:\documents and settings\Harsh\Application Data\TuneUpMedia 2009-08-29 21:03 . 2009-08-29 21:03 -------- dc----w- c:\documents and settings\All Users\Application Data\TuneUpMedia 2009-08-29 03:14 . 2009-08-29 03:14 -------- dc----w- C:\TempDVD 2009-08-29 03:14 . 2009-08-29 03:14 -------- dc----w- C:\dvdsanta 2009-08-28 00:26 . 2009-08-28 00:26 164056 -c--a-w- c:\windows\Crazi Video Pro Uninstaller.exe 2009-08-27 01:34 . 2009-08-27 01:34 -------- dc----w- c:\documents and settings\Harsh\Application Data\Creative 2009-08-27 01:33 . 2009-08-27 01:34 -------- dc----w- c:\documents and settings\All Users\Application Data\Creative 2009-08-27 01:33 . 2009-08-27 01:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2} 2009-08-27 01:33 . 2009-08-27 01:33 -------- dc----w- c:\program files\Creative 2009-08-27 01:33 . 2009-08-27 01:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{56E59A1F-0DC5-4811-98E4-BA033E048C84} 2009-08-23 14:58 . 2009-08-23 14:58 -------- dc----w- c:\program files\NVIDIA Corporation 2009-08-23 14:58 . 2009-08-23 14:58 -------- dc----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-08-23 14:57 . 2009-08-23 14:57 -------- dc----w- C:\NVIDIA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-17 16:04 . 2008-09-27 22:55 -------- dc----w- c:\program files\PeerGuardian2 2009-09-17 03:40 . 2008-10-04 23:05 -------- dc----w- c:\documents and settings\Harsh\Application Data\Xfire 2009-09-16 18:18 . 2008-10-04 23:05 -------- dc----w- c:\program files\Xfire 2009-09-16 04:46 . 2008-09-28 03:49 -------- dc----w- c:\documents and settings\Harsh\Application Data\Azureus 2009-09-16 02:32 . 2008-09-27 23:01 -------- dc----w- c:\program files\RegScrubXP 2009-09-16 02:06 . 2009-05-03 23:24 189104 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-09-16 01:30 . 2009-06-24 21:07 139584 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-09-16 00:33 . 2008-09-27 22:40 -------- dc----w- c:\documents and settings\Harsh\Application Data\mIRC 2009-09-16 00:33 . 2008-09-27 22:40 -------- dc----w- c:\program files\mIRC 2009-09-15 23:17 . 2008-09-28 00:08 -------- dc----w- c:\documents and settings\Harsh\Application Data\LimeWire 2009-09-14 05:08 . 2009-09-12 23:42 32 -csha-w- c:\windows\system32\drivers\fidbox2.idx 2009-09-14 05:08 . 2009-09-12 23:42 32 -csha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-13 14:21 . 2008-10-07 20:30 37 -c--a-w- c:\documents and settings\Harsh\jagex_runescape_preferences.dat 2009-09-13 00:51 . 2008-09-27 22:50 -------- dc----w- c:\program files\Spybot - Search & Destroy 2009-09-13 00:51 . 2008-09-27 22:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-13 00:32 . 2009-01-13 02:22 -------- dc----w- c:\documents and settings\Harsh\Application Data\id Software 2009-09-13 00:31 . 2009-04-30 02:08 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-12 22:05 . 2009-01-27 02:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0 2009-09-12 22:05 . 2009-01-27 02:23 -------- dc----w- c:\program files\Lavasoft 2009-09-12 22:05 . 2008-09-27 22:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-09-10 15:48 . 2009-03-21 19:09 -------- dc----w- c:\program files\Microsoft Silverlight 2009-09-10 03:27 . 2009-04-25 00:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-29 21:03 . 2008-12-26 22:47 -------- dc----w- c:\program files\iTunes 2009-08-29 21:02 . 2008-09-28 03:48 -------- dc----w- c:\program files\Vuze 2009-08-29 03:14 . 2008-12-24 19:44 -------- dc----w- c:\documents and settings\Harsh\Application Data\DVD Flick 2009-08-29 03:14 . 2008-12-24 19:40 -------- dc----w- c:\program files\dvdSanta 2009-08-29 02:53 . 2008-10-09 01:50 -------- dc----w- c:\program files\DivX 2009-08-29 02:53 . 2009-07-11 04:52 -------- dc----w- c:\program files\Common Files\DivX Shared 2009-08-29 02:16 . 2009-07-14 03:40 -------- dc----w- c:\documents and settings\Harsh\Application Data\Hamachi 2009-08-28 01:35 . 2008-11-23 02:37 -------- dc----w- c:\documents and settings\Harsh\Application Data\River Past G5 2009-08-28 00:26 . 2008-11-23 02:37 -------- dc----w- c:\program files\Common Files\River Past 2009-08-28 00:26 . 2008-11-23 02:37 -------- dc----w- c:\documents and settings\All Users\Application Data\River Past G5 2009-08-28 00:26 . 2008-11-23 02:37 -------- dc----w- c:\program files\River Past 2009-08-23 14:59 . 2008-09-27 22:24 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-23 14:59 . 2008-09-27 22:24 -------- dc----w- c:\program files\AGEIA Technologies 2009-08-22 20:50 . 2008-10-19 01:22 -------- dc----w- c:\documents and settings\Harsh\Application Data\Apple Computer 2009-08-20 00:02 . 2009-02-23 00:06 56324 -c-ha-w- c:\windows\system32\mlfcache.dat 2009-08-17 07:04 . 2009-08-17 07:04 2173472 -c--a-w- c:\windows\system32\nvcplui.exe 2009-08-17 07:04 . 2009-08-17 07:04 81920 -c--a-w- c:\windows\system32\nvwddi.dll 2009-08-17 07:03 . 2009-08-17 07:03 3170304 -c--a-w- c:\windows\system32\nvwss.dll 2009-08-17 07:03 . 2009-08-17 07:03 4026368 -c--a-w- c:\windows\system32\nvvitvs.dll 2009-08-17 07:03 . 2009-08-17 07:03 188416 -c--a-w- c:\windows\system32\nvmccss.dll 2009-08-17 07:03 . 2009-08-17 07:03 1286144 -c--a-w- c:\windows\system32\nvmobls.dll 2009-08-17 07:03 . 2009-08-17 07:03 3547136 -c--a-w- c:\windows\system32\nvgames.dll 2009-08-17 07:03 . 2009-08-17 07:03 4923392 -c--a-w- c:\windows\system32\nvdisps.dll 2009-08-17 07:03 . 2009-08-17 07:03 86016 -c--a-w- c:\windows\system32\nvmctray.dll 2009-08-17 07:03 . 2009-08-17 07:03 168004 -c--a-w- c:\windows\system32\nvsvc32.exe 2009-08-17 07:03 . 2009-08-17 07:03 143360 -c--a-w- c:\windows\system32\nvcolor.exe 2009-08-17 07:03 . 2009-08-17 07:03 13877248 -c--a-w- c:\windows\system32\nvcpl.dll 2009-08-17 07:02 . 2009-08-17 07:02 229376 -c--a-w- c:\windows\system32\nvmccs.dll 2009-08-17 04:57 . 2009-08-17 04:57 2189856 -c--a-w- c:\windows\system32\nvcuvid.dll 2009-08-17 04:57 . 2009-08-17 04:57 1706528 -c--a-w- c:\windows\system32\nvcuvenc.dll 2009-08-17 04:57 . 2009-08-17 04:57 1597690 -c--a-w- c:\windows\system32\nvdata.bin 2009-08-17 04:57 . 2009-01-18 03:17 485920 -c--a-w- c:\windows\system32\nvudisp.exe 2009-08-17 04:57 . 2009-01-18 03:16 10457088 -c--a-w- c:\windows\system32\nvoglnt.dll 2009-08-17 04:57 . 2009-01-18 03:16 868352 -c--a-w- c:\windows\system32\nvapi.dll 2009-08-17 04:57 . 2009-01-18 03:16 2002944 -c--a-w- c:\windows\system32\nvcuda.dll 2009-08-17 04:57 . 2009-01-18 03:16 155648 -c--a-w- c:\windows\system32\nvcodins.dll 2009-08-17 04:57 . 2009-01-18 03:16 155648 -c--a-w- c:\windows\system32\nvcod.dll 2009-08-17 04:57 . 2008-09-17 13:55 7729568 -c--a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-17 04:57 . 2008-09-17 13:55 5845760 -c--a-w- c:\windows\system32\nv4_disp.dll 2009-08-14 17:36 . 2009-08-14 17:36 70936 -c--a-w- c:\windows\system32\PhysXLoader.dll 2009-08-13 18:34 . 2008-10-22 00:47 -------- dc----w- c:\program files\Opera 2009-08-11 21:33 . 2009-08-11 21:33 -------- dc----w- c:\program files\CrossLoop 2009-08-11 19:45 . 2009-08-11 19:45 -------- dc----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-08-11 19:45 . 2009-08-11 19:45 -------- dc----w- c:\program files\DVD Shrink 2009-08-11 16:35 . 2009-01-18 03:17 485920 -c--a-w- c:\windows\system32\NVUNINST.EXE 2009-08-10 00:30 . 2009-08-10 00:05 -------- dc----w- c:\documents and settings\Harsh\Application Data\Download Manager 2009-08-08 22:42 . 2008-09-27 22:00 -------- dc-h--w- c:\program files\InstallShield Installation Information 2009-08-08 21:27 . 2009-08-08 21:27 -------- dc----w- c:\program files\LimeWire 2009-08-05 09:11 . 2004-08-03 23:56 204800 -c--a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 21:41 . 2009-08-03 20:30 -------- dc----w- c:\documents and settings\Harsh\Application Data\mp3rocket 2009-08-03 20:31 . 2009-08-03 20:30 -------- dc----w- c:\program files\MP3 Rocket 2009-08-03 04:21 . 2009-08-03 04:21 23320 -c--a-w- c:\windows\system32\PhysXDevice.dll 2009-08-03 01:50 . 2009-08-03 01:50 -------- dc----w- c:\program files\Sorian AI Mod 2009-07-29 21:36 . 2008-09-28 14:34 -------- dc----w- c:\documents and settings\Harsh\Application Data\vlc 2009-07-29 21:21 . 2009-07-29 21:21 -------- dc----w- c:\documents and settings\Harsh\Application Data\MozillaControl 2009-07-29 21:21 . 2009-07-29 21:21 -------- dc----w- c:\program files\Mozilla ActiveX Control v1.7.12 2009-07-29 21:21 . 2009-07-29 21:20 -------- dc----w- c:\program files\Graboid 2009-07-26 22:48 . 2008-10-02 19:35 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-26 22:35 . 2008-10-19 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple 2009-07-26 22:33 . 2009-07-26 22:32 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-26 22:32 . 2009-07-26 22:32 -------- dc----w- c:\program files\iPod 2009-07-26 22:32 . 2008-10-19 01:21 -------- dc----w- c:\program files\Common Files\Apple 2009-07-26 22:31 . 2009-07-26 22:31 -------- dc----w- c:\program files\Bonjour 2009-07-26 22:31 . 2008-12-26 21:36 -------- dc----w- c:\program files\QuickTime 2009-07-25 12:20 . 2008-10-02 19:35 -------- dc----w- c:\program files\NOS 2009-07-22 20:00 . 2009-07-22 20:00 -------- dc----w- c:\program files\Driver Sweeper 2009-07-17 20:52 . 2008-09-27 21:08 68456 -c--a-w- c:\documents and settings\Harsh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-17 18:55 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2007-09-20 04:50 286208 -c--a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 16:16 . 2009-07-26 22:30 2060288 -c--a-w- c:\windows\system32\usbaaplrc.dll 2009-07-09 16:16 . 2008-12-26 20:50 39424 -c--a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-03 17:09 . 2007-09-20 04:59 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 18:36 . 2004-08-03 23:56 95744 -c--a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-03 23:56 661504 -c--a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-03 23:56 517120 -c--a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2004-08-03 23:56 48640 -c--a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2004-08-03 23:56 471552 -c--a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2004-08-03 23:56 47104 -c--a-w- c:\windows\system32\mqdscli.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\opera\program\plugins\ssldivx.dll . ------- Sigcheck ------- [-] 2009-05-29 . C86970F63DAFFB97D8221A0136DF3224 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\TCPIP.SYS [-] 2009-05-29 . C86970F63DAFFB97D8221A0136DF3224 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\drivers\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys [7] 2007-09-20 . E6B15BCC470953E600EF7ADED3CAB142 . 360704 . . [5.1.2600.3002] . . c:\windows\$NtUninstallKB951748$\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824] "EVEREST AutoStart"="c:\documents and settings\Harsh\Desktop\Everest-Ultimate-Edition-4.60.1601-hardal\everest.exe" [2008-12-24 2159200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.23\RivaTuner.exe" [2009-02-15 2777088] "Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-07-20 714024] "Malwarebytes Anti-Malware (reboot)"="c:\program files\MAM\mam.exe" [2009-09-10 1312080] "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Aim6"= "ctfmon.exe"=c:\windows\system32\ctfmon.exe "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent "mount.exe"=c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe /z "PSwitch"=c:\docume~1\Harsh\LOCALS~1\Temp\RarSFX0\App\ProxySwitcher.exe "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CmUsbSound"=RunDll32 cmcnfgu.cpl,CMICtrlWnd "HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "nwiz"=nwiz.exe /install "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "RTHDCPL"=RTHDCPL.EXE "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Alcmtr"=ALCMTR.EXE "AlcWzrd"=ALCWZRD.EXE "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "SoundMan"=SOUNDMAN.EXE "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntivirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "e:\\Games\\UnrealTournament\\System\\UnrealTournament.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\River Past\\Crazi Video\\CraziVideo.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "24537:TCP"= 24537:TCP:*:Disabled:vuze "24537:UDP"= 24537:UDP:*:Disabled:vuze1 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/26/2009 10:26 PM 64160] R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [12/7/2008 3:17 PM 15976] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/1/2008 3:13 AM 34064] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [9/12/2009 8:53 PM 36368] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [9/27/2008 8:35 PM 22784] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [9/12/2009 8:53 PM 335888] R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [9/1/2009 7:53 PM 17792] S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [9/28/2008 1:18 AM 26144] S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [9/12/2009 8:53 PM 225296] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/15/2009 5:04 PM 24652] S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [1/31/2009 8:19 PM 37488] S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 7:42 AM 64000] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 1:19 PM 23064] S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [3/25/2009 12:35 PM 25472] S3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [9/12/2009 8:53 PM 488768] S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [9/12/2009 8:53 PM 652552] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - PGFILTER *Deregistered* - MBAMSwissArmy *Deregistered* - mchInjDrv *Deregistered* - pgfilter [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-12 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2008-12-06 14:38] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Harsh\Application Data\Mozilla\Firefox\Profiles\iocfi8gf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.gamespot.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\documents and settings\Harsh\Application Data\Move Networks\plugins\npqmp071504000001.dll FF - plugin: c:\documents and settings\Harsh\Application Data\Mozilla\Firefox\Profiles\iocfi8gf.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\Harsh\Application Data\Mozilla\Firefox\Profiles\iocfi8gf.default\extensions\tcastv1@tom.com\plugins\nptcast40.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-17 12:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1960408961-1647877149-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:6b,15,45,50,47,ea,b4,ce,7d,5e,7e,12,06,78,44,cd,41,1b,1d,4f,f6,bc,04, e1,ce,1e,1d,79,84,0c,d7,a8,c6,38,e6,85,5d,60,fe,ad,d8,1b,f1,45,a0,08,e6,00,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-1960408961-1647877149-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:87,8d,0f,e6,99,03,5b,33,19,70,fa,de,cf,5c,7d,98,0a,f7,43,26,0f, bd,f2,27,ed,a1,ec,3c,95,3f,cf,f9,32,a5,23,3a,a9,bf,1d,4b,3b,70,d6,f1,26,85,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . Completion time: 2009-09-17 12:14 ComboFix-quarantined-files.txt 2009-09-17 16:14 Pre-Run: 5,861,773,312 bytes free Post-Run: 6,052,184,064 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 400 --- E O F --- 2009-09-10 03:29 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:23:16 PM, on 9/17/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\dkservice.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Documents and Settings\Harsh\Desktop\Everest-Ultimate-Edition-4.60.1601-hardal\everest.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\WINDOWS\TEMP\SZ2FA2.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Program Files\Trend Micro\OfficeScan Client\tmproxy.exe C:\WINDOWS\system32\pnkbstrb.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [DeathAdder] "C:\Program Files\Razer\DeathAdder\razerhid.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.23\RivaTuner.exe" /S O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\MAM\mam.exe" /runcleanupscript O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe" O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Documents and Settings\Harsh\Desktop\Everest-Ultimate-Edition-4.60.1601-hardal\everest.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8459 bytes
  6. Hello! I believe I have Rootkid.TDSS based on my MBAM logs (included below). I tried removing what came on MBAM the first time today (never used it before - I also changed the folder name), and it asked me to restart my computer. After it restarted, I re-scanned using MBAM. 6 of the 20 files came back again. I did not save the logs from the first scan, but it looks to me like all the other malwares/trojans were removed since they did not come back again. -HS Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:17:16 PM, on 9/16/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Program Files\Trend Micro\OfficeScan Client\tmproxy.exe C:\Program Files\MAM\mam.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\applemobiledeviceservice.exe C:\WINDOWS\TEMP\SAFCDB.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Enigma Software Group\SpyHunter\spyhunter3.exe C:\Program Files\Safari\safari.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\osk.exe C:\WINDOWS\system32\MSSWCHX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O4 - HKLM\..\Run: [DeathAdder] "C:\Program Files\Razer\DeathAdder\razerhid.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.23\RivaTuner.exe" /S O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\MAM\mam.exe" /runcleanupscript O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe" O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Documents and Settings\Harsh\Desktop\Everest-Ultimate-Edition-4.60.1601-hardal\everest.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\windows\system32\inethttpfilter.dll' missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7583 bytes Malwarebytes' Anti-Malware 1.41 Database version: 2813 Windows 5.1.2600 Service Pack 2 9/16/2009 6:27:36 PM mbam-log-2009-09-16 (18-27-34).txt Scan type: Full Scan (C:\|) Objects scanned: 170271 Time elapsed: 23 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Harsh\Local Settings\Temp\UAC3469.tmp (Rootkit.TDSS) -> No action taken. C:\Documents and Settings\Harsh\Local Settings\Temp\UAC3a16.tmp (Trojan.Downloader) -> No action taken. C:\WINDOWS\Temp\UACd65b.tmp (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\drivers\UACltltkklyxe.sys (Rootkit.TDSS) -> No action taken. C:\WINDOWS\system32\UACbwkmotfaka.dat (Rootkit.TDSS) -> No action taken. C:\WINDOWS\system32\UACturnkoehyi.dll (Rootkit.TDSS) -> No action taken. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- I just removed the first 2 files manually. I am a little bit iffy about manually removing the other 4 files since they are located in the Windows folder. The first 2 files do not show up in MBAM anymore (about to restart pc right now so will edit this post with an update right below this after restarting to see if those 2 files come back).
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.