Help - Search - Members - Calendar
Full Version: Help! My computer is working very slow
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
sasa
Dec 27 2007, 07:16 PM
Please, if you could help me with fixing my computer. Thank you in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:54, on 27.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Voljatel telekomunikacije, d.d.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: - {613F4DC7-AF5B-41E9-A0A2-F4AFC87085A4} - C:\WINDOWS\lbbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brrotate.dll" DllVerify
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Burn Dvd Mail More] C:\Documents and Settings\All Users\Application Data\Part title burn dvd\Bash Inter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinZix Service] C:\Program Files\WinZix\wakeservice.exe
O4 - HKCU\..\Run: [AmokBleh] C:\DOCUME~1\Sasa\APPLIC~1\DEFYAC~1\Send Build Obj.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sprejmi z &BitSpiritom - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sasa\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.voljatel.si
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aprillchy.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://aprillchy.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/er...easeInstall.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F039E306-DD15-4B58-B2BF-0FD4244F9903}: NameServer = 212.18.32.10,212.18.32.12
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 13670 bytes
HJThis
Dec 27 2007, 10:13 PM
Hello.sasa & Welcome

Updating Java and Clearing Cache

1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
2. It will say "Java Plug-in" under the icon.
Please find the update button or tab in the Java Control Panel. Update your Java then reboot.

3. If you are unable to update you can manually update by going here:
http://www.java.com/en/download/manual.jsp
4. After the reboot, go back into the Control Panel and double-click the Java Icon.
5. Under Temporary Internet Files, click the Delete Files button.
6. There are three options in the window to clear the cache - Leave ALL 3 Checked
Downloaded Applets
Downloaded Applications
Other Files
7. Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
8. Click OK to leave the Java Control Panel.

============================

Next

Download ComboFix from Here or Here to your Desktop.

Don't run just Yet!

===========================

NOTE: This next step I'm going to have you do. Is to be done only after you download the tool, above not before.

NORTON ANTIVIRUS
Please navigate to the system tray on the bottom right hand corner and look for a sign.

* right-click it -> chose "Disable Auto-Protect."
* select a duration of 5 hours (this assures no interference with the cleanup of your pc)
* click "Ok."
* a popup will warn that protection will now be disabled and the sign will now look like this:

You succesfully disabled the Norton Antivirus Guard.

NOTE: Again this is to be done only after downloading the tool, above not before.

===========================

Now run

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

==========================

After running ComboFix not before. Turn on the Anti-Virus scanner back on. I may ask that you disable it once more.


Gogo wink.gif
sasa
Jan 6 2008, 01:47 PM
Thanks. I did what you wrote and now I ask for further instructions smile.gif

COMBOFIX

ComboFix 08-01-04.1 - Sasa 2008-01-06 12:57:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.178 [GMT 1:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\#SharedObjects\P98RPD8F\www.broadcaster.com
C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\tool.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 12:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 12:52 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-06 10:55 . 2008-01-06 10:55 <DIR> d-------- C:\Novi_KS
2007-12-27 19:07 . 2007-12-27 19:22 <DIR> d-------- C:\hijackthis
2007-12-26 11:08 . 2007-12-26 11:08 <DIR> d-------- C:\Program Files\Veoh Networks
2007-12-21 18:51 . 2007-12-21 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Part title burn dvd
2007-12-21 18:50 . 2007-12-21 18:50 <DIR> d-------- C:\Program Files\DefyActiveTwo
2007-12-21 18:49 . 2007-12-21 18:49 <DIR> d-------- C:\Program Files\Circle Developement
2007-12-19 18:13 . 2008-01-02 18:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-19 18:13 . 2007-12-19 18:13 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-08 23:42 . 2007-12-09 15:47 <DIR> d-------- C:\Program Files\Power Audio Recoder
2007-12-08 22:56 . 2007-12-08 22:56 32,768 --a------ C:\ApRec.wav
2007-12-08 22:17 . 2007-12-08 22:46 <DIR> d-------- C:\Program Files\ezt
2007-12-08 21:55 . 2007-12-08 21:55 <DIR> d-------- C:\Program Files\KaraFun
2007-12-08 21:55 . 2007-12-08 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Recisio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 11:52 --------- d-----w C:\Program Files\Java
2008-01-05 21:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-05 17:12 --------- d-----w C:\Documents and Settings\Sasa\Application Data\MegauploadToolbar
2008-01-03 19:56 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-02 18:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-02 18:01 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-02 18:01 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-02 18:01 --------- d-----w C:\Program Files\Symantec
2008-01-02 12:17 --------- d-----w C:\Program Files\Google
2008-01-01 17:35 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Roxio
2007-12-22 18:36 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Canon
2007-12-21 22:19 --------- d-----w C:\Program Files\Zoom Player
2007-12-21 17:51 --------- d-----w C:\Documents and Settings\Sasa\Application Data\DefyActiveTwo
2007-12-21 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DentCashMpegAxis
2007-12-21 17:49 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 17:49 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-08 21:41 --------- d-----w C:\Program Files\ImTOO
2007-12-08 18:26 --------- d-----w C:\Program Files\MegauploadToolbar
2007-11-29 19:44 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-11-29 19:43 25,600 ----a-w C:\Documents and Settings\Sasa\usbsermptxp.sys
2007-11-29 19:43 22,768 ----a-w C:\Documents and Settings\Sasa\usbsermpt.sys
2007-11-25 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-25 12:32 --------- d-----w C:\Program Files\Avanquest update
2007-11-25 12:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 12:27 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-11-21 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-18 19:37 --------- d-----w C:\Documents and Settings\Sasa\Application Data\dvdcss
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 17:47 --------- d-----w C:\Program Files\Microsoft Games
2007-10-27 10:43 58,616 ----a-w C:\Documents and Settings\Sasa\Application Data\GDIPFONTCACHEV1.DAT
2006-11-30 20:52 49 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb41.dat
2006-11-30 20:52 337 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb1942.dat
2006-11-26 14:49 20,480 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb4827.dat
2006-11-16 07:07 0 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb5436.dat
2006-11-11 12:31 9,216 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb8467.dat
2006-11-11 12:31 0 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb6334.dat
2004-07-07 17:29 57,344 --sha-w C:\WINDOWS\lbbho.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613F4DC7-AF5B-41E9-A0A2-F4AFC87085A4}]
2004-07-07 18:29 57344 --ahs---- C:\WINDOWS\lbbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-09 13:51 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"WinZix Service"="C:\Program Files\WinZix\wakeservice.exe" [ ]
"AmokBleh"="C:\DOCUME~1\Sasa\APPLIC~1\DEFYAC~1\Send Build Obj.exe" [2007-12-21 18:50 462336]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-19 16:31 3477504]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 13:17 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19 52840]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 15:50 4112384]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-20 11:22 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 00:07 593920]
"Burn Dvd Mail More"="C:\Documents and Settings\All Users\Application Data\Part title burn dvd\Bash Inter.exe" [2008-01-06 13:53 510976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56 15360]

C:\Documents and Settings\Sasa\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-07-10 10:46:29]
PowerReg Scheduler.exe [2007-04-11 16:12:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nvdesk32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-02 23:29]
S2 VCapture;DC3410 Video Camera Device;C:\WINDOWS\system32\Drivers\VCapture.sys [2002-10-20 12:37]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys []
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 11:09]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 18:16]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 19:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 19:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 19:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 19:06]
S3 USBCamera;DC3410 Still Camera Device;C:\WINDOWS\system32\Drivers\CamBulk.sys [2002-12-03 15:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-06 12:00:01 C:\WINDOWS\Tasks\A49F737E9184EABA.job"
- c:\docume~1\sasa\applic~1\defyac~1\iso date ace.exe
"2007-11-24 15:11:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-20 00:43:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-21 20:50:43 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Sasa.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2008-01-06 12:59:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2007-11-20 08:00:00 C:\WINDOWS\Tasks\{6F3B8804-802F-4D78-9F2B-76452FA34126}_SASAXP_Sasa.job"
- C:\WINDOWS\system32\mobsync.exe@ /Schedule=
"2008-01-02 15:00:04 C:\WINDOWS\Tasks\{7FD0EC8B-1DE5-41FC-A7DF-D6904DCD9915}_SASAXP_Sasa.job"
- C:\WINDOWS\system32\mobsync.exe@ /Schedule=
"2007-07-13 14:00:00 C:\WINDOWS\Tasks\{A9F6A7F8-E2FA-44B1-B5F8-BFC45DC55A2D}_SASAXP_Sasa.job"
- C:\WINDOWS\system32\mobsync.exe@ /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 13:54:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 13:59:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 12:59:18
.
2007-12-21 17:59:22 --- E O F ---

HIJACKTHIS

ComboFix 08-01-04.1 - Sasa 2008-01-06 12:57:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.178 [GMT 1:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\#SharedObjects\P98RPD8F\www.broadcaster.com
C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\tool.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 12:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 12:52 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-06 10:55 . 2008-01-06 10:55 <DIR> d-------- C:\Novi_KS
2007-12-27 19:07 . 2007-12-27 19:22 <DIR> d-------- C:\hijackthis
2007-12-26 11:08 . 2007-12-26 11:08 <DIR> d-------- C:\Program Files\Veoh Networks
2007-12-21 18:51 . 2007-12-21 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Part title burn dvd
2007-12-21 18:50 . 2007-12-21 18:50 <DIR> d-------- C:\Program Files\DefyActiveTwo
2007-12-21 18:49 . 2007-12-21 18:49 <DIR> d-------- C:\Program Files\Circle Developement
2007-12-19 18:13 . 2008-01-02 18:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-19 18:13 . 2007-12-19 18:13 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-08 23:42 . 2007-12-09 15:47 <DIR> d-------- C:\Program Files\Power Audio Recoder
2007-12-08 22:56 . 2007-12-08 22:56 32,768 --a------ C:\ApRec.wav
2007-12-08 22:17 . 2007-12-08 22:46 <DIR> d-------- C:\Program Files\ezt
2007-12-08 21:55 . 2007-12-08 21:55 <DIR> d-------- C:\Program Files\KaraFun
2007-12-08 21:55 . 2007-12-08 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Recisio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 11:52 --------- d-----w C:\Program Files\Java
2008-01-05 21:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-05 17:12 --------- d-----w C:\Documents and Settings\Sasa\Application Data\MegauploadToolbar
2008-01-03 19:56 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-02 18:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-02 18:01 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-02 18:01 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-02 18:01 --------- d-----w C:\Program Files\Symantec
2008-01-02 12:17 --------- d-----w C:\Program Files\Google
2008-01-01 17:35 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Roxio
2007-12-22 18:36 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Canon
2007-12-21 22:19 --------- d-----w C:\Program Files\Zoom Player
2007-12-21 17:51 --------- d-----w C:\Documents and Settings\Sasa\Application Data\DefyActiveTwo
2007-12-21 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DentCashMpegAxis
2007-12-21 17:49 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 17:49 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-08 21:41 --------- d-----w C:\Program Files\ImTOO
2007-12-08 18:26 --------- d-----w C:\Program Files\MegauploadToolbar
2007-11-29 19:44 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-11-29 19:43 25,600 ----a-w C:\Documents and Settings\Sasa\usbsermptxp.sys
2007-11-29 19:43 22,768 ----a-w C:\Documents and Settings\Sasa\usbsermpt.sys
2007-11-25 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-25 12:32 --------- d-----w C:\Program Files\Avanquest update
2007-11-25 12:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 12:27 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-11-21 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-18 19:37 --------- d-----w C:\Documents and Settings\Sasa\Application Data\dvdcss
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 17:47 --------- d-----w C:\Program Files\Microsoft Games
2007-10-27 10:43 58,616 ----a-w C:\Documents and Settings\Sasa\Application Data\GDIPFONTCACHEV1.DAT
2006-11-30 20:52 49 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb41.dat
2006-11-30 20:52 337 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb1942.dat
2006-11-26 14:49 20,480 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb4827.dat
2006-11-16 07:07 0 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb5436.dat
2006-11-11 12:31 9,216 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb8467.dat
2006-11-11 12:31 0 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb6334.dat
2004-07-07 17:29 57,344 --sha-w C:\WINDOWS\lbbho.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613F4DC7-AF5B-41E9-A0A2-F4AFC87085A4}]
2004-07-07 18:29 57344 --ahs---- C:\WINDOWS\lbbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-09 13:51 190024]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"WinZix Service"="C:\Program Files\WinZix\wakeservice.exe" [ ]
"AmokBleh"="C:\DOCUME~1\Sasa\APPLIC~1\DEFYAC~1\Send Build Obj.exe" [2007-12-21 18:50 462336]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-19 16:31 3477504]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 13:17 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19 52840]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 15:50 4112384]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-20 11:22 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 00:07 593920]
"Burn Dvd Mail More"="C:\Documents and Settings\All Users\Application Data\Part title burn dvd\Bash Inter.exe" [2008-01-06 13:53 510976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56 15360]

C:\Documents and Settings\Sasa\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-07-10 10:46:29]
PowerReg Scheduler.exe [2007-04-11 16:12:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=nvdesk32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-02 23:29]
S2 VCapture;DC3410 Video Camera Device;C:\WINDOWS\system32\Drivers\VCapture.sys [2002-10-20 12:37]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys []
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 11:09]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 18:16]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 19:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 19:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 19:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 19:06]
S3 USBCamera;DC3410 Still Camera Device;C:\WINDOWS\system32\Drivers\CamBulk.sys [2002-12-03 15:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-06 12:00:01 C:\WINDOWS\Tasks\A49F737E9184EABA.job"
- c:\docume~1\sasa\applic~1\defyac~1\iso date ace.exe
"2007-11-24 15:11:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-20 00:43:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-21 20:50:43 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Sasa.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2008-01-06 12:59:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2007-11-20 08:00:00 C:\WINDOWS\Tasks\{6F3B8804-802F-4D78-9F2B-76452FA34126}_SASAXP_Sasa.job"
- C:\WINDOWS\system32\mobsync.exe@ /Schedule=
"2008-01-02 15:00:04 C:\WINDOWS\Tasks\{7FD0EC8B-1DE5-41FC-A7DF-D6904DCD9915}_SASAXP_Sasa.job"
- C:\WINDOWS\system32\mobsync.exe@ /Schedule=
"2007-07-13 14:00:00 C:\WINDOWS\Tasks\{A9F6A7F8-E2FA-44B1-B5F8-BFC45DC55A2D}_SASAXP_Sasa.job"
- C:\WINDOWS\system32\mobsync.exe@ /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 13:54:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 13:59:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 12:59:18
.
2007-12-21 17:59:22 --- E O F ---

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.