Sign in to follow this  
sasa

Help! My computer is working very slow

Recommended Posts

Please, if you could help me with fixing my computer. Thank you in advance.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:07:54, on 27.12.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Voljatel telekomunikacije, d.d.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: - {613F4DC7-AF5B-41E9-A0A2-F4AFC87085A4} - C:\WINDOWS\lbbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: (no name) - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brrotate.dll" DllVerify

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [burn Dvd Mail More] C:\Documents and Settings\All Users\Application Data\Part title burn dvd\Bash Inter.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WinZix Service] C:\Program Files\WinZix\wakeservice.exe

O4 - HKCU\..\Run: [AmokBleh] C:\DOCUME~1\Sasa\APPLIC~1\DEFYAC~1\Send Build Obj.exe

O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: PowerReg Scheduler.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sprejmi z &BitSpiritom - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sasa\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.voljatel.si

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://aprillchy.spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://aprillchy.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/er...easeInstall.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F039E306-DD15-4B58-B2BF-0FD4244F9903}: NameServer = 212.18.32.10,212.18.32.12

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (file missing)

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 13670 bytes

Share this post


Link to post
Share on other sites

Hello.sasa & Welcome

 

Updating Java and Clearing Cache

 

1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.

2. It will say "Java Plug-in" under the icon.

Please find the update button or tab in the Java Control Panel. Update your Java then reboot.

 

3. If you are unable to update you can manually update by going here:

http://www.java.com/en/download/manual.jsp

4. After the reboot, go back into the Control Panel and double-click the Java Icon.

5. Under Temporary Internet Files, click the Delete Files button.

6. There are three options in the window to clear the cache - Leave ALL 3 Checked

Downloaded Applets

Downloaded Applications

Other Files

7. Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

8. Click OK to leave the Java Control Panel.

 

============================

 

Next

 

Download ComboFix from Here or Here to your Desktop.

 

Don't run just Yet!

 

===========================

 

NOTE: This next step I'm going to have you do. Is to be done only after you download the tool, above not before.

 

NORTON ANTIVIRUS

Please navigate to the system tray on the bottom right hand corner and look for a sign.

 

* right-click it -> chose "Disable Auto-Protect."

* select a duration of 5 hours (this assures no interference with the cleanup of your pc)

* click "Ok."

* a popup will warn that protection will now be disabled and the sign will now look like this:

 

You succesfully disabled the Norton Antivirus Guard.

 

NOTE: Again this is to be done only after downloading the tool, above not before.

 

===========================

 

Now run

 

[*]Double click combofix.exe and follow the prompts.

[*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply

 

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

==========================

 

After running ComboFix not before. Turn on the Anti-Virus scanner back on. I may ask that you disable it once more.

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

Thanks. I did what you wrote and now I ask for further instructions ;)

 

COMBOFIX

 

ComboFix 08-01-04.1 - Sasa 2008-01-06 12:57:08.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.178 [GMT 1:00]

Running from: C:\Downloads\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\#SharedObjects\P98RPD8F\www.broadcaster.com

C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico

C:\tool.exe

 

.

((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))

.

 

2008-01-06 12:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-06 12:52 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-06 10:55 . 2008-01-06 10:55 <DIR> d-------- C:\Novi_KS

2007-12-27 19:07 . 2007-12-27 19:22 <DIR> d-------- C:\hijackthis

2007-12-26 11:08 . 2007-12-26 11:08 <DIR> d-------- C:\Program Files\Veoh Networks

2007-12-21 18:51 . 2007-12-21 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Part title burn dvd

2007-12-21 18:50 . 2007-12-21 18:50 <DIR> d-------- C:\Program Files\DefyActiveTwo

2007-12-21 18:49 . 2007-12-21 18:49 <DIR> d-------- C:\Program Files\Circle Developement

2007-12-19 18:13 . 2008-01-02 18:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-19 18:13 . 2007-12-19 18:13 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-08 23:42 . 2007-12-09 15:47 <DIR> d-------- C:\Program Files\Power Audio Recoder

2007-12-08 22:56 . 2007-12-08 22:56 32,768 --a------ C:\ApRec.wav

2007-12-08 22:17 . 2007-12-08 22:46 <DIR> d-------- C:\Program Files\ezt

2007-12-08 21:55 . 2007-12-08 21:55 <DIR> d-------- C:\Program Files\KaraFun

2007-12-08 21:55 . 2007-12-08 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Recisio

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-06 11:52 --------- d-----w C:\Program Files\Java

2008-01-05 21:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-05 17:12 --------- d-----w C:\Documents and Settings\Sasa\Application Data\MegauploadToolbar

2008-01-03 19:56 --------- d-----w C:\Program Files\Norton AntiVirus

2008-01-02 18:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-01-02 18:01 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-02 18:01 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-01-02 18:01 --------- d-----w C:\Program Files\Symantec

2008-01-02 12:17 --------- d-----w C:\Program Files\Google

2008-01-01 17:35 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Roxio

2007-12-22 18:36 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Canon

2007-12-21 22:19 --------- d-----w C:\Program Files\Zoom Player

2007-12-21 17:51 --------- d-----w C:\Documents and Settings\Sasa\Application Data\DefyActiveTwo

2007-12-21 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DentCashMpegAxis

2007-12-21 17:49 --------- d-----w C:\Program Files\MSN Messenger

2007-12-21 17:49 --------- d-----w C:\Program Files\Messenger Plus! Live

2007-12-08 21:41 --------- d-----w C:\Program Files\ImTOO

2007-12-08 18:26 --------- d-----w C:\Program Files\MegauploadToolbar

2007-11-29 19:44 --------- d-----w C:\Program Files\Motorola Phone Tools

2007-11-29 19:43 25,600 ----a-w C:\Documents and Settings\Sasa\usbsermptxp.sys

2007-11-29 19:43 22,768 ----a-w C:\Documents and Settings\Sasa\usbsermpt.sys

2007-11-25 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software

2007-11-25 12:32 --------- d-----w C:\Program Files\Avanquest update

2007-11-25 12:30 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-25 12:27 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys

2007-11-21 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2007-11-18 19:37 --------- d-----w C:\Documents and Settings\Sasa\Application Data\dvdcss

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-10 17:47 --------- d-----w C:\Program Files\Microsoft Games

2007-10-27 10:43 58,616 ----a-w C:\Documents and Settings\Sasa\Application Data\GDIPFONTCACHEV1.DAT

2006-11-30 20:52 49 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb41.dat

2006-11-30 20:52 337 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb1942.dat

2006-11-26 14:49 20,480 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb4827.dat

2006-11-16 07:07 0 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb5436.dat

2006-11-11 12:31 9,216 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb8467.dat

2006-11-11 12:31 0 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb6334.dat

2004-07-07 17:29 57,344 --sha-w C:\WINDOWS\lbbho.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613F4DC7-AF5B-41E9-A0A2-F4AFC87085A4}]

2004-07-07 18:29 57344 --ahs---- C:\WINDOWS\lbbho.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-09 13:51 190024]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39 1289000]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

"WinZix Service"="C:\Program Files\WinZix\wakeservice.exe" [ ]

"AmokBleh"="C:\DOCUME~1\Sasa\APPLIC~1\DEFYAC~1\Send Build Obj.exe" [2007-12-21 18:50 462336]

"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-19 16:31 3477504]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 13:17 171448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19 52840]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 15:50 4112384]

"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-20 11:22 180269]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 00:07 593920]

"Burn Dvd Mail More"="C:\Documents and Settings\All Users\Application Data\Part title burn dvd\Bash Inter.exe" [2008-01-06 13:53 510976]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56 15360]

 

C:\Documents and Settings\Sasa\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-07-10 10:46:29]

PowerReg Scheduler.exe [2007-04-11 16:12:53]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=nvdesk32.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli scecli

 

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-02 23:29]

S2 VCapture;DC3410 Video Camera Device;C:\WINDOWS\system32\Drivers\VCapture.sys [2002-10-20 12:37]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys []

S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 11:09]

S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 18:16]

S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]

S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]

S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]

S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 19:08]

S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 19:06]

S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 19:09]

S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 19:06]

S3 USBCamera;DC3410 Still Camera Device;C:\WINDOWS\system32\Drivers\CamBulk.sys [2002-12-03 15:38]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-06 12:00:01 C:\WINDOWS\Tasks\A49F737E9184EABA.job"

- c:\docume~1\sasa\applic~1\defyac~1\iso date ace.exe

"2007-11-24 15:11:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-11-20 00:43:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

"2007-12-21 20:50:43 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Sasa.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:

"2008-01-06 12:59:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDetect.exe

"2007-11-20 08:00:00 C:\WINDOWS\Tasks\{6F3B8804-802F-4D78-9F2B-76452FA34126}_SASAXP_Sasa.job"

- C:\WINDOWS\system32\[email protected] /Schedule=

"2008-01-02 15:00:04 C:\WINDOWS\Tasks\{7FD0EC8B-1DE5-41FC-A7DF-D6904DCD9915}_SASAXP_Sasa.job"

- C:\WINDOWS\system32\[email protected] /Schedule=

"2007-07-13 14:00:00 C:\WINDOWS\Tasks\{A9F6A7F8-E2FA-44B1-B5F8-BFC45DC55A2D}_SASAXP_Sasa.job"

- C:\WINDOWS\system32\[email protected] /Schedule=

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-06 13:54:13

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-06 13:59:21 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-06 12:59:18

.

2007-12-21 17:59:22 --- E O F ---

 

HIJACKTHIS

 

ComboFix 08-01-04.1 - Sasa 2008-01-06 12:57:08.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.178 [GMT 1:00]

Running from: C:\Downloads\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\#SharedObjects\P98RPD8F\www.broadcaster.com

C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\Documents and Settings\Sasa\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico

C:\tool.exe

 

.

((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))

.

 

2008-01-06 12:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-06 12:52 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-06 10:55 . 2008-01-06 10:55 <DIR> d-------- C:\Novi_KS

2007-12-27 19:07 . 2007-12-27 19:22 <DIR> d-------- C:\hijackthis

2007-12-26 11:08 . 2007-12-26 11:08 <DIR> d-------- C:\Program Files\Veoh Networks

2007-12-21 18:51 . 2007-12-21 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Part title burn dvd

2007-12-21 18:50 . 2007-12-21 18:50 <DIR> d-------- C:\Program Files\DefyActiveTwo

2007-12-21 18:49 . 2007-12-21 18:49 <DIR> d-------- C:\Program Files\Circle Developement

2007-12-19 18:13 . 2008-01-02 18:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-19 18:13 . 2007-12-19 18:13 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-08 23:42 . 2007-12-09 15:47 <DIR> d-------- C:\Program Files\Power Audio Recoder

2007-12-08 22:56 . 2007-12-08 22:56 32,768 --a------ C:\ApRec.wav

2007-12-08 22:17 . 2007-12-08 22:46 <DIR> d-------- C:\Program Files\ezt

2007-12-08 21:55 . 2007-12-08 21:55 <DIR> d-------- C:\Program Files\KaraFun

2007-12-08 21:55 . 2007-12-08 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Recisio

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-06 11:52 --------- d-----w C:\Program Files\Java

2008-01-05 21:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-05 17:12 --------- d-----w C:\Documents and Settings\Sasa\Application Data\MegauploadToolbar

2008-01-03 19:56 --------- d-----w C:\Program Files\Norton AntiVirus

2008-01-02 18:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-01-02 18:01 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-02 18:01 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-01-02 18:01 --------- d-----w C:\Program Files\Symantec

2008-01-02 12:17 --------- d-----w C:\Program Files\Google

2008-01-01 17:35 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Roxio

2007-12-22 18:36 --------- d-----w C:\Documents and Settings\Sasa\Application Data\Canon

2007-12-21 22:19 --------- d-----w C:\Program Files\Zoom Player

2007-12-21 17:51 --------- d-----w C:\Documents and Settings\Sasa\Application Data\DefyActiveTwo

2007-12-21 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DentCashMpegAxis

2007-12-21 17:49 --------- d-----w C:\Program Files\MSN Messenger

2007-12-21 17:49 --------- d-----w C:\Program Files\Messenger Plus! Live

2007-12-08 21:41 --------- d-----w C:\Program Files\ImTOO

2007-12-08 18:26 --------- d-----w C:\Program Files\MegauploadToolbar

2007-11-29 19:44 --------- d-----w C:\Program Files\Motorola Phone Tools

2007-11-29 19:43 25,600 ----a-w C:\Documents and Settings\Sasa\usbsermptxp.sys

2007-11-29 19:43 22,768 ----a-w C:\Documents and Settings\Sasa\usbsermpt.sys

2007-11-25 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software

2007-11-25 12:32 --------- d-----w C:\Program Files\Avanquest update

2007-11-25 12:30 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-25 12:27 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys

2007-11-21 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2007-11-18 19:37 --------- d-----w C:\Documents and Settings\Sasa\Application Data\dvdcss

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-10 17:47 --------- d-----w C:\Program Files\Microsoft Games

2007-10-27 10:43 58,616 ----a-w C:\Documents and Settings\Sasa\Application Data\GDIPFONTCACHEV1.DAT

2006-11-30 20:52 49 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb41.dat

2006-11-30 20:52 337 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb1942.dat

2006-11-26 14:49 20,480 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb4827.dat

2006-11-16 07:07 0 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb5436.dat

2006-11-11 12:31 9,216 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb8467.dat

2006-11-11 12:31 0 ----a-w C:\Documents and Settings\Sasa\Application Data\internaldb6334.dat

2004-07-07 17:29 57,344 --sha-w C:\WINDOWS\lbbho.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613F4DC7-AF5B-41E9-A0A2-F4AFC87085A4}]

2004-07-07 18:29 57344 --ahs---- C:\WINDOWS\lbbho.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-09 13:51 190024]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39 1289000]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

"WinZix Service"="C:\Program Files\WinZix\wakeservice.exe" [ ]

"AmokBleh"="C:\DOCUME~1\Sasa\APPLIC~1\DEFYAC~1\Send Build Obj.exe" [2007-12-21 18:50 462336]

"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-19 16:31 3477504]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-02 13:17 171448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 21:19 52840]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 15:50 4112384]

"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-20 11:22 180269]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 00:07 593920]

"Burn Dvd Mail More"="C:\Documents and Settings\All Users\Application Data\Part title burn dvd\Bash Inter.exe" [2008-01-06 13:53 510976]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56 15360]

 

C:\Documents and Settings\Sasa\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-07-10 10:46:29]

PowerReg Scheduler.exe [2007-04-11 16:12:53]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=nvdesk32.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli scecli

 

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-02 23:29]

S2 VCapture;DC3410 Video Camera Device;C:\WINDOWS\system32\Drivers\VCapture.sys [2002-10-20 12:37]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys []

S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 11:09]

S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys [2004-05-21 18:16]

S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]

S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]

S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]

S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 19:08]

S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 19:06]

S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 19:09]

S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 19:06]

S3 USBCamera;DC3410 Still Camera Device;C:\WINDOWS\system32\Drivers\CamBulk.sys [2002-12-03 15:38]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-06 12:00:01 C:\WINDOWS\Tasks\A49F737E9184EABA.job"

- c:\docume~1\sasa\applic~1\defyac~1\iso date ace.exe

"2007-11-24 15:11:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2007-11-20 00:43:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

"2007-12-21 20:50:43 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Sasa.job"

- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:

"2008-01-06 12:59:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDetect.exe

"2007-11-20 08:00:00 C:\WINDOWS\Tasks\{6F3B8804-802F-4D78-9F2B-76452FA34126}_SASAXP_Sasa.job"

- C:\WINDOWS\system32\[email protected] /Schedule=

"2008-01-02 15:00:04 C:\WINDOWS\Tasks\{7FD0EC8B-1DE5-41FC-A7DF-D6904DCD9915}_SASAXP_Sasa.job"

- C:\WINDOWS\system32\[email protected] /Schedule=

"2007-07-13 14:00:00 C:\WINDOWS\Tasks\{A9F6A7F8-E2FA-44B1-B5F8-BFC45DC55A2D}_SASAXP_Sasa.job"

- C:\WINDOWS\system32\[email protected] /Schedule=

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-06 13:54:13

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-01-06 13:59:21 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-06 12:59:18

.

2007-12-21 17:59:22 --- E O F ---

Share this post


Link to post
Share on other sites
Sign in to follow this