who?? said...
I've seen the previous post about this... so i post my hjack log:
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\FlashGet\flashget.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.yahoo.com.cnR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://rogers.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://rogers.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {1BE44C1E-A6CB-4340-876B-7DAEE664CCA4} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {427690B7-CDD7-4F33-A2D3-28D5C3423578} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E1323BA-6CFC-421D-AF4D-5F766F3B56BD} - \
O2 - BHO: (no name) - {BE6C9D71-4FD7-4487-91AC-6872DECE098F} - D:\WINDOWS\system32\tapisr.dll
O2 - BHO: (no name) - {CD2DF50E-4990-4E2A-9B99-915BEAB49559} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SmartDefrag] "D:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [osCheck] "D:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Blubster] D:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [Advanced WindowsCare V2 Pro] "D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" /startup
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Manager] "D:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: QQìŲʹ¤¾ßÌõÉèÖà - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) -
http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/0679b79e8a999a143721/netzip/RdxIE601.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160345515101O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -
http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) -
http://www.tricksteronline.com/control/KALogoutComponent.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://www.popcap.com/games/popcaploader_v6.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LAN-MySQL - Unknown owner - D:\Program Files\LAN-Control\srvany.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Here is the rootlog and combofix log:
ComboFix 08-01-23.1C - User 2008-01-26 0:11:42.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.225 [GMT -5:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Program Files\Common Files\{08510~1
D:\WINDOWS\msvrc20.dll
D:\WINDOWS\system32\_000019_.tmp.dll
D:\WINDOWS\system32\drivers\pwspmpvj.dat
D:\WINDOWS\system32\svcp.csv
D:\WINDOWS\system32\tapisr.dll
D:\WINDOWS\system32\winsub.xml
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_PVJAHVFB
-------\nm
-------\pvjahvfb
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.
2008-01-25 23:59 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\Nircmd.exe
2008-01-25 23:07 . 2008-01-25 23:07 <DIR> d-------- D:\Program Files\CCleaner
2008-01-25 21:05 . 2008-01-25 21:05 <DIR> d-------- D:\Program Files\Spyware Doctor
2008-01-25 21:05 . 2007-12-10 14:53 81,288 --a------ D:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-25 21:05 . 2007-12-10 14:53 66,952 --a------ D:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-25 21:05 . 2007-12-10 14:53 41,864 --a------ D:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-25 21:05 . 2007-12-10 14:53 29,576 --a------ D:\WINDOWS\system32\drivers\kcom.sys
2008-01-23 23:15 . 2008-01-23 23:15 <DIR> d--h----- D:\Program Files\dat
2008-01-23 17:33 . 2008-01-23 17:33 <DIR> d-------- D:\Program Files\LimeWire
2008-01-20 16:16 . 2008-01-20 16:16 <DIR> d-------- D:\Program Files\QuickTime
2008-01-14 17:08 . 2008-01-14 17:08 <DIR> d--h----- D:\Program Files\tifa
2008-01-14 15:42 . 2008-01-14 15:42 <DIR> d--h----- D:\Program Files\grope
2008-01-13 12:50 . 2008-01-13 12:50 <DIR> d--h----- D:\Program Files\Tifa Tan
2008-01-13 00:04 . 2008-01-13 00:04 <DIR> d--h----- D:\Program Files\bleach
2008-01-02 12:17 . 2008-01-02 12:17 <DIR> d--h----- D:\Program Files\WOW
2007-12-31 11:57 . 2007-12-31 11:57 <DIR> d-------- D:\Program Files\FlashGet
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 15:38 --------- d-----w D:\Program Files\Common Files\Blizzard Entertainment
2007-12-08 15:33 805 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-08 15:33 60,800 ----a-w D:\WINDOWS\system32\S32EVNT1.DLL
2007-12-08 15:33 123,952 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-08 15:33 10,740 ----a-w D:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-01 04:57 43,696 ----a-w D:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w D:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w D:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w D:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w D:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w D:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w D:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w D:\WINDOWS\system32\drivers\srtsp.inf
2007-11-07 09:26 721,920 ----a-w D:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w D:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-02 05:52 2,644,480 ----a-w D:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-11-02 04:57 9,314,304 ----a-w D:\WINDOWS\system32\atioglx2.dll
2007-11-02 04:24 176,128 ----a-w D:\WINDOWS\system32\atiok3x2.dll
2007-11-02 04:10 364,544 ----a-w D:\WINDOWS\system32\ATIDEMGX.dll
2007-11-02 04:09 268,288 ----a-w D:\WINDOWS\system32\ati2dvag.dll
2007-11-02 04:01 26,112 ----a-w D:\WINDOWS\system32\Ati2mdxx.exe
2007-11-02 04:01 143,360 ----a-w D:\WINDOWS\system32\atipdlxx.dll
2007-11-02 04:01 122,880 ----a-w D:\WINDOWS\system32\Oemdspif.dll
2007-11-02 04:00 43,520 ----a-w D:\WINDOWS\system32\ati2edxx.dll
2007-11-02 04:00 122,880 ----a-w D:\WINDOWS\system32\ati2evxx.dll
2007-11-02 03:59 495,616 ----a-w D:\WINDOWS\system32\ati2evxx.exe
2007-11-02 03:58 53,248 ----a-w D:\WINDOWS\system32\ATIDDC.DLL
2007-11-02 03:50 3,133,728 ----a-w D:\WINDOWS\system32\ati3duag.dll
2007-11-02 03:39 1,602,176 ----a-w D:\WINDOWS\system32\ativvaxx.dll
2007-11-02 03:35 307,200 ----a-w D:\WINDOWS\system32\atiiiexx.dll
2007-11-02 03:26 5,435,392 ----a-w D:\WINDOWS\system32\atioglxx.dll
2007-11-02 03:24 376,832 ----a-w D:\WINDOWS\system32\atikvmag.dll
2007-11-02 03:22 17,408 ----a-w D:\WINDOWS\system32\atitvo32.dll
2007-11-02 03:16 499,712 ----a-w D:\WINDOWS\system32\ati2cqag.dll
2007-11-02 02:05 593,920 ------w D:\WINDOWS\system32\ati2sgag.exe
2007-10-31 00:55 625,032 ----a-w D:\WINDOWS\system32\SymNeti.dll
2007-10-31 00:55 242,056 ----a-w D:\WINDOWS\system32\SymRedir.dll
2007-10-30 23:42 3,590,656 ----a-w D:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w D:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w D:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w D:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w D:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w D:\WINDOWS\system32\dllcache\shell32.dll
2007-07-17 15:38 627 ----a-w D:\Program Files\INSTALL.LOG
2006-11-13 22:07 797,048 --sh--w D:\WINDOWS\Web\rsvnwi.bak2
2006-11-10 22:56 877,525 --sh--w D:\WINDOWS\Web\rsvnwi.bak1
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E1323BA-6CFC-421D-AF4D-5F766F3B56BD}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Update Manager"="D:\Program Files\Rogers\Update Manager\UpdateManager.exe" [ ]
"msnmsgr"="D:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"SmartDefrag"="D:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2007-07-27 21:39 3647656]
"osCheck"="D:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 17:22 26248]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 23:04 84640]
"Blubster"="D:\Program Files\Blubster\Blubster.exe" [2007-04-13 10:35 5980160]
"Advanced WindowsCare V2 Pro"="D:\Program Files\IObit\Advanced WindowsCare V2 Pro\Awc.exe" [2006-12-24 12:55 2553344]
"Flashget"="D:\Program Files\FlashGet\flashget.exe" [2007-06-29 06:44 1990704]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2008-01-20 16:16 385024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
R3 SiS7012;Service for AC'97 Sample Driver (WDM);D:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 09:56]
S2 LAN-MySQL;LAN-MySQL;D:\Program Files\LAN-Control\srvany.exe []
S3 dump_wmimmc;dump_wmimmc;D:\WINDOWS\system32\drivers\dump_wmimmc.sys [2007-05-09 16:50]
S3 npkycryp;npkycryp;D:\Program Files\Gravity\RO\npkycryp.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-01-19 01:08:36 D:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - User.job"
- D:\PROGRA~1\NORTON~1\Navw32.exe
"2008-01-26 05:21:48 D:\WINDOWS\Tasks\SmartDefrag.job"
- D:\Program Files\IObit\IObit SmartDefrag\schedule.exeA
"2008-01-24 01:00:22 D:\WINDOWS\Tasks\AwcProUpdate.job"
- D:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- D:\Program Files\IObit\Advanced WindowsCare V2 Pro\
"2008-01-24 21:30:12 D:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job"
- D:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-26 00:21:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-26 0:25:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-26 05:25:34
.
2008-01-08 22:03:19 --- E O F ---
|