Jump to content


How bad is it.

Started by boomtown, Sep 21 2007 06:52 AM

  • You cannot reply to this topic
4 replies to this topic

#1 OFFLINE   boomtown

    Member

  • Members
  • PipPip
  • 45 posts
  • Gender:Male

Posted 21 September 2007 - 06:52 AM

<_< Well rridgley, last time i talked to you it all went downhill lol, Now my IE take like 30 minutes to load this page and all that good stuff, i can bareley get online and it starts transmitting nonstop... Gonna start ya off with a HJT log, move my way to BitDefender and finish wish a clean run of AVG.

HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:21 AM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeoplePC\ISP6200\Browser\Bartshel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\PeoplePC\ISP6200\Browser\PPShared.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8081
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series (Copy 1) on Sniper-moms-pc] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P62 "Auto EPSON Stylus Photo R200 Series (Copy 1) on Sniper-moms-pc" /O25 "\\SNIPER-MOMS-PC\EPSONSty" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [\\SNIPER-MOMS-PC\EPSON Stylus Photo R200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P56 "\\SNIPER-MOMS-PC\EPSON Stylus Photo R200 Series (Copy 1)" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6200\BIN\PPCOLink.exe -STATION
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on SNIPERMO-OAMGPX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on SNIPERMO-OAMGPX" /O26 "\\SNIPERMO-OAMGPX\Printer2" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on SNIPERMOM-PC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P51 "Auto EPSON Stylus Photo R200 Series on SNIPERMOM-PC" /O45 "\\SNIPERMOM-PC\EPSON Stylus Photo R200 Series" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe -c
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Policies\Explorer\Run: [{E07A3840-08A2-1033-1207-051204050001}] "C:\Program Files\Common Files\{E07A3840-08A2-1033-1207-051204050001}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\PeoplePC Accelerated\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{93B6E9D1-1BC1-4D3E-ADEE-36735069CF1F}: NameServer = 209.244.0.3 209.244.0.4
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC42\WinVNC4.exe

--
End of file - 12603 bytes

Anthing you know i can take off, run it to me. Pnkbstera is punkbuster i know i need it. :( ahhh lovely spyware

#2 OFFLINE   AndyManchesta

    Power Member

  • Spyware Moderators
  • 1,821 posts
  • Gender:Male
  • Location:Manchester. UK
  • Interests:Music, Movies, Website Building &amp; Design, Malware Testing/Research and spending time with friends &amp; family.

Posted 21 September 2007 - 07:11 PM

Hi Boomtown,

Run HijackThis and choose Do A System Scan then place a check next to these entries

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Policies\Explorer\Run: [{E07A3840-08A2-1033-1207-051204050001}] "C:\Program Files\Common Files\{E07A3840-08A2-1033-1207-051204050001}\Update.exe" mc-110-12-0000272
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - ht*p://www.drivecleaner.com/.freeware/inst...leanerstart.cab

Close all open browser and other windows except for HijackThis and press the Fix Checked button

Optional Fix

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
WinPcap is a network monitoring tool for capturing packets sent and received from your system, its used my many genuine programs such as Nmap, Wireshark , tcpdump, Snort etc.. but since it's free and a powerful way to receive and transmit network traffic its also used by some spyware trojans and monitoring programs to capture information about what sites you visit and what data is sent and received, If you do not remember installing it then it can be uninstalled by removing WinPcap from the Add/Remove screen

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

Finally Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows [dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Please then post back the Combofix log, Kaspersky log and a new HijackThis log

Cheers

Andy

#3 OFFLINE   boomtown

    Member

  • Members
  • PipPip
  • 45 posts
  • Gender:Male

Posted 21 September 2007 - 09:42 PM

ComboFix 07-09-21.2 - "BLACKBART" 2007-09-21 16:26:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.606 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\{E07A3~1
C:\WINDOWS\system32\components
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drivers\sfsync03.sys
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\tmp35.tmp
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\LEGACY_SFSYNC03
-------\LEGACY_WINDOWS_LOG
-------\NPF
-------\sfsync02
-------\sfsync03


((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-21 16:25 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-21 01:47 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-16 15:38 70,238 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2007-09-16 15:38 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE
2007-09-16 15:11 37,887 --a------ C:\WINDOWS\system32\drivers\LHidUsb.sys
2007-09-16 15:11 14,095 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2007-09-16 15:11 12,953 --a------ C:\WINDOWS\system32\drivers\itchfltr.sys
2007-09-16 15:11 <DIR> d-------- C:\Program Files\Logitech
2007-09-16 15:11 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-09-15 17:35 <DIR> d-------- C:\DOCUME~1\BLACKB~1\APPLIC~1\Yahoo!
2007-09-15 17:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-15 12:19 <DIR> d-------- C:\Program Files\WebcamNow
2007-09-15 12:06 <DIR> d-------- C:\Program Files\WebcamNow Broadcaster 5
2007-09-12 19:58 <DIR> dr-h----- C:\DOCUME~1\BLACKB~1\APPLIC~1\SecuROM
2007-09-12 19:58 <DIR> d-------- C:\DOCUME~1\BLACKB~1\APPLIC~1\Bioshock
2007-09-12 19:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-09-12 19:57 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-09-12 19:57 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-09-12 19:57 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-09-12 19:57 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-09-12 19:57 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-09-12 19:56 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-09-12 19:56 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-09-12 19:56 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-09-12 19:56 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-09-10 00:35 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-09-10 00:33 <DIR> d-------- C:\Program Files\Grimm's Hatchery
2007-09-02 23:04 <DIR> d-------- C:\Program Files\Image-Line
2007-09-02 23:03 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-08-30 20:25 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-28 14:56 <DIR> d-------- C:\Program Files\Ventrilo
2007-08-28 10:06 <DIR> d-------- C:\DOCUME~1\BLACKB~1\APPLIC~1\Gamelab
2007-08-24 18:09 <DIR> d-------- C:\Program Files\Cinema Tycoon Gold
2007-08-24 01:55 <DIR> d-------- C:\Program Files\Yumsters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-21 14:46 --------- d-------- C:\Program Files\XBC
2007-09-21 14:32 --------- d-------- C:\Program Files\Trillian Pro
2007-09-21 00:42 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-21 00:42 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-09-19 23:28 --------- d-------- C:\DOCUME~1\BLACKB~1\APPLIC~1\uTorrent
2007-09-18 18:16 --------- d-------- C:\Program Files\Rcon Unlimited
2007-09-18 18:16 --------- d-------- C:\Program Files\Qtracker
2007-09-18 18:15 --------- d-------- C:\Program Files\No-IP
2007-09-18 18:11 --------- d-------- C:\DOCUME~1\BLACKB~1\APPLIC~1\IGN_DLM
2007-09-18 18:07 --------- d-------- C:\Program Files\MySpace
2007-09-18 09:53 --------- d-------- C:\Program Files\Salon Iris
2007-09-17 16:30 --------- d-------- C:\Program Files\Microsoft Games
2007-09-17 13:16 --------- d-------- C:\Program Files\NovaLogic
2007-09-16 15:30 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-16 15:12 --------- d-------- C:\Program Files\FlashGet
2007-09-16 14:43 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-09-15 17:25 --------- d-------- C:\Program Files\Yahoo!
2007-09-14 22:03 --------- d-------- C:\DOCUME~1\BLACKB~1\APPLIC~1\Xfire
2007-09-14 21:35 --------- d---s---- C:\Program Files\Xfire
2007-09-10 13:19 --------- d-------- C:\Program Files\Fish Tycoon
2007-09-10 13:13 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-08 17:13 --------- d-------- C:\Program Files\America's Army
2007-09-06 18:03 --------- d-------- C:\Program Files\eMule
2007-09-02 23:04 --------- d-------- C:\Program Files\Vstplugins
2007-08-29 02:28 --------- d-------- C:\Program Files\SolidWorks
2007-08-28 14:56 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 17:00 --------- d-------- C:\Program Files\Steam
2007-08-26 15:16 --------- d-------- C:\DOCUME~1\BLACKB~1\APPLIC~1\gtk-2.0
2007-08-20 12:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
2007-08-20 02:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2007-08-20 00:27 --------- d-------- C:\Program Files\bfgclient
2007-08-19 11:48 --------- d-------- C:\Program Files\The Rosetta Stone
2007-08-16 12:16 --------- d--h----- C:\DOCUME~1\BLACKB~1\APPLIC~1\ijjigame
2007-08-13 19:02 --------- d-------- C:\DOCUME~1\BLACKB~1\APPLIC~1\MySpace
2007-08-13 11:45 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-08-09 18:24 --------- d-------- C:\Program Files\RealVNC
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 18:45 --------- d-------- C:\Program Files\3D Button Creator Gold
2007-07-30 18:18 24192 --a------ C:\DOCUME~1\BLACKB~1\usbsermptxp.sys
2007-07-30 18:18 22768 --a------ C:\DOCUME~1\BLACKB~1\usbsermpt.sys
2007-07-27 12:44 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Creative
2007-07-26 09:30 879832 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-26 09:30 108360 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-25 19:44 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-07-25 19:44 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-07-25 19:44 --------- d-------- C:\Program Files\OpenAL
2007-07-21 17:06 --------- d-------- C:\Program Files\Stardock
2006-08-11 00:52:28 56 --sh--r C:\WINDOWS\system326EF3642A4.sys
2006-08-11 00:52:28 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 18:12]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [2005-06-27 07:17]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LXBRKsk"="C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 15:57]
"Lexmark 3100 Series"="C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-07-28 19:50]
"Auto EPSON Stylus Photo R200 Series (Copy 1) on Sniper-moms-pc"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" [2003-07-08 04:00]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 17:38]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00]
"\\SNIPER-MOMS-PC\EPSON Stylus Photo R200 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" [2003-07-08 04:00]
"Motive SmartBridge"="C:\PROGRA~1\HUGHES~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
"CAVRID"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" [2007-05-02 08:12]
"Bart Station"="C:\Program Files\PeoplePC\ISP6200\BIN\PPCOLink.exe" [2005-07-25 14:14]
"Auto EPSON Stylus Photo R200 Series on SNIPERMO-OAMGPX"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" [2003-07-08 04:00]
"cctray"="C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe" [2007-06-14 09:48]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 15:29]
"Auto EPSON Stylus Photo R200 Series on SNIPERMOM-PC"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" [2003-07-08 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 15:29]
"SmartGuardian"="C:\Program Files\ITE\Smart Guardian\ITESmart.exe" [2003-09-30 18:01]
"EssSpkPhone"="essspk.exe" [2002-05-30 18:46 C:\WINDOWS\essspk.exe]
"USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2003-07-07 07:00]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 05:50 C:\WINDOWS\LOGI_MWX.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"Sonic RecordNow! Deluxe"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 21:12]
"Steam"="" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50]

C:\DOCUME~1\BLACKB~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-11-07 09:58:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-03-18 00:06 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-06-07 16:08 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HughesNet Tools.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HughesNet Tools.lnk
backup=C:\WINDOWS\pss\HughesNet Tools.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bart Station]
C:\Program Files\PeoplePC\ISP6000\BIN\PPCOLink.exe -STATION

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GatekeeperStart]
C:\Program Files\Gatekeeper Beta\Gatekeeper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartGuardian]
C:\Program Files\ITE\Smart Guardian\ITESmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WinVNC4"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"StarWindService"=2 (0x2)
"SolidWorks Licensing Service"=3 (0x3)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=C:\WINDOWS\UpdReg.EXE

R3 Aox401Camera;Kensington VideoCAM BETA;C:\WINDOWS\system32\DRIVERS\aox401vc.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
R3 iteio;iteio;\??\C:\WINDOWS\System32\drivers\iteio.sys
S3 DMSKSSRh;DMSKSSRh;\??\C:\DOCUME~1\BLACKB~1\LOCALS~1\Temp\DMSKSSRh.sys
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 NVR0Dev;NVR0Dev;\??\C:\WINDOWS\nvoclock.sys
S3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;C:\WINDOWS\system32\DRIVERS\sccmusbm.sys
S3 PciCon;PciCon;\??\F:\PciCon.sys
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys
S3 XBCD;XBCD Kernel Module;C:\WINDOWS\system32\Drivers\xbcd.sys
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\Data\StubStub.exe

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 16:35:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&?????w???w????????\???\???????????U??w???w\???\?????????a??????C@?\???\??????s????\??????s\????&??A??s?&???C@?x???`|?w\?????@

scanning hidden files ...

C:\WINDOWS\{00000001-00000000-00000006-00001102-00000004-005C1102}.CDF

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\SNIPER-MOMS-PC\\EPSON Stylus Photo R200 Series (Copy 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2H1.EXE /P56 \"\\\\SNIPER-MOMS-PC\\EPSON Stylus Photo R200 Series (Copy 1)\" /O6 \"USB001\" /M \"Stylus Photo R200\""
.
Completion time: 2007-09-21 16:37:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 16:37
.
--- E O F ---

#4 OFFLINE   boomtown

    Member

  • Members
  • PipPip
  • 45 posts
  • Gender:Male

Posted 21 September 2007 - 09:43 PM 

2003-11-18 03:06	  99352	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\MABRYOBJ.DLL.vir
2004-04-29 16:14	  267472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\FTPX.DLL.vir
2004-12-03 05:20	  20544	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sfsync02.sys.vir
2005-08-02 14:08	  61440	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\wanpacket.dll.vir
2005-08-02 14:08	  81920	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
2005-08-02 14:18	  233472	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2005-08-02 14:24	  53299	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
2005-10-13 08:46	  35328	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sfsync03.sys.vir
2006-12-14 22:47	  782336	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp35.tmp.vir
2007-07-08 21:23	  15399	--a------	C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-09-21 16:29	  1488	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_SFSYNC02.reg.dat
2007-09-21 16:29	  1488	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_SFSYNC03.reg.dat
2007-09-21 16:29	  2050	--a------	C:\Qoobox\Quarantine\Registry_backups\services_NPF.reg.dat
2007-09-21 16:29	  2572	--a------	C:\Qoobox\Quarantine\Registry_backups\services_sfsync02.reg.dat
2007-09-21 16:29	  2572	--a------	C:\Qoobox\Quarantine\Registry_backups\services_sfsync03.reg.dat
2007-09-21 16:29	  830	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_WINDOWS_LOG.reg.dat


Folder PATH listing for volume C DRIVE
Volume serial number is E07A-3840
C:\QOOBOX\QUARANTINE
+---C
|   +---ComboFix
|   |	   FProps.vbs.vir
|   |	   
|   \---WINDOWS
|	   \---system32
|		   |   FTPX.DLL.vir
|		   |   MABRYOBJ.DLL.vir
|		   |   packet.dll.vir
|		   |   pthreadVC.dll.vir
|		   |   tmp35.tmp.vir
|		   |   wanpacket.dll.vir
|		   |   wpcap.dll.vir
|		   |   
|		   \---drivers
|				   sfsync02.sys.vir
|				   sfsync03.sys.vir
|				   
\---Registry_backups
		LEGACY_SFSYNC02.reg.dat
		LEGACY_SFSYNC03.reg.dat
		LEGACY_WINDOWS_LOG.reg.dat
		services_NPF.reg.dat
		services_sfsync02.reg.dat
		services_sfsync03.reg.dat

#5 OFFLINE   AndyManchesta

    Power Member

  • Spyware Moderators
  • 1,821 posts
  • Gender:Male
  • Location:Manchester. UK
  • Interests:Music, Movies, Website Building &amp; Design, Malware Testing/Research and spending time with friends &amp; family.

Posted 21 September 2007 - 09:58 PM

That looks fine, I'll wait to see the Kaspersky log though incase there's still remaining malware problems

Cheers
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell