(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 15:03 --------- d-----w C:\Program Files\QuickTime
2008-01-17 14:47 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org2
2008-01-13 17:53 --------- d-----w C:\Program Files\REGSHAVE
2008-01-13 17:53 --------- d-----w C:\Program Files\iTunes
2008-01-13 17:53 --------- d-----w C:\Program Files\AIM
2008-01-10 04:29 --------- d-----w C:\Program Files\Artweaver 0.4
2008-01-02 04:10 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Skype
2007-12-28 01:40 --------- d-----w C:\Program Files\iPod
2007-12-27 17:19 --------- d-----w C:\Program Files\Apple Software Update
2007-12-23 18:12 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2007-12-08 15:59 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Snapfish
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-21 02:07 --------- d-----w C:\Program Files\SecondLife
2007-11-18 00:33 --------- d–h–w C:\Program Files\InstallShield Installation Information
2007-11-18 00:13 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Artweaver
2007-10-09 16:43 15,754 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2006-05-21 21:55 3,333 ----a-w C:\Program Files\INSTALL.LOG
2005-09-09 06:58 48,640 —ha-w C:\Documents and Settings\Compaq_Owner\Application Data\eSelleratePlugin.DLL
2005-09-09 06:43 124 ----a-w C:\Program Files\Warez P2P ClientIPGUARD.LOG
2002-07-26 21:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
.
((((((((((((((((((((((((((((( snapshot@2008-01-13_13.37.08.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 17:24:32 557,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000001\NTUSER.DAT
- 2008-01-17 15:03:14 557,056 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000001\NTUSER.DAT
- 2008-01-13 17:24:32 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000002\UsrClass.dat
- 2008-01-17 15:03:15 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000002\UsrClass.dat
- 2008-01-13 17:24:32 552,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000003\NTUSER.DAT
- 2008-01-17 15:03:15 552,960 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000003\NTUSER.DAT
- 2008-01-13 17:24:33 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000004\UsrClass.dat
- 2008-01-17 15:03:15 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000004\UsrClass.dat
- 2008-01-13 17:24:34 4,640,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000005\NTUSER.DAT
- 2008-01-17 15:03:15 4,640,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000005\NTUSER.DAT
- 2008-01-13 17:24:34 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000006\UsrClass.dat
- 2008-01-17 15:03:16 24,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000006\UsrClass.dat
- 2008-01-17 15:10:29 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-01-12 09:42 15360]
“AIM”=“C:\Program Files\AIM\aim.exe” [2008-01-13 12:09 67160]
“Yahoo! Pager”=“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” [2008-01-13 12:09 4662776]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-01-13 12:09 68856]
“updateMgr”=“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2008-01-13 12:09 313472]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“FFTI”=“C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles[u]0[/u]90rc6lm.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SiSPower”=“SiSPower.dll” [2005-01-04 18:54 49152 C:\WINDOWS\system32\SiSPower.dll]
“HPBootOp”=“C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe”
“LSBWatcher”=“c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe” [2008-01-13 12:09 253952]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-01-12 09:41 79224]
“regcmdcons”=“c:\hp\bin\cloaker.exe” [2008-01-13 12:09 27136]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-01-13 12:09 180269]
“REGSHAVE”=“C:\Program Files\REGSHAVE\REGSHAVE.exe” [2008-01-13 12:09 53248]
“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” [2008-01-13 12:09 90112]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask .exe”
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2008-01-13 12:09 267048]
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [2005-05-05 12:59:06]
R3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 16:05]
R3 IPN2120;Wireless-B PCI Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys [2003-08-26 03:28]
S1 intelidee;intelidee;C:\WINDOWS\system32\drivers\intelidee.sys
S2 NANU;Security Service;C:\WINDOWS\system32\svcd\svchost.exe
.
Contents of the ‘Scheduled Tasks’ folder
“2008-01-05 11:56:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
“2005-05-05 18:21:55 C:\WINDOWS\Tasks\Symantec NetDetect.job”
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 10:10:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
