Thread: Combofix log please help..
View Single Post
Old 12-23-2007, 03:57 AM   #5 (permalink)
codeman0013
Diamond Member
 
codeman0013's Avatar
 
Join Date: Jul 2006
Location: Inside my network at work
Age: 23
Posts: 1,518
Default
UPDATED LOG AND HIJACKTHIS:

ComboFix 07-12-23.1 - Owner 2007-12-22 20:50:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.75 [GMT -6:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\aryvobmf
C:\Program Files\Bqscjpok
C:\Program Files\Eypekskp
C:\Program Files\lshklgle
C:\Program Files\Pqdoufwx
C:\Program Files\Zcmvyoll
C:\WINDOWS\system32\juvprpba
C:\WINDOWS\system32\juvprpba\bg1.gif
C:\WINDOWS\system32\juvprpba\bgtop.gif
C:\WINDOWS\system32\juvprpba\bottom1.gif
C:\WINDOWS\system32\juvprpba\essentials.gif
C:\WINDOWS\system32\juvprpba\icon1.ico
C:\WINDOWS\system32\juvprpba\install1.gif
C:\WINDOWS\system32\juvprpba\left1.gif
C:\WINDOWS\system32\juvprpba\li.gif
C:\WINDOWS\system32\juvprpba\logo.gif
C:\WINDOWS\system32\juvprpba\main.htm
C:\WINDOWS\system32\juvprpba\mainframe.htm
C:\WINDOWS\system32\juvprpba\reinstall1.gif
C:\WINDOWS\system32\juvprpba\right1.gif
C:\WINDOWS\system32\juvprpba\s1.htm
C:\WINDOWS\system32\juvprpba\s2.htm
C:\WINDOWS\system32\juvprpba\s3.htm
C:\WINDOWS\system32\juvprpba\SMTop1.gif
C:\WINDOWS\system32\juvprpba\SMTop2.gif
C:\WINDOWS\system32\juvprpba\SMTop3.gif
C:\WINDOWS\system32\juvprpba\SMTop4.gif
C:\WINDOWS\system32\juvprpba\soft1_off.gif
C:\WINDOWS\system32\juvprpba\soft1_off_ext.gif
C:\WINDOWS\system32\juvprpba\soft1_on.gif
C:\WINDOWS\system32\juvprpba\soft1_on_ext.gif
C:\WINDOWS\system32\juvprpba\soft2_off.gif
C:\WINDOWS\system32\juvprpba\soft2_off_ext.gif
C:\WINDOWS\system32\juvprpba\soft2_on.gif
C:\WINDOWS\system32\juvprpba\soft2_on_ext.gif
C:\WINDOWS\system32\juvprpba\soft3_off.gif
C:\WINDOWS\system32\juvprpba\soft3_off_ext.gif
C:\WINDOWS\system32\juvprpba\soft3_on.gif
C:\WINDOWS\system32\juvprpba\soft3_on_ext.gif
C:\WINDOWS\system32\juvprpba\softbottom_off.gif
C:\WINDOWS\system32\juvprpba\softbottom_on.gif
C:\WINDOWS\system32\juvprpba\softleft_off.gif
C:\WINDOWS\system32\juvprpba\softleft_on.gif
C:\WINDOWS\system32\juvprpba\top1.gif
C:\WINDOWS\system32\juvprpba\top2.gif
C:\WINDOWS\system32\juvprpba\turnoff1.gif
C:\WINDOWS\system32\juvprpba\turnon1.gif
C:\WINDOWS\system32\njprckha
C:\WINDOWS\system32\njprckha\bg1.gif
C:\WINDOWS\system32\njprckha\bgtop.gif
C:\WINDOWS\system32\njprckha\bottom1.gif
C:\WINDOWS\system32\njprckha\essentials.gif
C:\WINDOWS\system32\njprckha\icon1.ico
C:\WINDOWS\system32\njprckha\install1.gif
C:\WINDOWS\system32\njprckha\left1.gif
C:\WINDOWS\system32\njprckha\li.gif
C:\WINDOWS\system32\njprckha\logo.gif
C:\WINDOWS\system32\njprckha\main.htm
C:\WINDOWS\system32\njprckha\mainframe.htm
C:\WINDOWS\system32\njprckha\reinstall1.gif
C:\WINDOWS\system32\njprckha\right1.gif
C:\WINDOWS\system32\njprckha\s1.htm
C:\WINDOWS\system32\njprckha\s2.htm
C:\WINDOWS\system32\njprckha\s3.htm
C:\WINDOWS\system32\njprckha\SMTop1.gif
C:\WINDOWS\system32\njprckha\SMTop2.gif
C:\WINDOWS\system32\njprckha\SMTop3.gif
C:\WINDOWS\system32\njprckha\SMTop4.gif
C:\WINDOWS\system32\njprckha\soft1_off.gif
C:\WINDOWS\system32\njprckha\soft1_off_ext.gif
C:\WINDOWS\system32\njprckha\soft1_on.gif
C:\WINDOWS\system32\njprckha\soft1_on_ext.gif
C:\WINDOWS\system32\njprckha\soft2_off.gif
C:\WINDOWS\system32\njprckha\soft2_off_ext.gif
C:\WINDOWS\system32\njprckha\soft2_on.gif
C:\WINDOWS\system32\njprckha\soft2_on_ext.gif
C:\WINDOWS\system32\njprckha\soft3_off.gif
C:\WINDOWS\system32\njprckha\soft3_off_ext.gif
C:\WINDOWS\system32\njprckha\soft3_on.gif
C:\WINDOWS\system32\njprckha\soft3_on_ext.gif
C:\WINDOWS\system32\njprckha\softbottom_off.gif
C:\WINDOWS\system32\njprckha\softbottom_on.gif
C:\WINDOWS\system32\njprckha\softleft_off.gif
C:\WINDOWS\system32\njprckha\softleft_on.gif
C:\WINDOWS\system32\njprckha\top1.gif
C:\WINDOWS\system32\njprckha\top2.gif
C:\WINDOWS\system32\njprckha\turnoff1.gif
C:\WINDOWS\system32\njprckha\turnon1.gif
.
((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.
2007-12-20 23:09 . 2007-12-20 23:09 <DIR> d-------- C:\Program Files\MSBuild
2007-12-20 22:57 . 2007-12-21 17:39 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-20 22:51 . 2007-12-20 22:51 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-20 22:13 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-12-20 22:12 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-12-20 22:11 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2007-12-20 22:10 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2007-12-20 22:09 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-12-20 22:08 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2007-12-20 22:07 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2007-12-20 22:06 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2007-12-20 22:05 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-12-20 22:04 . 2004-08-04 00:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2007-12-20 22:03 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2007-12-20 22:02 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2007-12-20 22:01 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2007-12-20 22:00 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2007-12-20 21:59 . 2001-08-17 13:28 714,698 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2007-12-20 21:58 . 2001-08-17 14:56 342,336 --a--c--- C:\WINDOWS\system32\dllcache\banshee.dll
2007-12-20 21:57 . 2001-08-17 14:55 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll
2007-12-20 21:56 . 2001-08-17 14:07 56,960 --a--c--- C:\WINDOWS\system32\dllcache\aic78xx.sys
2007-12-20 21:56 . 2001-08-17 14:07 55,168 --a--c--- C:\WINDOWS\system32\dllcache\aic78u2.sys
2007-12-20 21:56 . 2004-08-03 22:31 36,224 --a--c--- C:\WINDOWS\system32\dllcache\an983.sys
2007-12-20 21:56 . 2001-08-17 12:11 27,678 --a--c--- C:\WINDOWS\system32\dllcache\ali5261.sys
2007-12-20 21:56 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\alifir.sys
2007-12-20 21:56 . 2001-08-17 22:37 24,576 --a--c--- C:\WINDOWS\system32\dllcache\agcgauge.ax
2007-12-20 21:56 . 2001-08-17 12:11 16,969 --a--c--- C:\WINDOWS\system32\dllcache\amb8002.sys
2007-12-20 21:56 . 2001-08-17 13:52 12,800 --a--c--- C:\WINDOWS\system32\dllcache\aha154x.sys
2007-12-20 21:56 . 2001-08-17 13:52 12,032 --a--c--- C:\WINDOWS\system32\dllcache\amsint.sys
2007-12-20 21:56 . 2001-08-17 13:47 6,272 --a--c--- C:\WINDOWS\system32\dllcache\apmbatt.sys
2007-12-20 21:56 . 2001-08-17 13:51 5,248 --a--c--- C:\WINDOWS\system32\dllcache\aliide.sys
2007-12-20 21:53 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-12-20 21:46 . 2007-12-20 21:46 <DIR> d-------- C:\VundoFix Backups
2007-12-20 12:25 . 2003-11-18 00:09 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2007-12-20 12:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-20 12:15 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-20 12:13 . 2007-12-20 12:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\TeamViewer
2007-12-20 03:31 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-12-20 03:18 . 2007-12-20 03:18 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-20 03:10 . 2007-12-20 03:10 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-12-20 03:10 . 2007-12-20 03:10 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-12-20 02:57 . 2007-12-20 02:57 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-20 02:09 . 2007-12-20 12:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-20 02:09 . 2007-12-20 02:29 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-19 22:19 . 2007-12-19 23:03 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-12-19 22:13 . 2006-11-13 00:02 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-12-19 22:13 . 2006-11-13 00:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-12-19 22:13 . 2006-11-13 00:02 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-12-19 19:49 . 2007-12-19 19:49 <DIR> d-------- C:\Program Files\CCleaner
2007-12-19 19:23 . 2007-12-22 11:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-19 19:23 . 2007-12-19 19:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-19 19:22 . 2007-12-19 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-19 19:22 . 2007-12-19 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-19 18:54 . 2007-12-20 12:13 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-19 18:43 . 2007-12-19 18:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\TeamViewer
2007-12-19 18:42 . 2007-12-19 18:43 <DIR> d-------- C:\Program Files\TeamViewer3
2007-12-19 18:41 . 2007-12-19 18:41 <DIR> d-------- C:\Documents and Settings\Owner\temp
2007-12-14 22:25 . 2007-12-14 22:25 <DIR> d-------- C:\VirDefs
2007-12-14 22:25 . 2007-12-14 22:25 <DIR> d-------- C:\Support
2007-12-14 22:25 . 2007-12-14 22:25 <DIR> d-------- C:\SevInst
2007-12-14 22:25 . 2007-12-14 22:25 <DIR> d-------- C:\LiveUpdt
2007-12-14 22:25 . 2007-12-14 22:25 <DIR> d-------- C:\Data
2007-12-14 22:25 . 2007-12-19 18:20 1,246,773 --a------ C:\Data1.cab
2007-12-14 22:25 . 2007-12-19 18:20 1,663 --a------ C:\Setup.wis
2007-12-13 14:48 . 2007-12-13 14:48 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-13 02:54 . 2007-12-13 02:54 <DIR> d-------- C:\Documents and Settings\Laura\Application Data\TransRender
2007-12-13 02:54 . 2007-12-13 02:54 <DIR> d-------- C:\Documents and Settings\Laura\Application Data\Temporary
2007-12-13 02:54 . 2007-12-13 02:54 <DIR> d-------- C:\Documents and Settings\Laura\Application Data\Samsung
2007-12-13 02:53 . 2007-12-13 02:53 <DIR> d-------- C:\Program Files\Samsung
2007-12-10 00:57 . 2007-12-10 00:58 <DIR> d-------- C:\Documents and Settings\Laura\Application Data\Move Networks
2007-12-03 00:21 . 2007-12-03 00:21 <DIR> d-------- C:\Program Files\Drug Lord 2
2007-11-26 06:19 . 2007-11-26 06:19 <DIR> d-------- C:\Documents and Settings\Laura\Application Data\Viewpoint
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-22 20:14 --------- d-----w C:\Program Files\Gateway
2007-12-22 20:14 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2007-12-22 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-21 23:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-20 23:46 --------- d-----w C:\Program Files\Morpheus
2007-12-20 18:13 --------- d-----w C:\Program Files\Google
2007-12-20 00:54 --------- d-----w C:\Program Files\Windows Defender
2007-12-20 00:53 --------- d-----w C:\Program Files\Symantec
2007-12-20 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-15 04:18 --------- d-----w C:\Program Files\Finale NotePad 2007
2007-12-13 08:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 04:14 --------- d-----w C:\Program Files\Trillian
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 07:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 07:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 07:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 07:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-23 00:52 --------- d-----w C:\Program Files\QuickTime
2007-10-11 15:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 15:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 15:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-09 19:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 19:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 19:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll
2007-10-09 19:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 19:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 19:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 19:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNativ e_v0300.dll
2007-10-09 19:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll
2007-10-09 18:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((( snapshot@2007-12-22_ 9.46.47.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-22 01:27:09 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2007-12-22 17:17:33 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
- 2007-12-22 01:27:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-22 17:17:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-22 01:27:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-22 17:17:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 08:15]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-11-18 00:24]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-11-18 00:11]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-19 19:22]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 00:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\bak\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
R2 TeamViewer;TeamViewer 3;"C:\Program Files\TeamViewer3\TeamViewer_Host.exe" -service []
S3 Dptiiserwia;Dptiiserwia;C:\WINDOWS\system32\driver s\bthpan.sys [2004-08-03 22:58]
S3 iscFlash;iscFlash;C:\WINDOWS\SYSTEM32\DRIVERS\iscf lash.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 12:24]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 12:24]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 12:24]
.
************************************************** ************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 20:53:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-12-22 20:54:24
C:\ComboFix2.txt ... 2007-12-22 10:00
C:\ComboFix3.txt ... 2007-12-22 09:48
.
2007-12-20 23:44:33 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:08 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1139342246468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1198122147968
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
--
End of file - 4187 bytes
codeman0013 is offline   Reply With Quote