a check up hjt and combofix included

Status
Not open for further replies.

koolkid12349

New Member
computer is running a bit sluggishly

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:24 AM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/remote
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7553 bytes
 

koolkid12349

New Member
ComboFix 08-01-23.1B - Owner 2008-02-03 11:27:49.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.655 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-03 00:49 . 2008-02-03 00:49 2,252,430 --a------ C:\picture206.bmp
2008-02-01 23:14 . 2008-02-01 23:14 1,585,350 --a------ C:\picture205.bmp
2008-02-01 23:04 . 2008-02-01 23:04 1,585,350 --a------ C:\picture204.bmp
2008-02-01 20:43 . 2008-02-01 20:43 1,585,350 --a------ C:\picture203.bmp
2008-02-01 20:43 . 2008-02-01 20:43 1,585,350 --a------ C:\picture202.bmp
2008-02-01 20:43 . 2008-02-01 20:43 1,585,350 --a------ C:\picture201.bmp
2008-02-01 20:40 . 2008-02-01 20:40 1,585,350 --a------ C:\picture200.bmp
2008-02-01 20:39 . 2008-02-01 20:39 1,585,350 --a------ C:\picture199.bmp
2008-02-01 20:02 . 2008-02-01 20:02 1,585,350 --a------ C:\picture198.bmp
2008-02-01 17:33 . 2008-02-01 17:33 1,585,350 --a------ C:\picture197.bmp
2008-02-01 17:33 . 2008-02-01 17:33 1,585,350 --a------ C:\picture196.bmp
2008-02-01 17:33 . 2008-02-01 17:33 1,585,350 --a------ C:\picture195.bmp
2008-02-01 17:32 . 2008-02-01 17:32 1,585,350 --a------ C:\picture194.bmp
2008-02-01 17:32 . 2008-02-01 17:32 1,585,350 --a------ C:\picture193.bmp
2008-02-01 17:32 . 2008-02-01 17:32 1,585,350 --a------ C:\picture192.bmp
2008-02-01 17:32 . 2008-02-01 17:32 1,585,350 --a------ C:\picture191.bmp
2008-01-31 21:46 . 2008-01-31 21:46 2,279,478 --a------ C:\picture190.bmp
2008-01-31 19:52 . 2008-01-31 19:52 1,585,350 --a------ C:\picture189.bmp
2008-01-31 19:52 . 2008-01-31 19:52 1,585,350 --a------ C:\picture188.bmp
2008-01-31 19:51 . 2008-01-31 19:51 1,585,350 --a------ C:\picture187.bmp
2008-01-29 21:52 . 2008-01-29 21:52 2,279,478 --a------ C:\picture186.bmp
2008-01-29 21:50 . 2008-01-29 21:50 2,279,478 --a------ C:\picture185.bmp
2008-01-29 18:25 . 2008-01-29 18:25 2,279,478 --a------ C:\picture184.bmp
2008-01-29 18:22 . 2008-01-29 18:22 2,279,478 --a------ C:\picture183.bmp
2008-01-28 22:24 . 2008-01-28 22:24 2,279,478 --a------ C:\picture182.bmp
2008-01-26 21:36 . 2008-01-26 21:36 2,279,478 --a------ C:\picture181.bmp
2008-01-26 20:59 . 2008-01-26 20:59 2,279,478 --a------ C:\picture180.bmp
2008-01-26 19:56 . 2008-01-26 19:56 2,279,478 --a------ C:\picture179.bmp
2008-01-26 19:54 . 2008-01-26 19:54 2,279,478 --a------ C:\picture178.bmp
2008-01-26 19:51 . 2008-01-26 19:51 2,279,478 --a------ C:\picture177.bmp
2008-01-26 16:39 . 2008-01-26 16:39 1,585,350 --a------ C:\picture176.bmp
2008-01-26 11:41 . 2008-01-26 11:41 2,279,478 --a------ C:\picture175.bmp
2008-01-25 21:10 . 2008-01-25 21:10 1,585,350 --a------ C:\picture174.bmp
2008-01-25 21:10 . 2008-01-25 21:10 1,585,350 --a------ C:\picture173.bmp
2008-01-25 21:10 . 2008-01-25 21:10 1,585,350 --a------ C:\picture172.bmp
2008-01-25 21:10 . 2008-01-25 21:10 1,585,350 --a------ C:\picture171.bmp
2008-01-25 20:47 . 2008-01-25 20:47 1,585,350 --a------ C:\picture170.bmp
2008-01-25 19:58 . 2008-01-25 19:58 <DIR> d-------- C:\Deckard
2008-01-24 17:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 18:36 . 2008-01-23 18:36 1,585,350 --a------ C:\picture169.bmp
2008-01-23 18:36 . 2008-01-23 18:36 1,585,350 --a------ C:\picture168.bmp
2008-01-23 17:24 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-23 17:23 . 2008-01-23 17:24 <DIR> d-------- C:\Program Files\Java
2008-01-23 17:23 . 2008-01-23 17:23 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-21 19:53 . 2008-01-21 19:53 2,279,478 --a------ C:\picture167.bmp
2008-01-21 17:18 . 2008-01-21 17:18 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-01-21 17:18 . 2007-12-17 03:34 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-01-21 17:04 . 2008-01-21 17:04 <DIR> d-------- C:\Program Files\uTorrent
2008-01-20 18:38 . 2008-01-20 18:38 2,328,630 --a------ C:\picture166.bmp
2008-01-20 13:03 . 2008-01-20 13:03 1,585,350 --a------ C:\picture165.bmp
2008-01-19 21:47 . 2008-01-19 21:47 2,279,478 --a------ C:\picture164.bmp
2008-01-16 19:37 . 2008-01-16 19:37 2,279,478 --a------ C:\picture163.bmp
2008-01-16 09:05 . 2008-01-16 09:05 0 --a------ C:\LOG43.tmp
2008-01-15 20:48 . 2008-01-15 20:48 2,264,238 --a------ C:\picture162.bmp
2008-01-12 01:23 . 2008-01-12 01:23 2,279,478 --a------ C:\picture161.bmp
2008-01-12 00:57 . 2008-01-12 00:57 2,279,478 --a------ C:\picture160.bmp
2008-01-12 00:57 . 2008-01-12 00:57 2,279,478 --a------ C:\picture159.bmp
2008-01-12 00:55 . 2008-01-12 00:55 2,279,478 --a------ C:\picture158.bmp
2008-01-12 00:55 . 2008-01-12 00:55 2,279,478 --a------ C:\picture157.bmp
2008-01-12 00:55 . 2008-01-12 00:55 2,279,478 --a------ C:\picture156.bmp
2008-01-08 22:48 . 2008-01-08 22:48 2,279,478 --a------ C:\picture155.bmp
2008-01-08 22:34 . 2008-01-08 22:34 1,585,350 --a------ C:\picture154.bmp
2008-01-07 18:52 . 2008-01-07 18:52 2,279,478 --a------ C:\picture153.bmp
2008-01-07 17:52 . 2008-01-07 17:52 2,279,478 --a------ C:\picture152.bmp
2008-01-07 17:52 . 2008-01-07 17:52 2,279,478 --a------ C:\picture151.bmp
2008-01-06 23:15 . 2008-01-06 23:15 1,585,350 --a------ C:\picture150.bmp
2008-01-06 23:14 . 2008-01-06 23:14 1,585,350 --a------ C:\picture149.bmp
2008-01-06 23:14 . 2008-01-06 23:14 1,585,350 --a------ C:\picture148.bmp
2008-01-06 23:14 . 2008-01-06 23:14 1,585,350 --a------ C:\picture147.bmp
2008-01-06 23:12 . 2008-01-06 23:12 1,585,350 --a------ C:\picture146.bmp
2008-01-06 23:11 . 2008-01-06 23:11 1,585,350 --a------ C:\picture145.bmp
2008-01-06 23:08 . 2008-01-06 23:08 1,585,350 --a------ C:\picture144.bmp
2008-01-06 23:08 . 2008-01-06 23:08 1,585,350 --a------ C:\picture143.bmp
2008-01-06 23:08 . 2008-01-06 23:08 1,585,350 --a------ C:\picture142.bmp
2008-01-06 23:07 . 2008-01-06 23:07 1,585,350 --a------ C:\picture141.bmp
2008-01-06 23:07 . 2008-01-06 23:07 1,585,350 --a------ C:\picture140.bmp
2008-01-06 22:25 . 2008-01-06 22:25 1,585,350 --a------ C:\picture139.bmp
2008-01-06 22:22 . 2008-01-06 22:22 1,585,350 --a------ C:\picture138.bmp
2008-01-06 22:21 . 2008-01-06 22:21 1,585,350 --a------ C:\picture137.bmp
2008-01-06 22:21 . 2008-01-06 22:21 47,926 --a------ C:\picture136.bmp
2008-01-06 17:41 . 2008-01-06 17:41 1,585,350 --a------ C:\picture135.bmp
2008-01-04 23:56 . 2008-01-04 23:58 <DIR> d-------- C:\WINDOWS\.file_store_32
2008-01-04 19:57 . 2008-01-04 20:01 2,279,478 --a------ C:\picture134.bmp
2008-01-04 02:04 . 2008-01-04 02:04 2,359,350 --a------ C:\picture133.bmp
2008-01-04 01:56 . 2008-01-04 01:56 2,359,350 --a------ C:\picture132.bmp
2008-01-04 01:54 . 2008-01-04 01:54 2,359,350 --a------ C:\picture131.bmp
2008-01-04 01:54 . 2008-01-04 01:54 2,359,350 --a------ C:\picture130.bmp
2008-01-04 01:54 . 2008-01-04 01:54 2,359,350 --a------ C:\picture129.bmp
2008-01-04 01:54 . 2008-01-04 01:54 2,359,350 --a------ C:\picture128.bmp
2008-01-04 00:32 . 2008-01-04 00:32 2,359,350 --a------ C:\picture127.bmp
2008-01-04 00:03 . 2008-01-04 00:03 2,359,350 --a------ C:\picture126.bmp
2008-01-03 01:41 . 2008-01-03 01:41 2,359,350 --a------ C:\picture125.bmp
2008-01-03 01:41 . 2008-01-03 01:41 2,359,350 --a------ C:\picture124.bmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 04:23 --------- d-----w C:\Program Files\mIRC
2008-02-01 03:40 --------- d-----w C:\Program Files\SwiftSwitch
2008-01-24 22:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-17 14:00 --------- d-----w C:\Program Files\Google
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-05 15:11 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 15:11 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 15:11 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 15:11 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 15:11 --------- d-----w C:\Program Files\Symantec
2007-12-04 19:01 --------- d-----w C:\Program Files\PartyGaming
2007-12-03 23:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 23:53 --------- d-----w C:\Program Files\Kerio
2007-11-22 02:37 3,120 ----a-w C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-09-20 18:11 14,614,325 ----a-w C:\Program Files\high_and_mighty_color_ichirin_no_hana_less_vocal_ver.zip
2007-09-20 18:09 9,323,681 ----a-w C:\Program Files\01_d_tecnoLife.zip
2007-09-03 23:03 1,217,264 ----a-w C:\Program Files\Win32OpenSSL_Light-0_9_8e.exe
2007-08-13 23:16 1,008,360 ----a-w C:\Program Files\MzBot no patcher.rar
2007-08-11 03:21 27,728 ----a-w C:\Program Files\file1.jpg
2007-08-09 15:26 664,572,433 ----a-w C:\Program Files\MSSetup.exe
2007-08-01 21:22 5,914,648 ----a-w C:\Program Files\SUPERAntiSpyware.exe
2007-08-01 20:28 212,849 ----a-w C:\Program Files\hijackthis.zip
2007-08-01 07:45 921,654 ----a-w C:\Program Files\file.BMP
2007-08-01 07:44 28,272 ----a-w C:\Program Files\file.bin
2007-07-31 19:56 50,375 ----a-w C:\Program Files\SAtrainerFinalv3.zip
2007-08-01 20:31 1,730,597 --sh--w C:\WINDOWS\system32\qttss.bak1
2007-08-01 20:42 1,730,036 --sh--w C:\WINDOWS\system32\qttss.bak2
2007-08-01 22:14 1,738,768 --sh--w C:\WINDOWS\system32\qttss.ini2
.

((((((((((((((((((((((((((((( snapshot@2008-01-24_17.37.49.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-02 21:29:16 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2008-02-02 21:29:19 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2008-02-02 21:29:20 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2008-02-02 21:32:00 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-02-02 21:31:56 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-02-02 21:29:22 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-01-13 12:53 114688]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 02:11 771704]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18 270648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-02 16:31 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-02 16:29 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 12:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 14:23:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-29 01:00:18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 11:30:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-03 11:30:58
ComboFix-quarantined-files.txt 2008-02-03 16:30:53
ComboFix2.txt 2008-02-03 07:23:09
ComboFix3.txt 2008-02-02 00:22:09
ComboFix4.txt 2008-01-25 18:48:18
ComboFix5.txt 2008-01-24 22:38:20
.
2008-01-10 19:43:27 --- E O F ---
 

ceewi1

VIP Member
I've responded in your other thread. Since this seems to be a duplicate, I will close this one.
 
Status
Not open for further replies.
Top