ComboFix Log
ComboFix 08-02-25.3 - Dylan 2008-02-25 10:21:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.595 [GMT -6:00]
Running from: C:\Documents and Settings\Dylan\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.
2008-02-21 10:51 . 2008-02-21 10:51 <DIR> d-------- C:\Deckard
2008-02-19 10:44 . 2008-02-19 10:45 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-19 10:37 . 2008-02-25 09:22 <DIR> d-------- C:\SDFix
2008-02-19 01:10 . 2008-02-19 01:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-18 22:53 . 2008-02-25 09:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-16 10:01 . 2008-02-18 02:11 <DIR> d-------- C:\Westwood
2008-02-14 14:44 . 2008-02-21 15:15 10,691 --a------ C:\AirlineHistory.zip
2008-02-13 22:27 . 2008-02-13 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-13 22:25 . 2008-02-13 22:25 <DIR> d-------- C:\Documents and Settings\Dylan\Application Data\NCH Software
2008-02-13 22:25 . 2008-02-13 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-01-26 18:24 . 2008-01-26 18:24 <DIR> d-------- C:\Program Files\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 16:19 --------- d-----w C:\Program Files\Viewpoint
2008-02-25 16:19 --------- d-----w C:\Documents and Settings\Dylan\Application Data\Viewpoint
2008-02-25 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-25 15:21 --------- d-----w C:\Program Files\Outspark
2008-02-22 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark
2008-02-19 05:52 --------- d-----w C:\Program Files\MSN Messenger
2008-02-19 05:40 --------- d-----w C:\Program Files\AIM6
2008-02-19 01:30 --------- d-----w C:\Documents and Settings\Dylan\Application Data\AVG7
2008-02-19 01:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 00:58 --------- d-----w C:\Program Files\Maxis
2008-02-17 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-16 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-15 07:25 --------- d-----w C:\Documents and Settings\Dylan\Application Data\U3
2008-02-15 04:29 --------- d-----w C:\Documents and Settings\Dylan\Application Data\BitTorrent
2008-02-14 04:25 --------- d-----w C:\Program Files\NCH Software
2008-02-12 19:58 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-12 19:00 --------- d-----w C:\Program Files\Diablo II
2008-01-31 05:54 --------- d-----w C:\Documents and Settings\Dylan\Application Data\WeatherBug
2008-01-22 06:03 --------- d-----w C:\Program Files\Hero Editor
2008-01-22 06:02 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-22 06:02 249,856 ------w C:\WINDOWS\Setup1.exe
2008-01-19 14:52 --------- d-----w C:\Program Files\EA GAMES
2008-01-19 14:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-21 18:53 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-12-07 00:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-11-11 12:16 1,740 ----a-w C:\Documents and Settings\Dylan\HISCORES.DAT
1997-05-13 23:26 3,206,344 ----a-w C:\Documents and Settings\Dylan\HOSPPAT.EXE
1994-06-01 03:00 265,396 ----a-w C:\Documents and Settings\Dylan\DOS4GW.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49 4662776]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 10:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"Freebie Notes"="C:\Program Files\Power Soft\Freebie Notes\FreebieNotes.exe" [2006-05-23 22:05 982016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 13:51 774233]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-17 21:21 185784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-23 21:39 145920]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Dylan^Start Menu^Programs^Startup^Qwest QuickNetworking.lnk]
path=C:\Documents and Settings\Dylan\Start Menu\Programs\Startup\Qwest QuickNetworking.lnk
backup=C:\WINDOWS\pss\Qwest QuickNetworking.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-06-28 20:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2007-06-23 21:39 416256 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-11-15 18:14 588080 C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CircleVirtualCD]
--a------ 2003-07-14 11:15 61440 C:\Program Files\Circle\VirtualCD\HvcdUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0630 STISvc]
-ra------ 2005-06-05 11:01 36864 C:\WINDOWS\system32\P0630Pin.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
C:\WINDOWS\system32\PRISMSVR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartUp]
C:\WINDOWS\trayicons.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKist]
C:\Program Files\Digital Media Reader\shwicon2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2006-05-19 13:52 86105 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
--a------ 2006-04-07 14:02 1343488 C:\Program Files\AWS\WeatherBug\Weather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
--a------ 2003-08-01 18:28 474624 C:\Program Files\TightVNC\WinVNC.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*
![Big Grin :D :D](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
isabled
![Mad :mad: :mad:](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
xpsp2res.dll,-22009
R1 HekkoVirtualCD;Hekko Virtual CD Driver;C:\WINDOWS\system32\Drivers\hvcd.sys [2003-07-14 10:46]
R2 X4HSX32;X4HSX32;C:\Program Files\EXEtender\X4HSX32.Sys [2005-05-31 18:26]
S3 cisaspi0;Cistone ASPI Driver;C:\WINDOWS\system32\Drivers\cisaspi0.sys []
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2005-06-05 19:44]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8da80ab2-afd1-11db-a9b4-000ae4f3f14f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1f21ac5-9354-11da-a8f4-00032532c61c}]
\Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A5CDF7EC-751B-46aa-AD69-4005FE080DE8}]
C:\WINDOWS\system32\sinmax.exe s
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-25 10:22:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-25 10:23:01
ComboFix-quarantined-files.txt 2008-02-25 16:22:39
ComboFix2.txt 2008-02-25 16:18:17
ComboFix3.txt 2008-02-20 08:15:32
ComboFix4.txt 2008-02-19 07:03:59
.
2008-02-14 21:54:11 --- E O F ---