Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Messenger


  • This topic is locked This topic is locked
1 reply to this topic

#1 shrey

shrey

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 10 March 2008 - 09:18 AM

here is my log


ComboFix 08-03-09.4 - shreyus 2008-03-10 19:26:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.519 [GMT 5.5:30]
Running from: C:\Documents and Settings\shreyus\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))
.

2008-03-10 19:23 . 2008-03-10 19:23 13 --a------ C:\temp00
2008-03-10 18:42 . 2008-03-09 07:36 115,329 -r-hs---- C:\c18vk.exe
2008-03-10 18:30 . 2008-03-10 18:34 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-03-10 18:08 . 2008-03-10 18:09 <DIR> d-------- C:\totalcmd
2008-03-10 18:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-03-10 18:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-03-10 18:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-03-10 18:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-03-10 18:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-03-10 18:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-03-10 18:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-03-10 18:08 . 2008-03-10 18:08 41 --a------ C:\WINDOWS\wincmd.ini
2008-03-09 09:12 . 2008-03-10 18:30 121 --a------ C:\WINDOWS\bdagent.INI
2008-03-09 08:19 . 2008-03-10 18:27 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-09 08:18 . 2008-03-10 18:30 <DIR> d-------- C:\Program Files\BitDefender
2008-03-09 08:17 . 2008-03-09 08:18 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-03-04 18:12 . 2008-03-04 18:12 <DIR> d-------- C:\Program Files\Opera
2008-02-24 16:31 . 2008-02-24 16:31 <DIR> d-------- C:\Documents and Settings\shreyus\Application Data\ESET
2008-02-23 21:31 . 2008-02-23 21:34 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-20 21:36 . 2008-02-20 21:36 <DIR> d-------- C:\OutputFolder
2008-02-20 11:11 . 2008-02-20 11:11 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 11:02 . 2008-02-20 11:02 29,704 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 11:01 . 2008-02-20 11:01 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-02-19 22:04 . 2008-02-19 22:04 <DIR> d-------- C:\Program Files\YouTube Downloader 3000
2008-02-19 21:36 . 2008-02-19 22:04 <DIR> d-------- C:\Documents and Settings\shreyus\Application Data\IDM
2008-02-19 21:34 . 2008-02-19 21:34 94,208 --a------ C:\WINDOWS\system32\ScrUnZip.dll
2008-02-17 14:35 . 2008-02-17 14:35 262 --a------ C:\WINDOWS\game.ini
2008-02-14 19:25 . 2008-02-14 19:25 <DIR> d-------- C:\WINDOWS\Google Toolbar
2008-02-14 18:16 . 2008-02-14 18:17 <DIR> d-------- C:\Documents and Settings\shreyus\.dvdcss
2008-02-12 22:23 . 2008-02-12 22:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-02-12 22:23 . 2008-02-12 22:26 <DIR> d-------- C:\Program Files\QuickTime
2008-02-12 22:23 . 1999-05-28 02:15 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-02-12 22:23 . 2008-02-12 22:26 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-02-11 17:08 . 2008-02-11 17:09 <DIR> d-------- C:\Program Files\DataoneQUF
2008-02-10 10:54 . 2008-02-10 10:54 <DIR> d-------- C:\Program Files\allwonders Maps Of India
2008-02-10 10:54 . 2008-02-10 10:54 149,732 --a------ C:\WINDOWS\allwonders Maps Of India Uninstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 14:00 --------- d-----w C:\Documents and Settings\shreyus\Application Data\DMCache
2008-03-10 13:58 --------- d-----w C:\Documents and Settings\shreyus\Application Data\BitTorrent
2008-03-09 16:03 --------- d-----w C:\Program Files\Yahoo!
2008-03-09 05:34 --------- d-----w C:\Program Files\DAEMON Tools
2008-03-03 13:45 --------- d-----w C:\Documents and Settings\shreyus\Application Data\PC Suite
2008-03-02 14:38 --------- d-----w C:\Documents and Settings\shreyus\Application Data\U3
2008-02-24 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-02-23 16:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-20 16:17 --------- d-----w C:\Program Files\Internet Download Manager
2008-02-17 09:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 13:38 --------- d-----w C:\Program Files\EA SPORTS
2008-02-05 16:01 --------- d-----w C:\Program Files\Puzzlemaker
2008-02-05 15:25 --------- d-----w C:\Program Files\ImTOO
2008-02-03 10:21 --------- d-----w C:\Program Files\VirtualDJ
2008-02-03 09:33 --------- d-----w C:\Documents and Settings\shreyus\Application Data\Nokia
2008-02-03 09:24 --------- d-----w C:\Program Files\Google
2008-02-02 18:16 --------- d-----w C:\Documents and Settings\shreyus\Application Data\Nokia Multimedia Player
2008-02-02 18:12 --------- d-----w C:\Program Files\DIFX
2008-02-02 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-02 18:11 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-02 18:11 --------- d-----w C:\Program Files\Nokia
2008-02-02 18:11 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-02 18:11 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-02 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-02-02 10:08 --------- d-----w C:\Program Files\Java
2008-02-02 10:01 --------- d-----w C:\Program Files\Common Files\Java
2008-02-01 13:17 --------- d-----w C:\Documents and Settings\shreyus\Application Data\Love Quotes
2008-02-01 13:10 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-01-29 17:28 --------- d-----w C:\Documents and Settings\shreyus\Application Data\Snapfish
2008-01-29 10:45 --------- d-----w C:\Documents and Settings\shreyus\Application Data\Ahead
2008-01-29 10:42 --------- d-----w C:\Documents and Settings\shreyus\Application Data\Simple Star
2008-01-29 10:41 --------- d-----w C:\Program Files\Ahead
2008-01-28 11:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-28 11:49 --------- d--h--r C:\Documents and Settings\shreyus\Application Data\SecuROM
2008-01-22 11:54 --------- d-----w C:\Program Files\Common Files\Macromedia Shared
2008-01-22 11:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
2008-01-22 11:53 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-01-22 11:52 --------- d-----w C:\Program Files\Macromedia
2008-01-21 14:42 --------- d-----w C:\Documents and Settings\shreyus\Application Data\PTC
2008-01-21 14:34 --------- d-----w C:\Program Files\Groove Networks
2008-01-21 14:34 --------- d-----w C:\Documents and Settings\shreyus\Application Data\Groove Networks
2008-01-21 14:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Groove Networks
2008-01-21 14:33 --------- d-----w C:\Program Files\PTC Collaboration Tools
2008-01-21 14:30 --------- d-----w C:\Program Files\proeWildfire 3.0
2008-01-21 14:21 --------- d-----w C:\Program Files\flexnet
2008-01-21 14:18 13,482 ----a-w C:\license.dat
2008-01-21 07:44 --------- d-----w C:\Program Files\MPlayer for Windows
2008-01-21 07:43 --------- d-----w C:\Documents and Settings\shreyus\Application Data\mplayer
2008-01-20 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2008-01-19 16:22 --------- d-----w C:\Program Files\Ligos
2008-01-19 10:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-18 01:17 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-17 07:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-17 07:37 --------- d-----w C:\Program Files\AoA DVD Ripper
2008-01-17 07:36 --------- d-----w C:\Program Files\XviD
2008-01-15 17:49 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
2008-01-15 17:49 --------- d-----w C:\Program Files\Logitech
2008-01-15 17:47 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-15 09:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-14 13:59 --------- d-----w C:\Program Files\MSTpscre
2008-01-13 17:31 --------- d-----w C:\Program Files\ESET
2008-01-13 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2008-01-13 07:47 --------- d-----w C:\Program Files\Alcohol Soft
2008-01-07 13:16 203,264 ----a-w C:\WINDOWS\system32\F1 Screensaver 2006.scr
2001-11-23 04:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-02 23:45 171448]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-02-19 21:37 2553264]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-02-09 11:16 299260]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^shreyus^Start Menu^Programs^Startup^Metacafe Downloader.lnk]
path=C:\Documents and Settings\shreyus\Start Menu\Programs\Startup\Metacafe Downloader.lnk
backup=C:\WINDOWS\pss\Metacafe Downloader.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^shreyus^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\shreyus\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2007-09-23 10:32 286016 C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-15 01:39 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dc]
C:\WINDOWS\dc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dc2k5]
C:\WINDOWS\SVIQ.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2008-02-20 11:06 1443072 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fun]
C:\WINDOWS\system\Fun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a--c--- 2007-01-02 02:52 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-02-19 21:37 2553264 C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
C:\WINDOWS\system32\kavo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\inf\Other.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2004-03-03 15:20 19968 C:\WINDOWS\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Love Quotes Program]
C:\Program Files\Love Quotes\lovequotes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-29 00:43 8466432 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-29 00:43 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
C:\Program Files\Ascentive\Performance Center\ApcMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2005-02-26 05:58 212992 C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\system32\config\Win.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-02-02 23:45 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tpscrex]
C:\Program Files\MSTpscre\Tpscrex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
--a------ 2004-03-18 09:33 892928 C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ANSYS.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ans_admin.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970_DP.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\lsprepostd.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitest.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitestmpich.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\sxpost.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\tclsh.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\wish.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug30\\Intel\\ansconug30.exe"=
"C:\\Program Files\\proeWildfire 3.0\\i486_nt\\nms\\nmsd.exe"=
"C:\\Program Files\\proeWildfire 3.0\\i486_nt\\obj\\pro_comm_msg.exe"=
"C:\\Program Files\\proeWildfire 3.0\\i486_nt\\obj\\xtop.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2004-10-26 19:35]
S3 GrooveInstallerService;Groove Installer Service;C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe [2003-03-28 18:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0aa34e74-5183-11dc-8306-000b6ae4f16f}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{994e9892-52ee-11dc-8309-000b6ae4f16f}]
\Shell\AutoRun\command - K:\h2.com
\Shell\explore\Command - K:\h2.com
\Shell\open\Command - K:\h2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad83e3e7-8a05-11dc-8371-000b6ae4f16f}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad83e3e8-8a05-11dc-8371-000b6ae4f16f}]
\Shell\AutoRun\command - K:\h2.com
\Shell\explore\Command - K:\h2.com
\Shell\open\Command - K:\h2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be072109-e83b-11dc-844c-000b6ae4f16f}]
\Shell\AutoRun\command - J:\h2.com
\Shell\explore\Command - J:\h2.com
\Shell\open\Command - J:\h2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbd86d4c-6519-11dc-8335-000b6ae4f16f}]
\Shell\AutoRun\command - J:\h2.com
\Shell\explore\Command - J:\h2.com
\Shell\open\Command - J:\h2.com

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 19:30:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\ansyslmd.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\flexnet\i486_nt\obj\ptc_d.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-03-10 19:32:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-10 14:02:54
.
2008-01-21 13:13:45 --- E O F ---

BC AdBot (Login to Remove)

 


m

#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:34 PM

Posted 10 March 2008 - 09:43 AM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users