Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Log


  • This topic is locked This topic is locked
1 reply to this topic

#1 bleeping_ie

bleeping_ie

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 22 April 2008 - 08:49 PM

ComboFix 08-04-22.1 - Gerg 2008-04-22 20:32:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.610 [GMT -5:00]
Running from: C:\Documents and Settings\Gerg\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gerg\g2mdlhlpx.exe
C:\Documents and Settings\Gerg\My Documents\DOBE~1
C:\temp\tn3
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\USBAUDIOO.sys
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USBAUDIOO
-------\Service_USBAUDIOO


((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-16 02:31 . 2008-04-16 02:50 <DIR> d-------- C:\ComboFix2
2008-04-15 23:30 . 2008-04-22 20:28 <DIR> d-------- C:\Program Files\Browser
2008-04-09 21:22 . 2008-04-09 21:22 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-09 21:04 . 2008-04-09 21:04 5,662 --a------ C:\WINDOWS\bcm1F9.tmp
2008-04-09 20:37 . 2008-04-22 20:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-09 20:37 . 2008-04-09 20:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-09 20:36 . 2008-04-09 20:36 <DIR> d-------- C:\Program Files\iTunes
2008-04-09 20:36 . 2008-04-09 20:36 <DIR> d-------- C:\Program Files\iPod
2008-04-09 20:36 . 2008-04-09 20:36 <DIR> d-------- C:\Documents and Settings\Gerg\Application Data\Apple Computer
2008-04-09 20:35 . 2008-04-15 23:33 <DIR> d-------- C:\Program Files\Bonjour
2008-04-09 20:34 . 2008-04-09 20:35 <DIR> d-------- C:\Program Files\QuickTime
2008-04-09 20:34 . 2008-04-09 20:34 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-09 20:33 . 2008-04-09 20:33 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-04-09 20:33 . 2008-04-09 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-09 11:55 . 2008-04-15 23:05 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-09 11:12 . 2008-04-22 15:25 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-09 11:12 . 2008-04-09 19:24 <DIR> d-------- C:\Documents and Settings\Gerg\Application Data\AVGTOOLBAR
2008-04-09 11:12 . 2008-04-09 11:12 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-09 11:12 . 2008-04-09 11:12 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-04-09 11:12 . 2008-04-09 11:12 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-04-09 11:12 . 2008-04-09 11:12 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-09 11:11 . 2008-04-09 11:11 <DIR> d-------- C:\Program Files\AVG
2008-04-09 11:11 . 2008-04-09 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-09 11:11 . 2008-04-09 11:11 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-04-09 11:11 . 2008-04-09 11:11 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-04-07 16:57 . 2008-04-09 11:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-07 16:56 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-07 16:56 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-07 16:56 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-07 16:56 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-07 16:20 . 2008-04-09 13:29 <DIR> d-------- C:\WINDOWS\system32\wii
2008-04-07 16:20 . 2008-04-08 01:12 <DIR> d-------- C:\WINDOWS\system32\pinz1
2008-04-07 16:20 . 2008-04-07 16:20 <DIR> d-------- C:\WINDOWS\system32\IDE2
2008-04-07 16:20 . 2008-04-08 01:12 <DIR> d-------- C:\WINDOWS\system32\ExTmp
2008-04-07 16:20 . 2008-04-07 22:03 <DIR> d-------- C:\WINDOWS\system32\bharebio01
2008-04-07 16:20 . 2008-04-08 16:15 <DIR> d--hs---- C:\WINDOWS\R2VyZw
2008-04-03 17:10 . 2008-04-03 17:11 <DIR> d-------- C:\Program Files\Seagate
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 17:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-09 16:58 --------- d-----w C:\Program Files\Dell
2008-04-09 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-09 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-04-09 16:38 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-09 16:38 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Gtek
2008-04-09 03:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-14 00:04 --------- d-----w C:\Program Files\Microsoft Expression
2008-03-13 21:58 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-13 21:58 --------- d-----w C:\Program Files\MSBuild
2008-03-13 21:53 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-08 03:41 --------- d-----w C:\Program Files\Microsoft File Transfer Manager
2006-06-06 14:43 32,768 ----a-w C:\Documents and Settings\Gerg\Application Data\rndcinscheck.dll
2005-07-29 21:24 472 --sha-r C:\WINDOWS\R2VyZw\lZpVtT.vbs
2006-09-05 18:33 88 --sh--r C:\WINDOWS\system32\57167496FD.sys
2006-08-10 15:50 56 --sh--r C:\WINDOWS\system32\FD96741657.sys
2006-09-05 18:33 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}]
C:\WINDOWS\system32\atgban.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-09 19:16 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-09 19:16 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-09 19:16 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 09:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 09:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 09:45 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 20:48 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 397312 C:\WINDOWS\stsystra.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 04:56 761947]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 14:20 190008]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-09 19:16 1177368]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyywt]
yayyywt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gerg^Start Menu^Programs^Startup^Trillian.lnk]
path=C:\Documents and Settings\Gerg\Start Menu\Programs\Startup\Trillian.lnk
backup=C:\WINDOWS\pss\Trillian.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellHelp]
--a------ 2004-04-01 15:51 1589248 C:\Dell\DellHelp\DellHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 20:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]
C:\Program Files\Citrix\GoToMeeting\189\g2mstart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1152337218\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 02:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-17 21:24 184320 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwingTowns]
C:\Documents and Settings\Gerg\Desktop\SwingTowns.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
--a------ 2007-08-06 11:13 375808 C:\Program Files\TiVo\Desktop\TiVoNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
--a------ 2007-08-06 11:14 1492480 C:\Program Files\TiVo\Desktop\TiVoServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
--a------ 2007-08-06 11:12 1192960 C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"SQLWriter"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"SQLBrowser"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Civilization 4\\Warlords\\Civ4Warlords.exe"=
"C:\\Program Files\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-09 11:12]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-09 11:12]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-09 11:12]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-04-09 11:12]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-09 11:12]
R2 Seagate Sync Service;Seagate Sync Service;"C:\Program Files\Seagate\Sync\SeaSyncServices.exe" [2007-01-18 14:20]
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service []
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-09 11:11]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-09 11:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67aa67c5-b46c-11db-9be9-001422f77a27}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 20:39:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-04-22 20:45:00 - machine was rebooted [Gerg]
ComboFix-quarantined-files.txt 2008-04-23 01:44:57

Pre-Run: 42,522,353,664 bytes free
Post-Run: 42,538,250,240 bytes free

281 --- E O F --- 2008-04-09 16:03:52

Attached Files

  • Attached File  log.txt   18.78KB   11 downloads


BC AdBot (Login to Remove)

 


#2 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:26 PM

Posted 09 May 2008 - 11:40 AM

I apologize for the wait, we have a large amount of logs and a limited amount of volunteers to respond. If you have not yet resolved your issue, post a new HJT log using Add Reply and I will take a look. Copy/paste your log do not attach it. If I do not hear from you in a couple of days, I will assume you no longer need help and close the topic.

Thanks for your patience.

pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users