Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Logs


  • This topic is locked This topic is locked
1 reply to this topic

#1 joeey.s

joeey.s

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 10 September 2008 - 04:43 PM

Hello guys,
Can anyone check my combo fix log to see if I got anything weird thanks in advance








ComboFix 08-09-10.02 - Administrator 2008-09-11 7:30:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2511 [GMT 10:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\temp\perflib_perfdata_1cc.dat

.
((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))
.

2008-09-10 20:49 . 2008-09-11 07:17 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-10 20:49 . 2008-09-10 20:49 <DIR> d-------- C:\Program Files\AVG
2008-09-10 20:49 . 2008-09-10 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-10 20:49 . 2008-09-10 21:13 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-10 20:49 . 2008-09-10 21:13 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-10 18:48 . 2008-09-10 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-10 17:40 . 2008-09-10 17:41 <DIR> d-------- C:\Program Files\iTunes
2008-09-10 17:40 . 2008-09-10 17:40 <DIR> d-------- C:\Program Files\iPod
2008-09-10 17:40 . 2008-09-10 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 17:37 . 2008-09-10 17:38 <DIR> d-------- C:\Program Files\QuickTime
2008-09-10 17:24 . 2008-09-10 17:24 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-09-09 19:57 . 2008-09-09 19:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DiscoSW
2008-09-09 19:33 . 2008-09-09 19:33 <DIR> d-------- C:\Program Files\DivXCodec
2008-09-09 17:50 . 2008-09-09 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRSLabs
2008-09-09 17:49 . 2008-09-09 17:49 <DIR> d-------- C:\Program Files\Common Files\SRS
2008-09-09 16:44 . 2008-04-14 05:42 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-09-09 16:44 . 2008-04-14 05:42 91,136 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-09-09 16:44 . 2008-04-14 05:42 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-09-09 16:44 . 2008-04-14 05:42 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-09-09 16:44 . 2008-04-14 05:42 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-09-09 16:44 . 2008-04-14 05:42 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-09-09 16:44 . 2008-04-14 05:42 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-09-09 16:44 . 2008-04-14 05:42 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-09-09 16:42 . 2008-09-09 16:42 <DIR> d-------- C:\WINDOWS\CatRoot
2008-09-09 16:42 . 2008-09-09 16:42 <DIR> d-------- C:\Program Files\Vimicro
2008-09-09 16:42 . 2000-10-31 12:00 307,200 --------- C:\WINDOWS\vidcap32.Exe
2008-09-09 16:42 . 2003-07-11 11:12 159,799 --a------ C:\WINDOWS\system32\VM31bPrp.Ax
2008-09-09 16:42 . 2002-08-22 16:34 147,456 --a------ C:\WINDOWS\VMCap.exe
2008-09-09 16:42 . 2004-08-05 18:05 90,532 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2008-09-09 16:42 . 2003-05-15 17:17 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2008-09-09 16:42 . 2002-08-22 17:02 53,248 --a------ C:\WINDOWS\StillCap.exe
2008-09-09 16:42 . 2002-10-16 09:29 49,152 --a------ C:\WINDOWS\amcap.exe
2008-09-09 16:42 . 2003-01-21 15:19 40,960 --a------ C:\WINDOWS\VM_STI.EXE
2008-09-08 21:05 . 2008-09-08 21:05 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-08 20:57 . 2008-06-13 21:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-08 20:55 . 2008-05-02 00:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-08 20:55 . 2008-05-09 00:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-08 20:54 . 2008-04-12 05:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-08 20:38 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-08 20:38 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-08 20:38 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-08 20:06 . 2008-09-08 20:06 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\3Dconnexion
2008-09-08 20:03 . 2008-09-08 20:03 65,541 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-09-08 20:02 . 2008-09-08 20:02 5,292,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-08 19:59 . 2008-09-08 20:03 6,186 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-08 19:53 . 2008-09-08 19:53 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-09-08 16:55 . 2008-09-09 19:33 414,272 --a------ C:\WINDOWS\system32\DivXc32f.dll
2008-09-08 16:55 . 2008-09-09 19:33 414,272 --a------ C:\WINDOWS\system32\DivXc32.dll
2008-09-08 16:55 . 2008-09-09 19:33 291,408 --a------ C:\WINDOWS\system32\DivXa32.acm
2008-09-08 16:55 . 2008-09-09 19:33 240,400 --a------ C:\WINDOWS\system32\DivX_c32.ax
2008-09-08 16:55 . 2008-09-09 19:33 196,608 --a------ C:\WINDOWS\system32\avisynth.dll
2008-09-08 16:54 . 2008-09-09 19:33 33,280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-04 20:52 . 2008-09-04 20:52 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-09-04 19:17 . 2008-09-04 19:17 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-09-04 18:52 . 2008-09-04 18:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-09-04 18:37 . 2008-09-04 18:37 <DIR> d-------- C:\Program Files\Atari
2008-09-04 18:35 . 2008-09-04 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Atari
2008-09-04 16:59 . 2008-09-04 17:10 174 --a------ C:\WINDOWS\thug.ini
2008-09-04 16:03 . 2008-09-04 16:03 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-04 07:46 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-09-04 07:30 . 2008-09-04 07:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-09-03 20:30 . 2008-09-03 20:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2008-09-03 20:24 . 2008-09-04 07:30 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-03 20:18 . 2008-09-03 20:18 <DIR> d-------- C:\WINDOWS\WinRAR
2008-09-03 19:57 . 2008-09-03 19:57 <DIR> d-------- C:\Program Files\SlySoft
2008-09-03 19:54 . 2008-09-03 19:54 <DIR> d-------- C:\Program Files\CCleaner
2008-09-03 18:23 . 2008-09-03 18:23 <DIR> d-------- C:\Documents and Settings\Phong\Application Data\3Dconnexion
2008-09-02 22:28 . 2008-09-02 22:29 73,728 --------- C:\WINDOWS\system32\Setup_ver1.1431.0.0xe
2008-09-02 22:03 . 2008-09-02 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-09-02 20:04 . 2008-09-02 20:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Canon
2008-09-02 16:02 . 2008-09-02 16:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\3Dconnexion
2008-09-02 07:41 . 2008-09-02 07:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-09-02 07:41 . 2008-09-10 21:06 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-02 07:40 . 2008-09-09 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-09-01 21:14 . 2008-09-01 21:14 <DIR> d-------- C:\Documents and Settings\Phong\Application Data\Nexon
2008-09-01 21:12 . 2008-09-01 22:27 <DIR> d-------- C:\Documents and Settings\Phong\Application Data\Hamachi
2008-09-01 20:15 . 2008-09-01 20:40 <DIR> d-------- C:\Documents and Settings\Phong\Application Data\dvdcss
2008-09-01 20:14 . 2008-09-01 20:14 <DIR> d-------- C:\Documents and Settings\Phong\Application Data\vlc
2008-09-01 20:12 . 2008-09-01 20:12 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-01 20:01 . 2008-09-01 20:01 <DIR> d-------- C:\Documents and Settings\Phong\Application Data\Canon
2008-09-01 19:13 . 2008-09-01 19:13 57,344 --a------ C:\WINDOWS\system32\binkp2x.dll
2008-09-01 19:13 . 2008-09-01 19:13 49,152 --a------ C:\WINDOWS\system32\brwsvc.dll
2008-09-01 19:13 . 2008-09-01 19:13 20,480 --a------ C:\WINDOWS\system32\nt32int.dll
2008-09-01 18:39 . 2008-09-01 18:39 <DIR> d-------- C:\Program Files\DVD Shrink
2008-09-01 18:39 . 2008-09-01 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-09-01 18:39 . 2008-09-09 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-01 18:38 . 2008-09-01 19:13 24 ---hs---- C:\WINDOWS\S46A395B3.tmp
2008-09-01 18:34 . 2008-09-01 18:34 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Nero
2008-09-01 07:35 . 2008-09-01 07:35 <DIR> d-------- C:\Documents and Settings\Phong\Application Data\Nero
2008-08-30 21:39 . 2008-08-30 21:39 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-08-30 21:39 . 2003-07-21 04:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-08-30 21:39 . 2005-01-04 19:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-08-30 21:31 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-30 21:31 . 2008-04-14 00:17 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-30 21:31 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-30 21:31 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-30 21:28 . 2008-08-30 21:28 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-08-30 21:27 . 2008-08-30 21:27 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-08-30 21:27 . 2007-03-19 06:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8S.DLL
2008-08-30 21:26 . 2008-08-30 21:26 <DIR> d--h----- C:\Program Files\CanonBJ
2008-08-30 21:26 . 2007-03-23 17:30 1,400,832 --a------ C:\WINDOWS\system32\CNC210C.DLL
2008-08-30 21:26 . 2007-03-19 11:16 200,704 --a------ C:\WINDOWS\system32\CNC210L.DLL
2008-08-30 21:26 . 2007-03-15 15:12 188,416 --a------ C:\WINDOWS\system32\CNC210O.DLL
2008-08-30 21:26 . 2007-03-23 17:29 98,304 --a------ C:\WINDOWS\system32\CNC210I.DLL
2008-08-30 21:24 . 2008-08-30 21:29 <DIR> d-------- C:\Program Files\Canon
2008-08-30 20:27 . 2008-08-30 20:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-08-30 19:36 . 2008-08-30 19:36 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-08-30 19:31 . 2008-08-30 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-08-30 19:22 . 2008-08-30 19:22 <DIR> d-------- C:\Program Files\Nero
2008-08-30 19:22 . 2008-08-30 19:29 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-30 19:22 . 2008-08-30 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-30 18:44 . 2008-08-30 18:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nexon
2008-08-30 18:43 . 2008-08-30 22:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\F-Secure
2008-08-30 17:21 . 2008-08-30 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-30 16:55 . 2008-08-30 16:55 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-30 16:26 . 2008-08-30 20:14 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-08-30 16:09 . 2008-08-30 16:09 <DIR> d-------- C:\Nexon
2008-08-30 15:52 . 2008-09-10 20:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Hamachi
2008-08-30 15:51 . 2008-08-30 15:52 <DIR> d-------- C:\Program Files\Hamachi
2008-08-30 15:51 . 2008-08-30 15:51 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-30 15:33 . 2008-09-08 21:18 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-30 15:30 . 2008-06-24 02:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-30 15:30 . 2007-04-17 19:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 10:03 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-08-09 13:56 --------- d-----w C:\Program Files\intel
2008-08-09 03:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10 68,808 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 08:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:57 817,152 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.

------- Sigcheck -------

2008-06-24 02:01 827904 c66402a06b83b036c195242c0c8cf83c C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2004-08-04 11:07 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2008-04-14 05:42 666112 7a4f775abb2f1c97def3e73afa2faedd C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-06-24 02:57 817152 af8fed8589c636500cbb5b20bed09890 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-06-24 02:57 817152 af8fed8589c636500cbb5b20bed09890 C:\WINDOWS\system32\wininet.dll
2008-06-24 02:57 826368 8c13d4a7479fa0a026eda8abce82c0ed C:\WINDOWS\system32\dllcache\wininet.dll

2008-04-14 05:42 975872 561a50497324f378e30f55d09b4e1258 C:\WINDOWS\explorer.exe
2004-08-04 11:07 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2008-04-14 05:42 975872 561a50497324f378e30f55d09b4e1258 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2004-08-04 11:07 111104 4126d27cece4471e00e425411f7306b5 C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\Optus Internet Security Suite\Common\FSM32.EXE" [2007-04-27 183208]
"F-Secure TNB"="C:\Program Files\Optus Internet Security Suite\FSGUI\TNBUtil.exe" [2007-04-27 740208]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-02 3026944]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2003-01-21 40960]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-10 1235736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-02 65536]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Start 3DxWare.lnk - C:\Program Files\3Dconnexion\3Dconnexion 3DxWare\3dxsrv.exe [2006-07-21 119296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DevconDefaultDB]
C:\WINDOWS\READREG [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 20:12 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-04 02:50 1603152 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
--a------ 2007-04-04 02:00 644696 C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-08 23:02 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
--a------ 2003-06-19 20:36 118784 C:\WINDOWS\system32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-06-19 20:55 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-03-02 13:19 753664 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PROMon.exe]
--a------ 2002-10-30 17:09 73728 C:\WINDOWS\system32\PROMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--a------ 2002-12-03 00:56 49152 C:\WINDOWS\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-08-10 51072]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-10 97928]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Optus Internet Security Suite\HIPS\fshs.sys [2008-08-10 41184]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-10 231704]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Optus Internet Security Suite\Anti-Virus\minifilter\fsgk.sys [2007-04-27 59760]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Optus Internet Security Suite\Anti-Virus\Win2K\FSfilter.sys [2007-04-27 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Optus Internet Security Suite\Anti-Virus\Win2K\FSrec.sys [2007-04-27 25456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{136ca586-66aa-11dd-b8cb-00306ed7e1ba}]
\Shell\AutoRun\command - AutoRun\AutoStart.exe
\Shell\Explore\Command - AutoRun\AutoStart.exe
\Shell\Open\Command - AutoRun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ba711dc-6ce9-11dd-b8cf-00306ed7e1ba}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udsbpc20.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 07:36:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-11 7:37:53
ComboFix-quarantined-files.txt 2008-09-10 21:37:46

Pre-Run: 86,038,454,272 bytes free
Post-Run: 86,054,129,664 bytes free

292 --- E O F --- 2008-09-10 11:03:32

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:24 AM

Posted 25 September 2008 - 09:42 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users