Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
charliebrown
regular


Reg'd: Sun
Posts: 120
Loc: northamptonshire
Re: Computer nearly going in reverse, Help Appreciated
      Mon Apr 14 2008 09:59 AM
Reply to this post Reply   Reply to this post Quote  

Hi Joe,
One HJC log and combo log after instructions from last post.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:38:31, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\CHARLES\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8E0CB79-1B47-4E46-8BED-3D300D32B5FE}: NameServer = 212.159.6.9 212.159.6.10
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9528 bytes

*****************************************************************************

ComboFix 08-04-13.2 - CHARLES 2008-04-14 9:13:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.318 [GMT 1:00]
Running from: C:\Documents and Settings\CHARLES\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - explorer.exe: deleted 88 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.infá

.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-10 13:30 . 2008-04-14 09:09 <DIR> d-------- C:\Documents and Settings\CHARLES\Application Data\SiteAdvisor
2008-04-10 13:30 . 2008-04-10 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-10 13:30 . 2008-04-10 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-10 12:54 . 2008-04-10 12:55 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-10 12:54 . 2008-04-10 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-10 09:45 . 2008-04-10 09:46 <DIR> d-------- C:\Program Files\Picasa2
2008-04-10 09:42 . 2008-04-10 09:42 <DIR> d-------- C:\Program Files\Western Digital
2008-04-09 00:20 . 2008-04-09 00:22 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-08 22:55 . 2008-04-08 22:55 <DIR> d-------- C:\Program Files\Sun
2008-04-08 22:37 . 2008-04-08 22:37 <DIR> d-------- C:\Documents and Settings\CHARLES\Downloads
2008-04-08 22:16 . 2008-04-08 22:17 153 --a------ C:\WINDOWS\system32\1207689409.(null)
2008-04-05 19:49 . 2008-04-05 19:49 <DIR> d-------- C:\Program Files\SonicWallES
2008-04-05 17:56 . 2008-04-14 08:23 3,519 --a------ C:\rollback.ini
2008-04-05 17:51 . 2008-04-05 19:49 <DIR> d-------- C:\Documents and Settings\CHARLES\Application Data\MailFrontier
2008-04-04 20:30 . 2008-04-14 09:21 16,601,120 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 20:30 . 2008-04-14 09:18 223,388 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-02 21:24 . 2008-04-02 21:24 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-02 21:23 . 2008-04-05 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-02 21:09 . 2008-04-02 21:09 <DIR> d-------- C:\Documents and Settings\CHARLES\Application Data\iolo
2008-04-02 21:09 . 2008-04-02 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-04-02 21:09 . 2008-04-02 21:09 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-04-02 08:24 . 2008-04-02 08:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 08:12 . 2008-04-02 08:12 1,445,888 --a------ C:\Documents and Settings\CHARLES\DesktopWinsockxpFix.exe
2008-04-02 08:12 . 2008-04-02 08:12 186,368 --a------ C:\Documents and Settings\CHARLES\DesktopLSPFix.exe
2008-04-02 08:12 . 2008-04-02 08:12 36,864 --a------ C:\Documents and Settings\CHARLES\DesktopSafeMSI.exe
2008-04-01 22:18 . 2008-04-01 22:18 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-01 22:13 . 2008-04-01 22:13 <DIR> d-------- C:\Documents and Settings\CHARLES\Application Data\CheckPoint
2008-04-01 22:11 . 2008-04-01 22:11 <DIR> d-------- C:\Program Files\CheckPoint
2008-04-01 22:11 . 2008-04-01 22:11 144 --a------ C:\WINDOWS\system32\lkfl.dat
2008-04-01 22:11 . 2008-04-01 22:11 128 --a------ C:\WINDOWS\system32\pdfl.dat
2008-04-01 22:11 . 2008-04-01 22:11 96 --a------ C:\WINDOWS\system32\ibfl.dat
2008-04-01 21:22 . 2008-04-02 08:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-17 21:04 . 2008-03-17 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 08:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-04-14 08:11 --------- d-----w C:\Program Files\Windows Desktop Search
2008-04-14 08:11 --------- d-----w C:\Program Files\Google
2008-04-14 07:12 --------- d-----w C:\Documents and Settings\CHARLES\Application Data\AVG7
2008-04-08 21:57 --------- d-----w C:\Program Files\Yahoo!
2008-04-08 21:55 --------- d-----w C:\Program Files\Java
2008-04-08 21:19 --------- d-----w C:\Program Files\SpywareGuard
2008-04-02 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-02 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 21:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 21:27 --------- d-----w C:\Program Files\COMODO
2008-04-01 21:27 --------- d-----w C:\Documents and Settings\CHARLES\Application Data\Comodo
2008-04-01 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-03-29 19:59 --------- d-----w C:\Program Files\Eraser
2008-03-17 20:04 --------- d-----w C:\Program Files\Apple Software Update
2008-03-11 20:44 --------- d-----w C:\Program Files\Startup Inspector for Windows
2008-03-08 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-07 21:32 44,008 ----a-w C:\Documents and Settings\CHARLES\Application Data\GDIPFONTCACHEV1.DAT
2008-02-25 21:22 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-02-25 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-10-16 20:08 296 ----a-w C:\Documents and Settings\CHARLES\Application Data\wklnhst.dat
2005-05-11 23:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"= C:\Program Files\CheckPoint\ZAForceField\TrustChecker\Components\TrustCheckerIEPlugin.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107}]
[HKEY_CLASSES_ROOT\CheckPoint.ForceFieldToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{80E552F9-F23B-4DD7-A1CD-80AA724529E6}]
[HKEY_CLASSES_ROOT\CheckPoint.ForceFieldToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 13:42 401491]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 13:44 68856]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-02 08:32 579072]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-10 09:43 1838592]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 02:18 366400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360]
"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2004-11-06 09:38 1359967]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-01-16 21:49 160592]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-02 08:32 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 20:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 14:11 233472]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax DllCmd 4.0.lnk]
backup=C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu 4.0.lnk]
backup=C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^CHARLES^Start Menu^Programs^Startup^ePrompter.lnk]
backup=C:\WINDOWS\pss\ePrompter.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^CHARLES^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-04-23 12:23 1032640 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-09-14 08:55 61440 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--------- 2005-06-29 04:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
C:\Program Files\COMODO\Firewall\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 20:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C64 Series]
--a------ 2003-05-27 04:08 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2006-12-26 01:23 643072 C:\Program Files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 13:42 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-04-23 12:23 1032640 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbymon.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-14 00:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-11-09 14:16 688128 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2007-11-07 18:35 1294336 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
C:\PROGRA~1\CA\ETRUST~1\realmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--------- 2002-09-13 22:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2004-07-15 08:07 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2008-01-16 21:49 160592 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--------- 2004-11-16 09:20 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 17:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--------- 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-16 13:44 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar Hide]
--a------ 2007-05-20 11:38 402432 C:\PROGRA~1\Taskbar Hide\TaskBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-12-13 16:58 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2005-06-01 23:40]
R2 IswSvc;ForceField IswSvc;"C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [2008-03-27 14:43]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 icsak;icsak;C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys [2008-03-27 14:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-03-07 20:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-03-17 20:05:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 09:21:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Windows Desktop Search\wds_sl.exe
.
**************************************************************************
.
Completion time: 2008-04-14 9:23:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 08:23:18

Pre-Run: 132,128,677,888 bytes free
Post-Run: 131,992,842,240 bytes free
.
2008-04-08 23:22:33 --- E O F ---

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* Computer nearly going in reverse, Help Appreciated charliebrown Sun Apr 06 2008 09:32 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Tue Apr 08 2008 10:33 AM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Tue Apr 08 2008 09:51 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Tue Apr 08 2008 09:57 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Tue Apr 08 2008 10:23 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Wed Apr 09 2008 11:01 AM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Thu Apr 10 2008 09:26 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Fri Apr 11 2008 09:20 AM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Mon Apr 14 2008 09:59 AM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Mon Apr 14 2008 04:06 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Tue Apr 15 2008 08:04 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Wed Apr 16 2008 07:35 AM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Wed Apr 16 2008 11:13 AM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Wed Apr 16 2008 01:03 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Wed Apr 16 2008 01:25 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Wed Apr 16 2008 01:56 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Wed Apr 16 2008 02:42 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Wed Apr 16 2008 05:21 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Wed Apr 16 2008 05:50 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Wed Apr 16 2008 06:05 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Wed Apr 16 2008 06:13 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Wed Apr 16 2008 06:57 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Wed Apr 16 2008 08:02 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Thu Apr 17 2008 08:41 AM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Thu Apr 17 2008 09:42 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Thu Apr 17 2008 10:06 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Thu Apr 17 2008 10:09 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Fri Apr 18 2008 09:24 AM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Fri Apr 18 2008 08:50 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Sat Apr 19 2008 10:30 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Sun Apr 20 2008 09:41 AM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Sun Apr 20 2008 02:51 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Sun Apr 20 2008 09:56 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Mon Apr 21 2008 12:08 AM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Mon Apr 21 2008 08:52 AM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Mon Apr 21 2008 09:47 AM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Tue Apr 22 2008 08:33 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Tue Apr 22 2008 09:53 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Tue Apr 22 2008 09:55 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Wed Apr 23 2008 04:03 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Mon Apr 28 2008 09:26 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Mon Apr 28 2008 10:16 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Sun Apr 20 2008 09:32 PM
. * * Re: Computer nearly going in reverse, Help Appreciated Joe_LondonModerator   Sat Apr 19 2008 11:23 AM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Sat Apr 19 2008 09:14 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Fri Apr 18 2008 04:30 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Thu Apr 17 2008 10:01 PM
. * * Re: Computer nearly going in reverse, Help Appreciated charliebrown   Tue Apr 08 2008 10:19 PM

Extra information
0 registered and 13 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved