|
|
salmend
regular
Reg'd: Tue
Posts: 64
|
Re: Probably hijacked
Mon May 26 2008 02:58 AM
|
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ComboFix 08-05-24.1 - Jay Cutler 2008-05-25 13:39:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.517 [GMT -4:00]
Running from: C:\Documents and Settings\Jay Cutler\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jay Cutler\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\tmp0_3430811804.bk
C:\WINDOWS\system32\tmp0_380907497373.bk
C:\WINDOWS\system32\tmp0_469786540126.bk
C:\WINDOWS\system32\tmp0_599422390509.bk
C:\WINDOWS\system32\tmp0_625053806360.bk
C:\WINDOWS\system32\tmp0_748092173924.bk
C:\WINDOWS\system32\tmp1_315894244406.bk
C:\WINDOWS\system32\tmp1_317085122207.bk
C:\WINDOWS\system32\tmp1_649344219682.bk
C:\WINDOWS\system32\tmp1_664023400460.bk
C:\WINDOWS\system32\tmp1_94190556457.bk
C:\WINDOWS\system32\tmp3_117240541271.bk
C:\WINDOWS\system32\tmp3_218644657288.bk
C:\WINDOWS\system32\tmp3_373653381638.bk
C:\WINDOWS\system32\tmp3_47311507548.bk
C:\WINDOWS\system32\tmp3_5515904207.bk
C:\WINDOWS\system32\tmp3_81667222068.bk
C:\WINDOWS\system32\tmp4_409043720879.bk
C:\WINDOWS\system32\tmp4_7215768361.bk
C:\WINDOWS\system32\tmp4_796775231189.bk
C:\WINDOWS\system32\tmp4_89543966186.bk
C:\WINDOWS\system32\WServing.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_Routing
-------\Service_WServing
((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.
C:\ComboFix\CreateC00.bat .
C:\ComboFix\CreateC00.bat .
C:\ComboFix\CreateC00.bat .
2008-05-25 13:50 . 1,610,612,736 C:\pagefile.sys
2008-05-25 13:50 . 1,610,612,736 C:\pagefile.sys
2008-05-25 13:50 . 1,610,612,736 C:\pagefile.sys
2008-05-25 13:50 . 1,610,612,736 C:\pagefile.sys
2008-05-25 13:28 . 2008-05-25 13:28 <DIR> d-------- C:\cmdcons
2008-05-25 13:28 . 2008-05-25 13:28 <DIR> d-------- C:\cmdcons
2008-05-25 13:28 . 2008-05-25 13:28 <DIR> d-------- C:\cmdcons
2008-05-25 13:28 . 2008-05-25 13:28 <DIR> d-------- C:\cmdcons
2008-05-25 13:27 . 2008-05-25 13:53 <DIR> d-------- C:\ComboFix
2008-05-25 13:27 . 2008-05-25 13:53 <DIR> d-------- C:\ComboFix
2008-05-25 13:27 . 2008-05-25 13:53 <DIR> d-------- C:\ComboFix
2008-05-25 13:27 . 2008-05-25 13:53 <DIR> d-------- C:\ComboFix
2008-05-24 18:41 . 2008-04-15 08:00 4,952 -ra------ C:\Bootfont.bin
2008-05-24 18:41 . 2008-04-15 08:00 4,952 -ra------ C:\Bootfont.bin
2008-05-24 18:41 . 2008-04-15 08:00 4,952 -ra------ C:\Bootfont.bin
2008-05-24 18:41 . 2008-04-15 08:00 4,952 -ra------ C:\Bootfont.bin
2008-05-24 18:41 . 2008-04-15 08:00 4,952 -ra------ C:\Bootfont.bin
2008-05-23 19:31 . 2008-05-23 19:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-23 19:31 . 2008-05-23 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-23 19:30 . 2008-05-23 19:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 17:15 . 2008-05-23 17:15 <DIR> d--hs---- C:\Diskeeper
2008-05-23 17:15 . 2008-05-23 17:15 <DIR> d--hs---- C:\Diskeeper
2008-05-23 17:15 . 2008-05-23 17:15 <DIR> d--hs---- C:\Diskeeper
2008-05-23 17:15 . 2008-05-23 17:15 <DIR> d--hs---- C:\Diskeeper
2008-05-23 17:15 . 2008-05-23 17:15 <DIR> d--hs---- C:\Diskeeper
2008-05-12 23:20 . 2008-05-12 23:20 <DIR> d--hs---- C:\RECYCLER
2008-05-12 23:20 . 2008-05-12 23:20 <DIR> d--hs---- C:\RECYCLER
2008-05-12 23:20 . 2008-05-12 23:20 <DIR> d--hs---- C:\RECYCLER
2008-05-12 23:20 . 2008-05-12 23:20 <DIR> d--hs---- C:\RECYCLER
2008-05-12 11:04 . 2008-05-25 13:39 <DIR> d-------- C:\QooBox
2008-05-12 11:04 . 2008-05-25 13:39 <DIR> d-------- C:\QooBox
2008-05-12 11:04 . 2008-05-25 13:39 <DIR> d-------- C:\QooBox
2008-05-12 11:04 . 2008-05-25 13:39 <DIR> d-------- C:\QooBox
2008-05-08 23:33 . 2008-05-08 23:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-08 23:27 . 2008-05-09 00:02 <DIR> d-------- C:\SDFix
2008-05-08 23:27 . 2008-05-09 00:02 <DIR> d-------- C:\SDFix
2008-05-08 23:27 . 2008-05-09 00:02 <DIR> d-------- C:\SDFix
2008-05-08 23:27 . 2008-05-09 00:02 <DIR> d-------- C:\SDFix
2008-05-08 23:27 . 2008-05-09 00:02 <DIR> d-------- C:\SDFix
2008-05-07 21:09 . 2008-05-07 21:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-07 19:16 . 2008-05-07 19:16 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\vlc
2008-05-07 18:59 . 2008-05-07 19:20 6,317 --ahs---- C:\WINDOWS\system32\klnTvyay.ini
2008-05-07 18:57 . 2008-05-07 18:57 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\dvdcss
2008-05-07 18:54 . 2008-05-07 18:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
2008-05-07 18:54 . 2008-05-07 18:54 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2008-05-07 18:40 . 2008-05-07 18:55 <DIR> d-------- C:\Program Files\VLC
2008-05-07 10:18 . 2008-05-23 17:36 1,258 --a------ C:\rollback.ini
2008-05-05 21:08 . 2008-05-07 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-05 21:07 . 2008-03-13 23:10 99,816 --a------ C:\WINDOWS\system32\~GLH0021.TMP
2008-05-05 20:30 . 2008-05-23 17:28 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-05 20:29 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-05 20:28 . 2008-05-25 12:58 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-05 20:28 . 2008-05-24 18:48 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-05 11:22 . 2008-05-05 11:22 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\iolo
2008-05-05 11:22 . 2008-05-05 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-05 11:22 . 2008-05-05 11:22 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-04 14:38 . 2008-05-04 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-05-04 14:36 . 2008-05-04 14:36 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-04-30 13:33 . 2008-04-30 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AcrobatInstall
2008-04-28 14:08 . 2008-05-25 05:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 14:08 . 2008-05-25 05:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 14:08 . 2008-05-25 05:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 14:08 . 2008-05-25 05:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 14:08 . 2008-05-25 05:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-28 13:51 . 2008-04-28 13:51 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-04-28 13:51 . 2008-04-28 13:51 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-04-28 13:50 . 2008-05-25 10:17 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-28 13:50 . 2008-04-28 13:50 <DIR> d-------- C:\Program Files\AVG
2008-04-28 13:50 . 2008-04-29 00:27 <DIR> d-------- C:\Documents and Settings\Jay Cutler\Application Data\AVGTOOLBAR
2008-04-28 13:50 . 2008-04-28 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-28 13:50 . 2008-04-28 13:50 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-28 13:50 . 2008-04-28 13:50 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 17:52 --------- d-----w C:\Program Files\Steam
2008-05-25 17:40 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\uTorrent
2008-05-23 23:04 --------- d-----w C:\Program Files\CursorXP
2008-05-16 04:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 14:06 67,114 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_05_09_09_28_57_small.dmp.zip
2008-05-09 14:06 55,323 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_05_09_09_29_43_small.dmp.zip
2008-05-07 23:21 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd7805.sys
2008-05-04 18:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-28 18:41 --------- d-----w C:\Program Files\AIM6
2008-04-18 23:05 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\Ahead
2008-04-18 22:48 --------- d-----w C:\Program Files\Nero
2008-04-18 22:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-18 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-18 22:29 --------- d-----w C:\Program Files\DVD Decrypter
2008-04-18 22:28 --------- d-----w C:\Program Files\DVD Shrink
2008-04-18 16:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Viewpoint
2008-04-17 15:08 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\U3
2008-04-11 00:53 --------- d-----w C:\Program Files\DivX
2008-04-08 14:43 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\Ruckus Network
2008-04-08 07:18 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\goombah
2008-04-08 01:15 --------- d-----w C:\Program Files\Ruckus Player
2008-04-08 01:15 --------- d-----w C:\Program Files\Emergent Music LLC
2008-04-05 04:05 --------- d-----w C:\Program Files\Java
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-29 18:57 --------- d-----w C:\Documents and Settings\Jay Cutler\Application Data\CyberLink
2008-03-29 18:53 --------- d-----w C:\Program Files\CyberLink
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-12-09 06:34 4,512 ----a-w C:\Program Files\pkey.txt
2007-11-04 21:21 2,045,024 ----a-w C:\Program Files\everest.exe
2006-03-20 20:37 5,689,344 ----a-w C:\Program Files\mplayerc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4EA2008F-CF84-40DF-BDD0-FCD559C919FD}]
C:\WINDOWS\system32\yayvTnlk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-28 13:50 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-28 13:50 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-28 13:50 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-21 01:33 1271032]
"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [2007-08-11 16:50 331264]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-10-04 18:14 81920]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 14:05 2650112]
"P17Helper"="P17.dll" [2005-05-03 07:38 64512 C:\WINDOWS\system32\P17.dll]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 20:00 55368]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-21 03:14 185632]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-28 13:50 1177368]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-05-23 19:33 4382720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Keygen.exe"="C:\WINDOWS\system32\TPSrv32.exe" [ ]
C:\Documents and Settings\Jay Cutler\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khFUoliF]
khFUoliF.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-28 13:51]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-28 13:50]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-28 13:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fde2270-ad36-11dc-8f68-0016b69b6791}]
\Shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9a03ce2-0b1e-11dd-8f7c-0016b69b6791}]
\Shell\AutoRun\command - F:\LaunchU3.exe
*Newly Created Service* - AD-WATCH_REAL-TIME_SCANNER
*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
*Newly Created Service* - GTNDIS5
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 13:50:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"C:\\Program Files\\NetMeter\\NetMeter.exe"="C:\\Program Files\\NetMeter\\NetMeter.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-05-25 14:00:32 - machine was rebooted [Jay Cutler]
ComboFix-quarantined-files.txt 2008-05-25 18:00:16
ComboFix2.txt 2008-05-12 15:22:56
Pre-Run: 201,329,168,384 bytes free
Post-Run: 201,386,143,744 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=C:\$WIN_NT$.~BT\BOOTSECT.DAT
[Operating Systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /usepmtimer
C:\$WIN_NT$.~BT\BOOTSECT.DAT="Windows Setup"
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
308 --- E O F --- 2008-05-23 21:22:03
|
|
|
|
0 registered and 70 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Thread
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Thread views: 0
|
|
|
Previous
Index
Next
Flat
Edit
Reply
Quote
