Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.637 [GMT -8:00]
Running from: C:\Documents and Settings\Tim Burke\Local Settings\Temporary Internet Files\Content.IE5\KPABW9QF\ComboFix[1].exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\vtuuuss.dll
C:\Documents and Settings\Tim Burke\My Documents\MCROSO~1.NET
C:\Program Files\Common Files\asks~1
C:\Program Files\Temporary
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\bynqhfee.dll
C:\WINDOWS\system32\dluefhdu.dll
C:\WINDOWS\SYSTEM32\eefhqnyb.ini
C:\WINDOWS\system32\ljjkifd.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\rtutv.ini
C:\WINDOWS\SYSTEM32\rtutv.ini2
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\vtuuuss.dll
C:\WINDOWS\system32\xxyvvss.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.
2008-01-29 19:55 . 2008-01-29 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-29 14:25 . 2008-01-29 14:25 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-29 14:25 . 2008-01-29 14:25 36,864 --a------ C:\WINDOWS\17PHolmes572.exe
2008-01-29 14:22 . 2008-01-29 14:22 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-29 14:21 . 2008-01-29 14:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\nGpxx01
2008-01-29 14:21 . 2008-01-29 14:21 <DIR> d-------- C:\Temp\cXzz9
2008-01-29 14:21 . 2008-01-29 14:21 <DIR> d-------- C:\Temp
2008-01-15 12:26 . 2008-01-15 12:26 <DIR> d-------- C:\Documents and Settings\Tim Burke\Application Data\Apple Computer
2008-01-15 12:25 . 2008-01-28 17:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-15 12:25 . 2008-01-15 12:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-15 12:23 . 2008-01-15 12:23 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-15 12:23 . 2008-01-15 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 12:23 . 2008-01-15 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 03:55 --------- d-----w C:\Program Files\Lavasoft
2008-01-30 03:55 --------- d-----w C:\Documents and Settings\Tim Burke\Application Data\Lavasoft
2008-01-30 03:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-15 20:24 --------- d-----w C:\Program Files\QuickTime
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
2005-07-06 11:32 483,401 ----a-w C:\Documents and Settings\Tim Burke\gotomypc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF021F40-3E14-23A5-CBA2-7173706D1316}]
C:\WINDOWS\System32\spm1316.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 13:08 1511453]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 14:45 313472]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 07:20 50528]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-01-08 09:35 4800512]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 10:28 684032]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 05:59 73728]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
C:\Documents and Settings\Tim Burke\Start Menu\Programs\Startup\
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 13:15:48 462848]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 20:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56 65588]
Start Guardian.lnk - C:\TT\Guardian\GuardianStart.exe [2005-03-16 18:59:29 90112]
R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 02:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 02:31]
R2 GuardianCtrl;TT GuardianCtrl;c:\tt\guardian\guardianctrl.exe [2004-10-08 11:14]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 11:12]
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2001-08-17 11:12]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 11:12]
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 11:12]
S3 Guardian;TT Guardian;c:\tt\guardian\guardian.exe [2004-10-08 11:12]
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe [2002-08-29 03:00]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 01:40:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 09:12:35
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinVNC4]
"ImagePath"="\"C:\Program Files\RealVNC\VNC4\WinVNC4.exe\" -log \"*:EventLog:0\" -log Connections:EventLog:100 -service "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\NavNT\defwatch.exe
c:\tt\guardian\guardianctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-02-01 9:13:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 17:13:50
Sign In
Create Account
