Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

After using combofix

Started by intro , Mar 16 2008 11:45 AM

  • Please log in to reply

#1
intro
Posted 16 March 2008 - 11:45 AM

intro

    New Member

  • Member
  • Pip
  • 1 posts
C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\pskill.exe
D:\Autorun.inf
D:\RECYCLER\Desktop.ini
D:\RECYCLER\Protect.ed
D:\RECYCLER\Warning.bmp

.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-16 10:36 . 2008-03-16 10:36 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-16 10:02 . 2008-03-16 11:08 <DIR> d-------- C:\SDFix
2008-03-15 20:33 . 2008-03-15 20:33 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-03-15 19:27 . 2008-03-15 19:26 100,206 -r-hs---- C:\xp19.com
2008-03-15 11:57 . 2008-03-15 11:57 <DIR> d-------- C:\Program Files\Icecast2 Win32
2008-03-13 18:17 . 2008-03-13 18:16 101,291 -r-hs---- C:\32e2.com
2008-03-07 17:56 . 2008-03-08 16:50 102,536 -r-hs---- C:\v.com
2008-03-07 11:20 . 2006-11-06 14:00 198,656 --a------ C:\WINDOWS\system32\CNMLM8O.DLL
2008-03-06 17:51 . 2008-03-06 17:50 107,849 -r-hs---- C:\a3g3.bat
2008-03-05 18:25 . 2008-03-05 18:24 106,249 -r-hs---- C:\ta2.cmd
2008-03-04 18:06 . 2008-03-04 18:05 107,272 -r-hs---- C:\8.bat
2008-03-02 19:03 . 2008-03-02 19:03 106,994 -r-hs---- C:\x6.bat
2008-03-02 17:38 . 2008-03-02 17:38 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-02 06:36 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-02 06:36 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-02 06:36 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-01 15:43 . 2008-03-01 15:43 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-01 15:27 . 2008-03-01 15:41 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 15:26 . 2008-03-01 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 15:14 . 2008-02-28 15:34 <DIR> d-------- C:\Documents and Settings\Dwayne.INTRO\Application Data\U3
2008-02-28 15:12 . 2008-02-28 15:12 <DIR> d-------- C:\Documents and Settings\Dwayne.INTRO\Application Data\HP
2008-02-28 15:12 . 2008-02-28 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-02-28 15:05 . 2008-02-28 15:05 731 --a------ C:\WINDOWS\hpbvspst.his
2008-02-28 15:05 . 2008-02-28 15:05 390 --a------ C:\WINDOWS\hpbvspst.ini
2008-02-28 15:04 . 2008-02-28 15:05 3,850 --a------ C:\WINDOWS\hpbvnstp.his
2008-02-28 15:04 . 2008-02-28 15:05 1,287 --a------ C:\WINDOWS\hpbvnstp.ini
2008-02-28 14:57 . 2008-02-28 15:12 93,649 --a------ C:\WINDOWS\hppins03.dat
2008-02-28 14:57 . 2006-01-04 05:06 1,822 --------- C:\WINDOWS\hppmdl03.dat
2008-02-27 19:31 . 2008-02-29 11:20 107,155 -r-hs---- C:\fppg1.exe
2008-02-26 18:21 . 2008-02-26 18:20 107,475 -r-hs---- C:\u2.cmd
2008-02-25 06:09 . 2008-02-25 18:28 107,959 -r-hs---- C:\oufddh.exe
2008-02-25 06:09 . 2008-02-15 08:26 104,813 -r-hs---- C:\3wcxx91.cmd
2008-02-19 20:01 . 2008-02-19 20:11 <DIR> d-------- C:\Program Files\DJ Music Mixer
2008-02-17 17:46 . 2008-02-17 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 16:50 --------- d-----w C:\Program Files\ViStart
2008-03-16 16:21 --------- d-----w C:\Documents and Settings\Dwayne.INTRO\Application Data\Skype
2008-03-15 18:50 --------- d-----w C:\Program Files\VirtualDJ
2008-03-15 18:47 --------- d-----w C:\Program Files\SHOUTcast
2008-03-15 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-02 22:37 --------- d-----w C:\Program Files\Windows Live
2008-03-01 20:29 --------- d-----w C:\Program Files\MSN Messenger
2008-02-28 20:06 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-28 19:58 --------- d-----w C:\Program Files\Hp
2008-02-18 01:18 --------- d-----w C:\Documents and Settings\Dwayne.INTRO\Application Data\Yahoo!
2008-02-17 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-17 22:43 --------- d-----w C:\Program Files\Yahoo!
2008-02-15 22:01 --------- d--h--w C:\Program Files\CanonBJ
2008-02-15 22:01 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-02-15 17:46 --------- d-----w C:\Documents and Settings\Dwayne.INTRO\Application Data\VCOM
2008-02-14 16:17 --------- d-----w C:\Program Files\Viewpoint
2008-02-14 16:17 --------- d-----w C:\Program Files\AIM6
2008-02-14 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-14 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 02:39 --------- d-----w C:\Documents and Settings\Dwayne.INTRO\Application Data\acccore
2008-02-12 02:37 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-12 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-10 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-02-10 19:24 --------- d-----w C:\Program Files\ATI Technologies
2008-02-10 18:54 --------- d-----w C:\Program Files\Lavasoft
2008-02-10 18:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-05 03:06 --------- d-----w C:\Documents and Settings\Dwayne.INTRO\Application Data\FileZilla
2008-02-04 13:26 103,870 --sh--r C:\2ifetri.cmd
2008-02-04 04:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
2008-02-03 20:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 20:43 --------- d-----w C:\Program Files\Macromedia
2008-02-03 20:43 --------- d-----w C:\Program Files\Common Files\Macromedia Shared
2008-02-03 20:43 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-02-03 20:19 --------- d-----w C:\Documents and Settings\Dwayne.INTRO\Application Data\MyPhoneExplorer
2008-02-01 16:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-02-01 01:10 --------- d-----w C:\Program Files\MyPhoneExplorer
2008-01-31 18:22 --------- d-----w C:\Program Files\iTunes
2008-01-31 18:22 --------- d-----w C:\Documents and Settings\Dwayne.INTRO\Application Data\Apple Computer
2008-01-31 18:21 --------- d-----w C:\Program Files\QuickTime
2008-01-31 18:21 --------- d-----w C:\Program Files\iPod
2008-01-31 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-31 18:18 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-30 22:45 104,044 --sh--r C:\h.cmd
2008-01-29 23:12 103,683 --sh--r C:\ylr.exe
2008-01-27 14:51 103,781 --sh--r C:\xo8wr9.exe
2008-01-24 23:50 104,822 --sh--r C:\qd.cmd
2008-01-23 00:01 105,313 --sh--r C:\xn1i9x.com
2008-01-15 00:17 105,698 --sh--r C:\d.com
2008-01-07 00:49 0 ----a-w C:\tmp.dat
.

------- Sigcheck -------

2007-06-13 05:23 1881600 3602561a003bca1da12af0ddcc572269 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 03:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 05:23 1881600 3602561a003bca1da12af0ddcc572269 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\VIRepair\explorer.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43 23165736]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-06-21 23:41 581632]
"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-06-21 17:04 524288]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-20 01:27 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-23 20:49 68856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 17:13 3810544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 04:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 17:06 716800]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 13:56 122880]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 07:20 122940]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\Dwayne.INTRO\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 08:56:00 1826885]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 13:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dwayne.INTRO^Start Menu^Programs^Startup^Y'z ToolBar.lnk]
path=C:\Documents and Settings\Dwayne.INTRO\Start Menu\Programs\Startup\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 11:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD_Display]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avirus]
C:\WINDOWS\recycle bin

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-10-28 16:25 94208 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CatalystRegistration]
C:\Program Files\ATI\CatalystRegistration\dolce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
--a------ 2003-12-22 13:12 17920 C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2006-04-21 11:30 40960 C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-09-24 00:08 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-03-28 16:13 454656 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-03-23 13:38 131072 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-12-20 18:51 1187840 C:\WINDOWS\Sminst\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-03-09 19:38 806912 C:\WINDOWS\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
--a------ 2006-02-15 10:43 892928 C:\WINDOWS\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-23 20:49 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-31 11:01 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
--a------ 2005-11-21 15:55 45056 C:\Program Files\Hewlett-Packard\ToolBoxFX\bin\HPTLBXFX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 12:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
--a------ 2006-12-27 10:07 955904 C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2006-03-31 12:58 184320 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\wianmpa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-12-17 17:13 3810544 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\Program Files\\JetAudio\\jetChat.exe"=
"C:\\Program Files\\JetAudio\\JcServer.exe"=
"C:\\Program Files\\VirtualDJ\\virtualdj.exe"=
"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"C:\\Documents and Settings\\Dwayne.INTRO\\My Documents\\Setup\\hfs ftp server.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Icecast2 Win32\\Icecast2.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:*:Disabled:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:*:Disabled:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:*:Disabled:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:*:Disabled:Adobe Version Cue CS3 Server
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 03:00]
R2 Icecast;Icecast Media Server;"C:\Program Files\Icecast2 Win32\icecastService.exe" "C:\Program Files\Icecast2 Win32" []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 05:22]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\xp19.com
\Shell\explore\Command - C:\xp19.com
\Shell\open\Command - C:\xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\xp19.com
\Shell\explore\Command - D:\xp19.com
\Shell\open\Command - D:\xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{059f632d-698f-11dc-92c3-0017a4dea45a}]
\Shell\AutoRun\command - I:\d.com
\Shell\explore\Command - I:\d.com
\Shell\open\Command - I:\d.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21ff081f-cadc-11dc-9374-0017a4dea45a}]
\Shell\AutoRun\command - H:\a3g3.bat
\Shell\explore\Command - H:\a3g3.bat
\Shell\open\Command - H:\a3g3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33e09a54-c5e5-11dc-936c-0017a4dea45a}]
\Shell\AutoRun\command - I:\qd.cmd
\Shell\explore\Command - I:\qd.cmd
\Shell\open\Command - I:\qd.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b56f544-6950-11dc-92c0-0017a4dea45a}]
\Shell\AutoRun\command - H:\32e2.com
\Shell\explore\Command - H:\32e2.com
\Shell\open\Command - H:\32e2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{556cfff0-c883-11dc-9371-0017a4dea45a}]
\Shell\AutoRun\command - H:\xn1i9x.com
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6824b004-9f73-11dc-9338-d05fba52194d}]
\Shell\AutoRun\command - H:\ntde1ect.com
\Shell\explore\Command - H:\ntde1ect.com
\Shell\open\Command - H:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6824b005-9f73-11dc-9338-0017a4dea45a}]
\Shell\AutoRun\command - H:\awda2.exe
\Shell\explore\Command - H:\awda2.exe
\Shell\open\Command - H:\awda2.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad6859f6-e639-11dc-8188-ef79d895f2f4}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad6859f7-e639-11dc-8188-ef79d895f2f4}]
\Shell\AutoRun\command - I:\fppg1.exe
\Shell\explore\Command - I:\fppg1.exe
\Shell\open\Command - I:\fppg1.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-14 18:37:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 11:49:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
-> C:\Program Files\LClock\LC.dll
-> C:\Program Files\ViStart\MainHook.Dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-16 11:55:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 16:55:23
.
2008-03-15 07:05:56 --- E O F ---
The problems i was having before, was that my yahoo disappeared everytime after i log in....
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP