Sorry it has taken me awhile i have been busy with work i hope you can still help me here is the log you asked for.
ComboFix 08-04-24.1 - Owner 2008-05-04 0:02:12.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.134 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.
2008-04-19 09:24 . 2008-04-19 09:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 10:54 . 2008-04-13 14:51 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2008-04-12 17:17 . 2008-04-12 17:17 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-04-12 17:01 . 2008-04-12 17:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Netscape
2008-04-12 10:50 . 2008-04-12 10:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2008-04-11 16:22 . 2008-05-03 23:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 16:22 . 2008-04-11 16:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-09 18:09 . 2008-04-09 18:09 118 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-04-06 11:15 . 2008-04-06 11:15 <DIR> d-------- C:\Program Files\iPod
2008-04-06 11:14 . 2008-04-06 11:15 <DIR> d-------- C:\Program Files\iTunes
2008-04-05 18:46 . 2008-04-05 18:49 <DIR> d-------- C:\Program Files\QuickTime
2008-04-05 18:12 . 2008-04-05 18:12 <DIR> d-------- C:\Program Files\Secunia
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 03:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-24 21:00 --------- d-----w C:\Program Files\Absolute Poker
2008-04-18 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-13 14:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 14:34 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-09 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\bqhanczq
2008-04-06 15:25 --------- d-----w C:\Program Files\Java
2008-03-29 17:12 --------- d-----w C:\Program Files\Belltech Business Card Designer Pro
2008-03-24 14:32 --------- d-----w C:\Program Files\SpywareGuard
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\dllcache\win32k.sys
2008-03-08 22:26 --------- d-----w C:\Program Files\LimeWire
2008-03-08 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2008-02-07 08:18 335,872 ----a-w C:\WINDOWS\SYSTEM32\EKIJ5000MON.dll
2007-02-12 22:23 628 -c--a-w C:\Program Files\INSTALL.LOG
2001-07-26 21:58 47 -c--a-w C:\Program Files\ACMonitor_X73.ini
2001-07-05 17:46 8,116 -c--a-w C:\Program Files\OSLO3071b2.USB
2001-05-11 15:39 53,248 -c--a-w C:\Program Files\ACMonitor_X73.exe
2001-05-08 20:36 114,688 -c--a-w C:\Program Files\lxarscan.dll
2001-04-23 19:22 1,437 -c--a-w C:\Program Files\gtx73.ini
2001-02-22 14:54 768 -c--a-w C:\Program Files\x73_lut.dat
2006-01-22 22:08 32 --sha-w C:\WINDOWS\{9A5D8627-833A-4A25-9E74-26DE2A9FEC84}.dat
2006-01-22 22:08 32 --sha-w C:\WINDOWS\SYSTEM32\{DD249312-BD13-4496-8B9A-B6BC6A82251D}.dat
.
((((((((((((((((((((((((((((( snapshot@2008-04-26_11.50.21.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-26 15:35:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-04 03:49:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-04 03:49:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Microsoft Works Update Detection"="c:\Program Files\Microsoft Works\WkDetect.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-01-22 18:17 100056]
"S3TRAY2"="S3tray2.exe" [2001-10-04 15:06 69632 C:\WINDOWS\SYSTEM32\S3tray2.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-06-15 19:34 212992]
"QAGENT"="C:\PROGRA~1\QUICKENW\QAGENT.EXE" [ ]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [ ]
"NvCplDaemon"="NvQTwk" []
"LTMSG"="LTMSG.exe" [2003-07-14 14:52 40960 C:\WINDOWS\ltmsg.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 21:25 143360]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 13:04 52736]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 01:08 49152]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 20:36 90112]
"EKIJ5000StatusMonitor"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-07 04:18 1052672]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-09-15 00:22 38592]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 18:32 58984]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-05 18:03 267064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Secunia PSI (RC1).lnk - C:\Program Files\Secunia\PSI (RC1)\psi.exe [2008-02-22 05:09:52 626688]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 01:28:44 282624]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 02:39:30 73728]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 05:33:46 282624]
MsnVirRem.exe [2007-03-11 12:16:13 23552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.DVSD"= miroDV2avi.DLL
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Netscape\\Navigator 9\\navigator.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 KodakSvc;Kodak AiO Device Service;"C:\Program Files\Kodak\printer\center\KodakSvc.exe" [2007-12-13 12:07]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-02-19 04:24]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 23:02:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-30 22:48:42 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-05-02 23:00:49 C:\WINDOWS\Tasks\Kodak AiO Scheduled Maintenance.job"
- C:\Program Files\Kodak\Printer\Center\Kodak.Statistics.exe
"2007-03-12 22:09:02 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-04-19 00:31:27 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-04 04:12:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-04 00:07:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-04 0:14:12
ComboFix-quarantined-files.txt 2008-05-04 04:13:47
ComboFix2.txt 2008-04-27 16:28:49
ComboFix3.txt 2008-04-26 15:51:03
Pre-Run: 52,978,176,000 bytes free
Post-Run: 52,965,355,520 bytes free
157 --- E O F --- 2008-04-09 22:12:56
This topic is locked
Sign In
Create Account
