Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PLEASE HELP!


  • Please log in to reply

#1
pablo86

pablo86

    New Member

  • Member
  • Pip
  • 9 posts
ComboFix 08-05-11.1 - tamara 2008-05-12 10:48:31.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.126 [GMT -7:00]
Running from: C:\Documents and Settings\tamara\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-12 08:47 . 2008-05-12 08:47 96,520 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-05-12 08:47 . 2008-05-12 08:47 75,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-05-12 08:47 . 2008-05-12 08:47 12,424 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgrkx86.sys
2008-05-12 08:47 . 2008-05-12 08:47 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-05-12 08:46 . 2008-05-12 08:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-05-12 08:46 . 2008-05-12 08:46 <DIR> d-------- C:\Program Files\AVG
2008-05-11 01:11 . 2008-05-11 01:09 13,824 --a------ C:\Documents and Settings\tamara\Application Data\zkqjv.exe
2008-05-09 11:27 . 2008-05-09 11:27 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-05-09 11:27 . 2008-05-09 11:27 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-05-09 08:49 . 2008-05-12 08:24 <DIR> d-------- C:\Documents and Settings\tamara\Shared
2008-05-06 13:59 . 2008-05-06 14:01 <DIR> d-------- C:\Program Files\VirtualDJ
2008-05-01 11:16 . 2008-05-01 11:16 <DIR> d-------- C:\Documents and Settings\tamara\DoctorWeb
2008-04-28 09:20 . 2008-04-28 09:20 0 --ahs---- C:\Documents and Settings\tamara\Application Data\004815eb83f768afd8b499638152ef758d369fe5092690df6a.dat
2008-04-24 09:18 . 2008-04-24 09:18 <DIR> d-------- C:\Documents and Settings\tamara\Application Data\Malwarebytes
2008-04-24 09:17 . 2008-04-24 09:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 09:17 . 2008-04-24 09:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 14:14 . 2008-05-12 10:38 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-22 13:18 . 2008-04-22 13:21 <DIR> d-------- C:\Documents and Settings\tamara\Application Data\AVGTOOLBAR
2008-04-22 13:18 . 2008-05-12 08:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-22 11:20 . 2008-04-22 11:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 10:40 . 2008-04-22 12:32 <DIR> d-------- C:\Documents and Settings\tamara\.housecall6.6
2008-04-22 09:46 . 2008-04-22 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 17:51 --------- d-----w C:\Documents and Settings\tamara\Application Data\DNA
2008-05-09 17:59 --------- d-----w C:\Documents and Settings\tamara\Application Data\LimeWire
2008-05-01 22:15 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-30 17:14 --------- d-----w C:\Program Files\LimeWire
2008-04-25 18:39 --------- d-----w C:\Program Files\Viewpoint
2008-04-25 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-22 18:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-10 22:06 --------- d-----w C:\Documents and Settings\tamara\Application Data\Apple Computer
2008-04-09 22:45 --------- d-----w C:\Program Files\iTunes
2008-04-09 22:44 --------- d-----w C:\Program Files\iPod
2008-04-09 22:41 --------- d-----w C:\Program Files\QuickTime
2008-04-09 20:03 --------- d-----w C:\Program Files\SopCast
2008-03-21 15:08 --------- d-----w C:\Program Files\Yahoo!
2008-03-21 15:08 --------- d-----w C:\Documents and Settings\tamara\Application Data\Yahoo!
2008-03-21 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-14 15:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-02 01:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
.

((((((((((((((((((((((((((((( [email protected]_14.43.07.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 01:12:42 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-12 16:30:45 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-12 15:47:03 26,184 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
- 2008-04-09 15:11:18 297,256 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-05-02 15:03:57 299,640 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-05-12 16:30:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_744.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-12 08:46 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-12 08:46 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-12 08:46 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:44 1200128]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 08:08 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04 114741]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 18:47 204800]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NoticeP.exe"="C:\Program Files\Impact Software LLC\iSync 2.1\NoticeP.exe" [2006-06-07 19:57 16384]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-06 23:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-06 23:07 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-12 08:46 1177368]

C:\Documents and Settings\tamara\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-02-11 13:46:40 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"19625:TCP"= 19625:TCP:BitComet 19625 TCP
"19625:UDP"= 19625:UDP:BitComet 19625 UDP

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-12 08:47]
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-07-11 13:12]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-12 08:47]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-12 08:46]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-12 08:47]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\1C9.tmp []
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-23 03:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 10:51:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="\??\C:\WINDOWS\TEMP\1C9.tmp"
.
Completion time: 2008-05-12 10:55:41
ComboFix-quarantined-files.txt 2008-05-12 17:55:27
ComboFix2.txt 2008-05-01 15:49:23
ComboFix3.txt 2008-04-25 15:25:49
ComboFix4.txt 2008-04-24 17:14:53
ComboFix5.txt 2008-04-23 21:45:22

Pre-Run: 60,384,464,896 bytes free
Post-Run: 60,929,064,960 bytes free

163 --- E O F --- 2008-04-08 23:08:52
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP