Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MyHiJackThis Log file using ComboBox..frustrating with softwarereferra


  • Please log in to reply

#1
jaggu

jaggu

    New Member

  • Member
  • Pip
  • 4 posts
ComboFix 08-06-30.2 - vani 2008-07-01 23:15:22.1 - NTFSx86
Running from: C:\Documents and Settings\vani\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\vani\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Documents and Settings\vani\Favorites\Error Cleaner.url
C:\Documents and Settings\vani\Favorites\Privacy Protector.url
C:\Documents and Settings\vani\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-07-01 22:45 . 2008-07-01 22:45 <DIR> d-------- C:\Documents and Settings\vani\Application Data\Symantec
2008-07-01 21:49 . 2008-07-01 22:37 <DIR> d-------- C:\Documents and Settings\sakshi.WEBSPIRE\Application Data\Symantec
2008-07-01 21:47 . 2008-07-01 21:47 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-07-01 21:47 . 2008-07-01 22:23 <DIR> d-------- C:\Program Files\Norton 360
2008-07-01 21:45 . 2008-07-01 22:31 <DIR> d-------- C:\Program Files\Symantec
2008-07-01 21:45 . 2008-07-01 22:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-07-01 21:45 . 2008-07-01 22:31 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-01 21:45 . 2008-07-01 22:31 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-01 21:45 . 2008-07-01 22:31 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-01 21:45 . 2008-07-01 22:31 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-01 21:42 . 2008-07-01 23:18 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-01 21:41 . 2008-07-01 21:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg8
2008-07-01 19:55 . 2008-07-01 19:55 <DIR> d-------- C:\ZVdefs
2008-07-01 19:48 . 2008-07-01 19:50 <DIR> d-------- C:\WINDOWS\NPReg
2008-07-01 19:48 . 2008-07-01 19:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\IFD
2008-07-01 19:46 . 2008-07-01 20:03 <DIR> d-------- C:\Program Files\Net Protector 2008
2008-06-30 23:21 . 2008-06-30 23:23 <DIR> d-------- C:\Documents and Settings\sakshi.WEBSPIRE\Application Data\AVGTOOLBAR
2008-06-30 19:04 . 2008-06-30 19:04 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-30 19:04 . 2003-03-19 02:50 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-06-30 16:05 . 2008-06-30 17:02 <DIR> d-------- C:\Documents and Settings\sakshi\Application Data\AVG7
2008-06-30 15:44 . 2008-06-30 15:44 <DIR> d-------- C:\Documents and Settings\sakshi.WEBSPIRE\Application Data\ispnews
2008-06-30 13:19 . 2008-06-30 13:19 0 --a------ C:\WINDOWS\sensor.INI
2008-06-30 13:19 . 2008-06-30 13:19 0 --a------ C:\WINDOWS\hqstat.mtl
2008-06-30 13:19 . 2008-06-30 13:19 0 --a------ C:\WINDOWS\hqstat.mnt
2008-06-30 10:06 . 2008-06-30 10:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Broadband
2008-06-30 09:53 . 2008-06-30 09:53 <DIR> d-------- C:\Documents and Settings\vani\Application Data\ispnews
2008-06-30 09:35 . 2008-06-30 09:35 <DIR> d-------- C:\WINDOWS\rnapxs
2008-06-30 09:35 . 2008-06-30 09:35 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
2008-06-30 09:35 . 2005-11-08 20:17 1,716,224 --a------ C:\WINDOWS\system32\winsflte.dll
2008-06-30 09:35 . 2005-11-08 20:16 1,236,992 --a------ C:\WINDOWS\system32\cfgmig32.dll
2008-06-30 09:35 . 2008-06-30 09:35 1,187,840 --a------ C:\WINDOWS\system32\winsflt.dll
2008-06-30 09:35 . 2005-11-18 20:34 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-06-30 09:35 . 2005-11-18 20:34 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-06-30 09:31 . 2008-06-30 09:35 <DIR> d-------- C:\Program Files\PC Protection
2008-06-30 09:31 . 2008-06-30 09:31 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-4384293L.exe
2008-06-29 20:56 . 2008-06-29 20:56 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-29 20:56 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-06-29 11:47 . 2008-06-29 08:25 155,648 --a------ C:\WINDOWS\gxvpsafm65.dll
2008-06-29 11:47 . 2008-06-29 08:25 81,920 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-26 18:58 . 2008-06-30 23:25 <DIR> d-------- C:\Documents and Settings\sakshi.WEBSPIRE\Application Data\F-Secure
2008-06-26 18:50 . 2008-06-26 18:50 <DIR> d-------- C:\Documents and Settings\sakshi.WEBSPIRE\Application Data\Windows Desktop Search
2008-06-26 18:50 . 2008-06-26 18:50 <DIR> d-------- C:\Documents and Settings\sakshi.WEBSPIRE\Application Data\Spyware Terminator
2008-06-25 20:51 . 2008-06-25 20:51 <DIR> d-------- C:\Program Files\MAPILab Ltd
2008-06-25 20:51 . 2008-06-25 20:51 <DIR> d-------- C:\Program Files\Common Files\MAPILab Ltd
2008-06-21 16:29 . 2008-07-01 21:41 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser
2008-06-21 16:19 . 2008-06-30 00:36 <DIR> d-------- C:\Program Files\LogMeIn
2008-06-21 16:19 . 2008-06-21 16:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\LogMeIn
2008-06-21 16:19 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-06-21 16:19 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-06-21 16:19 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-06-21 16:19 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-06-21 16:19 . 2008-06-21 16:19 1,024 --a------ C:\.rnd
2008-06-20 21:27 . 2008-06-20 21:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-06-19 21:06 . 2008-06-19 21:07 <DIR> d-------- C:\bin
2008-06-18 00:13 . 2008-06-18 00:13 <DIR> d-------- C:\Documents and Settings\vani\Application Data\Windows Desktop Search
2008-06-18 00:09 . 2008-06-18 00:09 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-06-17 23:37 . 2008-06-17 23:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-06-17 23:05 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-17 09:04 . 2008-06-17 09:04 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-17 08:41 . 2008-06-17 08:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-06-17 08:29 . 2008-06-17 08:29 <DIR> d-------- C:\Program Files\Bonjour
2008-06-17 08:19 . 2008-06-17 08:19 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-14 19:18 . 2008-06-14 19:18 <DIR> d-------- C:\Program Files\Microsoft ASP.NET
2008-06-14 17:26 . 2008-06-14 17:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\VoxCode
2008-06-14 16:45 . 2008-06-14 16:50 <DIR> d-------- C:\Program Files\Common Files\Telerik
2008-06-14 15:24 . 2008-06-14 15:25 <DIR> d-------- C:\WINDOWS\system32\js
2008-06-14 15:24 . 2008-06-14 15:24 <DIR> d-------- C:\WINDOWS\system32\images
2008-06-14 15:24 . 2008-06-14 15:25 <DIR> d-------- C:\WINDOWS\system32\html
2008-06-14 15:24 . 2008-06-14 15:25 <DIR> d-------- C:\WINDOWS\system32\css
2008-06-14 15:24 . 2008-06-14 15:24 <DIR> d-------- C:\Program Files\Business Objects
2008-06-14 15:13 . 2008-06-14 15:21 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-06-14 15:12 . 2008-06-14 15:12 <DIR> d-------- C:\Program Files\Microsoft Device Emulator
2008-06-14 15:09 . 2008-06-14 15:11 <DIR> d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-06-14 15:08 . 2008-06-14 15:08 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-06-14 15:08 . 2008-06-14 15:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-14 14:57 . 2008-06-14 14:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PreEmptive Solutions
2008-06-14 14:52 . 2008-06-14 14:52 <DIR> d-------- C:\WINDOWS\symbols
2008-06-14 14:47 . 2008-06-14 14:47 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-06-14 14:47 . 2008-06-14 14:53 <DIR> d-------- C:\Program Files\HTML Help Workshop
2008-06-14 14:47 . 2008-06-14 14:57 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-06-14 14:47 . 2008-06-14 14:47 <DIR> d-------- C:\Program Files\CE Remote Tools
2008-06-14 14:45 . 2008-06-14 14:45 <DIR> d-------- C:\Program Files\Microsoft Web Designer Tools
2008-06-13 14:45 . 2008-06-13 14:45 579,464 --a------ C:\WINDOWS\system32\SymNeti.dll
2008-06-13 14:45 . 2008-06-13 14:45 207,240 --a------ C:\WINDOWS\system32\SymRedir.dll
2008-06-13 14:14 . 2008-06-13 14:14 31,280 --a------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 14:14 . 2008-06-13 14:14 13,093 --a------ C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 14:14 . 2008-06-13 14:14 1,611 --a------ C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 14:13 . 2008-06-13 14:13 184,240 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 14:13 . 2008-06-13 14:13 96,432 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 14:13 . 2008-06-13 14:13 41,008 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 14:13 . 2008-06-13 14:13 38,576 --a------ C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 14:13 . 2008-06-13 14:13 37,424 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 14:13 . 2008-06-13 14:13 22,320 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 14:13 . 2008-06-13 14:13 13,616 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2008-06-12 19:51 . 2008-06-12 19:51 <DIR> d-------- C:\Documents and Settings\vani\Application Data\Nokia Multimedia Player
2008-06-12 18:51 . 2008-06-13 18:40 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 18:51 . 2008-06-13 18:40 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 22:23 . 2008-06-09 22:23 <DIR> d-------- C:\Program Files\Free PDF to Word Doc Converter
2008-06-01 11:19 . 2008-06-01 11:31 <DIR> d-------- C:\Documents and Settings\vani\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 15:31 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-30 17:53 --------- d-----w C:\Program Files\BitTorrent
2008-06-30 08:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-06-30 04:32 --------- d-----w C:\Documents and Settings\vani\Application Data\Broadband
2008-06-29 06:31 90,112 ----a-w C:\WINDOWS\DUMPbc58.tmp
2008-06-27 17:37 --------- d-----w C:\Documents and Settings\vani\Application Data\Skype
2008-06-27 17:08 --------- d-----w C:\Documents and Settings\vani\Application Data\skypePM
2008-06-26 16:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\pdf995
2008-06-23 16:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-06-22 03:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-22 03:52 --------- d-----w C:\Program Files\Sify Broadband
2008-06-21 03:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-20 16:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 15:57 --------- d---a-w C:\Program Files\Common Files\InstallShield
2008-06-17 17:32 --------- d-----w C:\Program Files\MSBuild
2008-06-17 17:29 --------- d-----w C:\Program Files\Microsoft Works
2008-06-17 17:25 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-17 03:07 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-06-17 02:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-16 11:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-06-14 09:48 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-04 02:33 --------- d-----w C:\Program Files\Trillian
2008-05-29 17:53 --------- d-----w C:\Documents and Settings\vani\Application Data\Axure
2008-05-29 17:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Axure
2008-05-29 17:52 --------- d--h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\{3D84F31C-9EAA-4A03-8494-5147DB13A6F3}
2008-05-29 17:50 --------- d-----w C:\Program Files\MSECache
2008-05-28 07:02 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 07:02 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-05-27 14:00 --------- d-----w C:\Documents and Settings\vani\Application Data\Unyte
2008-05-27 07:15 --------- d-----w C:\Documents and Settings\vani\Application Data\F-Secure
2008-05-26 18:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee.com
2008-05-26 18:36 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-26 18:36 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-26 08:53 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-24 11:02 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-23 18:10 --------- d-----w C:\Documents and Settings\sakshi.WEBSPIRE\Application Data\Datalayer
2008-05-23 18:10 --------- d-----w C:\Documents and Settings\sakshi.WEBSPIRE\Application Data\Broadband
2008-05-23 18:09 --------- d-----w C:\Documents and Settings\sakshi.WEBSPIRE\Application Data\PC Suite
2008-05-23 17:18 --------- d-----w C:\Documents and Settings\vani\Application Data\Datalayer
2008-05-23 16:47 --------- d-----w C:\Program Files\Nokia
2008-05-23 16:47 --------- d-----w C:\Documents and Settings\vani\Application Data\PC Suite
2008-05-23 16:45 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-05-23 16:45 --------- d-----w C:\Program Files\Common Files\Nokia
2008-05-23 16:42 --------- d-----w C:\Documents and Settings\vani\Application Data\Nokia
2008-05-17 16:52 --------- d-----w C:\Documents and Settings\vani\Application Data\pdf995
2008-05-17 04:32 --------- d-----w C:\Program Files\pdf995
2008-05-17 04:14 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2008-05-17 04:14 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll
2008-05-12 15:57 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-09 05:39 --------- d-----w C:\Documents and Settings\sakshi.WEBSPIRE\Application Data\SmartFTP
2008-05-09 05:37 --------- d-----w C:\Documents and Settings\sakshi.WEBSPIRE\Application Data\BitTorrent
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-12 04:22 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2007-12-29 06:23 271 --sh--w C:\Program Files\desktop.ini
2007-05-22 13:44 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-22 13:47 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-24 07:38 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-07-01 21:47 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 14:04 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 14:04 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 14:04 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 20:04 127085]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-30 18:39 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\PC Protection\Common\FSM32.EXE" [2005-10-26 07:21 122929]
"F-Secure TNB"="C:\Program Files\PC Protection\TNB\TNBUtil.exe" [2005-07-18 20:21 700416]
"F-Secure Startup Wizard"="C:\Program Files\PC Protection\FSGUI\FSSW.EXE" [2005-10-18 13:59 372736]
"News Service"="C:\Program Files\PC Protection\FSGUI\ispnews.exe" [2005-05-31 18:15 356352]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-19 01:07 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 20:20 988512]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 19:12 77824 C:\WINDOWS\SOUNDMAN.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^vani^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\vani\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bol IM]
--a------ 2007-06-22 03:02 3348440 C:\Program Files\Rediff Bol\RediffMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-06-07 11:31 819712 C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
--a------ 2008-02-28 15:31 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 21:54 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-06-29 15:29 176128 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-30 18:39 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2005-03-08 01:03 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
-ra------ 2005-03-11 15:03 147456 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"OfcPfwSvc"=2 (0x2)
"odserv"=3 (0x3)
"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"d:\\Program Files\\SmartFTP Client\\SmartFTP.exe\\SmartFTP.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"D:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\PC Protection\\backweb\\4384293\\Program\\fspex.exe"=

*Newly Created Service* - CATCHME
*Newly Created Service* - CLTNETCNSERVICE
*Newly Created Service* - COMHOST
*Newly Created Service* - ERASERUTILREBOOTDRV
*Newly Created Service* - LIVEUPDATE_NOTICE
.
Contents of the 'Scheduled Tasks' folder
"2008-07-01 13:55:48 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\PCPROT~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\PCPROT~1\ANTI-V~1\report.txt
.
- - - - ORPHANS REMOVED - - - -

BHO-{D2EEB637-A4A5-4BBB-8C0C-96AF821110C2} - C:\WINDOWS\system32\yayaYpPF.dll
Toolbar-{4E015B1B-BE52-49BD-9434-A3CB37B71A29} - C:\WINDOWS\gxvpsafm.dll
HKCU-Run-RemoveIT Pro XT - C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
ShellExecuteHooks-{D2EEB637-A4A5-4BBB-8C0C-96AF821110C2} - C:\WINDOWS\system32\yayaYpPF.dll
SSODL-pntqkflv-{90A4A822-38F3-45DD-8A9F-9FEC1B3EFB6B} - C:\WINDOWS\pntqkflv.dll
SSODL-qegbdmwf-{B64B36C3-393B-4A07-8012-8D7292A76E8B} - C:\WINDOWS\qegbdmwf.dll
Notify-yayaYpPF - yayaYpPF.dll
MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
MSConfigStartUp-Aim6 - (no file)
MSConfigStartUp-VModes - VModes AttachToDesktop


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 23:18:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-01 23:19:56
ComboFix-quarantined-files.txt 2008-07-01 17:49:49

Pre-Run: 3,444,318,208 bytes free
Post-Run: 3,450,609,664 bytes free

322 --- E O F --- 2008-06-21 04:41:16
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP