Thread: Internet / Windows explorer won't run
View Single Post
Old 10-13-2007, 06:09 AM   #7 (permalink)
sklj
Registered User
 
Join Date: Oct 2007
Posts: 8
OS: windows professional 2000


Re: Internet / Windows explorer won't run
Oops. Here's the log. (I got a bit carried away!)

ComboFix 07-10-12.4 - Administrator 13/10/2007 19:24:27.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.29 [GMT 9.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\dinputs.dll
C:\WINNT\system32\dswaveo.dll
C:\WINNT\system32\faxshellj.dll
C:\WINNT\system32\hwfzq.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.

2007-10-13 07:22 51,200 --a------ C:\WINNT\NirCmd.exe
2007-10-12 20:04 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-12 20:02 <DIR> d-------- C:\Deckard
2007-10-07 18:32 <DIR> d-------- C:\WINNT\system32\AppCert

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 09:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-13 09:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TransRender
2007-10-13 09:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Temporary
2007-10-09 08:25 --------- d-----w C:\Program Files\Numbers Up! VP V1.2.3
2007-10-09 08:19 --------- d-----w C:\Program Files\BRAINtastic
2007-09-16 05:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-09-12 00:03 3,716,557 ----a-w C:\Program Files\etax2007_1.exe
2007-09-01 10:34 --------- d-----w C:\Program Files\PDACookbook
2007-08-09 12:48 4,415,492 ----a-w C:\Program Files\ezcdrip.exe
2007-08-09 12:41 153,970 ----a-w C:\Program Files\frcASPI17.zip
2007-08-09 12:34 522,682 ----a-w C:\Program Files\aspi_471a2.exe
2005-05-02 23:19 271 ---h--w C:\Program Files\desktop.ini
2005-05-02 23:19 21,952 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [99-12-07 06:30 C:\WINNT\system32\mobsync.exe]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [05-08-11 20:21 ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05-08-09 11:16 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-13 07:21 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-07 06:30 C:\WINNT\system32\internat.exe]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [06-12-11 14:35 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Internet Explorer.lnk - C:\Program Files\Internet Explorer\IEXPLORE.EXE [2005-05-03 08:47:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-08-09 11:37:34]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-08-09 14:38:22]

R3 cwbmidi_device;Crystal WDM MPU-401 UART Driver;C:\WINNT\System32\drivers\cwbmidi.sys
R3 cwbwdm_device;Crystal WDM Audio Codec Driver;C:\WINNT\System32\drivers\cwbwdm.sys
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\System32\DRIVERS\el90xbc5.sys
R3 NtApm;NT Apm/Legacy Interface Driver;C:\WINNT\System32\DRIVERS\NtApm.sys
R3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINNT\System32\DRIVERS\sscdbus.sys
R3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINNT\System32\DRIVERS\sscdmdfl.sys
R3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINNT\System32\DRIVERS\sscdmdm.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 19:29:32
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-13 19:32:25 - machine was rebooted
C:\ComboFix2.txt ... 07-10-13 07:33
.
--- E O F ---
Attached Files
File Type: txt ComboFix.txt (4.7 KB, 2 views)
Last edited by Ried; 10-13-2007 at 07:16 AM.
sklj is offline