Tech Support Forum - View Single Post

boyster70 · 12-16-2007, 10:08 AM

Here are the log file you asked for. The subdirectory c:\my computer friend is a directory that I setup to up put files in during this process.

Thanks agan.

ComboFix 07-12-15.5 - Titan 2007-12-16 8:41:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.71 [GMT -8:00]
Running from: C:\Documents and Settings\Titan\Desktop\ComboFix.exe
Command switches used :: \\mine\temp\combofix\CFscript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\bbbay.bak1
C:\WINDOWS\system32\cffhk.bak1
C:\WINDOWS\system32\cffhk.bak2
C:\WINDOWS\system32\cohyegco.ini
C:\WINDOWS\system32\coqvvdru.ini
C:\WINDOWS\system32\dfeeg.bak1
C:\WINDOWS\system32\dfeeg.bak2
C:\WINDOWS\system32\gypsbvdf.ini
C:\WINDOWS\system32\hhskudnm.ini
C:\WINDOWS\system32\mdbgbggf.ini
C:\WINDOWS\system32\ordsbstv.ini
C:\WINDOWS\system32\qxblkfcj.ini
C:\WINDOWS\system32\rmxnipsy.ini
C:\WINDOWS\system32\tuwhatap.ini
C:\WINDOWS\system32\twasbhll.ini
C:\WINDOWS\system32\vdhvxsoo.ini
C:\WINDOWS\system32\vgmovwdl.ini
C:\WINDOWS\system32\vpnowhmc.ini
C:\WINDOWS\system32\yupfrdhf.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bbbay.bak1
C:\WINDOWS\system32\cffhk.bak1
C:\WINDOWS\system32\cffhk.bak2
C:\WINDOWS\system32\cohyegco.ini
C:\WINDOWS\system32\coqvvdru.ini
C:\WINDOWS\system32\dfeeg.bak1
C:\WINDOWS\system32\dfeeg.bak2
C:\WINDOWS\system32\gypsbvdf.ini
C:\WINDOWS\system32\hhskudnm.ini
C:\WINDOWS\system32\mdbgbggf.ini
C:\WINDOWS\system32\ordsbstv.ini
C:\WINDOWS\system32\qxblkfcj.ini
C:\WINDOWS\system32\rmxnipsy.ini
C:\WINDOWS\system32\tuwhatap.ini
C:\WINDOWS\system32\twasbhll.ini
C:\WINDOWS\system32\vdhvxsoo.ini
C:\WINDOWS\system32\vgmovwdl.ini
C:\WINDOWS\system32\vpnowhmc.ini
C:\WINDOWS\system32\yupfrdhf.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-16 to 2007-12-16 )))))))))))))))))))))))))))))))
.

2007-12-15 22:30 . 2007-12-15 22:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-15 22:26 . 2007-12-15 22:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 22:26 . 2007-12-15 22:26 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-02 15:06 . 2007-12-02 15:06 <DIR> d-------- C:\Program Files\MSBuild
2007-12-02 14:57 . 2007-12-02 17:18 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-12-02 14:55 . 2007-12-02 14:55 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-12-02 14:53 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-02 14:39 . 2007-12-02 14:41 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-12-02 14:35 . 2006-11-12 22:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-12-02 14:35 . 2006-11-12 22:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-12-02 14:35 . 2006-11-12 22:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-12-02 09:02 . 2007-12-02 09:02 <DIR> d-------- C:\Documents and Settings\test\Application Data\HP
2007-12-02 09:01 . 2007-12-02 09:01 <DIR> d-------- C:\Documents and Settings\test\Application Data\AVG7
2007-12-02 09:00 . 2007-12-02 09:00 <DIR> d-------- C:\Documents and Settings\test\Application Data\Grisoft
2007-12-02 01:29 . 2007-12-02 01:29 <DIR> d-------- C:\Deckard
2007-12-02 01:25 . 2007-12-02 01:25 <DIR> d-------- C:\Program Files\CONEXANT
2007-12-02 00:26 . 2007-12-02 00:26 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-02 00:11 . 2007-07-09 05:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-01 23:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-01 23:29 . 2007-12-01 23:29 <DIR> d-------- C:\ie-spyad_zo
2007-12-01 22:16 . 2007-12-01 23:07 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-01 22:16 . 2007-12-01 22:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-01 22:16 . 2007-12-01 22:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-01 22:16 . 2007-12-01 22:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-01 20:04 . 2007-12-01 20:04 <DIR> d-------- C:\Documents and Settings\Titan\Application Data\Grisoft
2007-12-01 20:04 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-29 06:25 . 2007-01-18 04:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-11-27 23:37 . 2007-12-16 08:00 <DIR> d-------- C:\Documents and Settings\Titan\Application Data\AVG7
2007-11-27 23:36 . 2007-11-27 23:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-27 23:34 . 2007-11-27 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-27 23:34 . 2007-11-28 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-27 23:30 . 2007-12-16 08:39 <DIR> d-------- C:\my computer friend
2007-11-27 21:20 . 2007-11-27 21:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-27 21:20 . 2007-11-27 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-20 23:46 . 2007-11-20 23:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-20 23:41 . 2007-11-27 23:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-20 23:26 . 2007-11-20 23:26 <DIR> d-------- C:\Documents and Settings\Titan\Incomplete
2007-11-20 23:24 . 2007-11-27 23:29 <DIR> d-------- C:\Documents and Settings\Titan\Application Data\LimeWire
2007-11-20 23:23 . 2007-11-24 12:11 <DIR> d-------- C:\Program Files\LimeWire
2007-11-20 17:43 . 2007-11-20 17:43 164 --a------ C:\install.dat
2007-11-20 12:11 . 2007-11-20 12:09 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 23:25 --------- d-----w C:\Documents and Settings\Titan\Application Data\Apple Computer
2007-12-02 06:53 --------- d-----w C:\Program Files\iTunes
2007-12-01 21:08 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\my computer friend ----

2007-12-03 23:05 1438 --a------ C:\my computer friend\IE7 problem web sites.txt
2007-12-02 01:29 686630 --a------ C:\my computer friend\dss.exe
2007-12-01 23:29 315590 --a------ C:\my computer friend\ie-spyad_zo.exe
2007-12-01 23:22 240904 --a------ C:\my computer friend\ZonedOut.zip
2007-12-01 23:16 4052 --a------ C:\my computer friend\Activescan.txt
2007-12-01 20:03 12413440 --a------ C:\my computer friend\avgas-setup-7.5.1.43.exe
2007-12-01 14:20 26980 --a------ C:\my computer friend\virus scan 12_1_07a.txt
2007-12-01 11:01 51100 --a------ C:\my computer friend\virus scan 12_1_07.txt
2007-11-30 23:04 42566 --a------ C:\my computer friend\virus scan 11_30_07.txt

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-27 23:35]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-27 23:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 15:05:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"WebClient"=2 (0x2)
"DomainService"=2 (0x2)
"CryptSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 08:49:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-16 8:54:25 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-15 22:29
.
2007-12-16 07:12:23 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:23 AM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1196580840671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196580812340
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5066 bytes

12-16-2007, 10:08 AM	#6 (permalink)
boyster70 Registered User Join Date: Dec 2007 Location: Hayden, ID Posts: 7 OS: XP	Re: Random IE7 windows opening Here are the log file you asked for. The subdirectory c:\my computer friend is a directory that I setup to up put files in during this process. Thanks agan. ComboFix 07-12-15.5 - Titan 2007-12-16 8:41:47.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.71 [GMT -8:00] Running from: C:\Documents and Settings\Titan\Desktop\ComboFix.exe Command switches used :: \\mine\temp\combofix\CFscript.txt * Created a new restore point FILE C:\WINDOWS\system32\bbbay.bak1 C:\WINDOWS\system32\cffhk.bak1 C:\WINDOWS\system32\cffhk.bak2 C:\WINDOWS\system32\cohyegco.ini C:\WINDOWS\system32\coqvvdru.ini C:\WINDOWS\system32\dfeeg.bak1 C:\WINDOWS\system32\dfeeg.bak2 C:\WINDOWS\system32\gypsbvdf.ini C:\WINDOWS\system32\hhskudnm.ini C:\WINDOWS\system32\mdbgbggf.ini C:\WINDOWS\system32\ordsbstv.ini C:\WINDOWS\system32\qxblkfcj.ini C:\WINDOWS\system32\rmxnipsy.ini C:\WINDOWS\system32\tuwhatap.ini C:\WINDOWS\system32\twasbhll.ini C:\WINDOWS\system32\vdhvxsoo.ini C:\WINDOWS\system32\vgmovwdl.ini C:\WINDOWS\system32\vpnowhmc.ini C:\WINDOWS\system32\yupfrdhf.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\bbbay.bak1 C:\WINDOWS\system32\cffhk.bak1 C:\WINDOWS\system32\cffhk.bak2 C:\WINDOWS\system32\cohyegco.ini C:\WINDOWS\system32\coqvvdru.ini C:\WINDOWS\system32\dfeeg.bak1 C:\WINDOWS\system32\dfeeg.bak2 C:\WINDOWS\system32\gypsbvdf.ini C:\WINDOWS\system32\hhskudnm.ini C:\WINDOWS\system32\mdbgbggf.ini C:\WINDOWS\system32\ordsbstv.ini C:\WINDOWS\system32\qxblkfcj.ini C:\WINDOWS\system32\rmxnipsy.ini C:\WINDOWS\system32\tuwhatap.ini C:\WINDOWS\system32\twasbhll.ini C:\WINDOWS\system32\vdhvxsoo.ini C:\WINDOWS\system32\vgmovwdl.ini C:\WINDOWS\system32\vpnowhmc.ini C:\WINDOWS\system32\yupfrdhf.ini . ((((((((((((((((((((((((( Files Created from 2007-11-16 to 2007-12-16 ))))))))))))))))))))))))))))))) . 2007-12-15 22:30 . 2007-12-15 22:30 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-15 22:26 . 2007-12-15 22:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-15 22:26 . 2007-12-15 22:26 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-02 15:06 . 2007-12-02 15:06 <DIR> d-------- C:\Program Files\MSBuild 2007-12-02 14:57 . 2007-12-02 17:18 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-12-02 14:55 . 2007-12-02 14:55 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-12-02 14:53 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-12-02 14:39 . 2007-12-02 14:41 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-12-02 14:35 . 2006-11-12 22:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-12-02 14:35 . 2006-11-12 22:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-12-02 14:35 . 2006-11-12 22:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-12-02 09:02 . 2007-12-02 09:02 <DIR> d-------- C:\Documents and Settings\test\Application Data\HP 2007-12-02 09:01 . 2007-12-02 09:01 <DIR> d-------- C:\Documents and Settings\test\Application Data\AVG7 2007-12-02 09:00 . 2007-12-02 09:00 <DIR> d-------- C:\Documents and Settings\test\Application Data\Grisoft 2007-12-02 01:29 . 2007-12-02 01:29 <DIR> d-------- C:\Deckard 2007-12-02 01:25 . 2007-12-02 01:25 <DIR> d-------- C:\Program Files\CONEXANT 2007-12-02 00:26 . 2007-12-02 00:26 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-12-02 00:11 . 2007-07-09 05:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-12-01 23:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-01 23:29 . 2007-12-01 23:29 <DIR> d-------- C:\ie-spyad_zo 2007-12-01 22:16 . 2007-12-01 23:07 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-01 22:16 . 2007-12-01 22:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-01 22:16 . 2007-12-01 22:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-01 22:16 . 2007-12-01 22:16 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-01 20:04 . 2007-12-01 20:04 <DIR> d-------- C:\Documents and Settings\Titan\Application Data\Grisoft 2007-12-01 20:04 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-29 06:25 . 2007-01-18 04:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-11-27 23:37 . 2007-12-16 08:00 <DIR> d-------- C:\Documents and Settings\Titan\Application Data\AVG7 2007-11-27 23:36 . 2007-11-27 23:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-11-27 23:34 . 2007-11-27 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-27 23:34 . 2007-11-28 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-11-27 23:30 . 2007-12-16 08:39 <DIR> d-------- C:\my computer friend 2007-11-27 21:20 . 2007-11-27 21:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-27 21:20 . 2007-11-27 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-11-20 23:46 . 2007-11-20 23:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-20 23:41 . 2007-11-27 23:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-20 23:26 . 2007-11-20 23:26 <DIR> d-------- C:\Documents and Settings\Titan\Incomplete 2007-11-20 23:24 . 2007-11-27 23:29 <DIR> d-------- C:\Documents and Settings\Titan\Application Data\LimeWire 2007-11-20 23:23 . 2007-11-24 12:11 <DIR> d-------- C:\Program Files\LimeWire 2007-11-20 17:43 . 2007-11-20 17:43 164 --a------ C:\install.dat 2007-11-20 12:11 . 2007-11-20 12:09 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 23:25 --------- d-----w C:\Documents and Settings\Titan\Application Data\Apple Computer 2007-12-02 06:53 --------- d-----w C:\Program Files\iTunes 2007-12-01 21:08 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\my computer friend ---- 2007-12-03 23:05 1438 --a------ C:\my computer friend\IE7 problem web sites.txt 2007-12-02 01:29 686630 --a------ C:\my computer friend\dss.exe 2007-12-01 23:29 315590 --a------ C:\my computer friend\ie-spyad_zo.exe 2007-12-01 23:22 240904 --a------ C:\my computer friend\ZonedOut.zip 2007-12-01 23:16 4052 --a------ C:\my computer friend\Activescan.txt 2007-12-01 20:03 12413440 --a------ C:\my computer friend\avgas-setup-7.5.1.43.exe 2007-12-01 14:20 26980 --a------ C:\my computer friend\virus scan 12_1_07a.txt 2007-12-01 11:01 51100 --a------ C:\my computer friend\virus scan 12_1_07.txt 2007-11-30 23:04 42566 --a------ C:\my computer friend\virus scan 11_30_07.txt ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-27 23:35] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-27 23:35] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22] NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 15:05:52] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZuneNetworkSvc"=2 (0x2) "WebClient"=2 (0x2) "DomainService"=2 (0x2) "CryptSvc"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys . ************************************************************************ catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-16 08:49:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2007-12-16 8:54:25 - machine was rebooted C:\ComboFix2.txt ... 2007-12-15 22:29 . 2007-12-16 07:12:23 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:02:23 AM, on 12/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1196580840671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196580812340 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 5066 bytes