Thread: Possible Malware Issue
View Single Post
Old 06-12-2008, 02:42 PM   #5 (permalink)
kiranaus
Registered User
 
Join Date: Jun 2008
Posts: 26
OS: xp sp2


Re: Possible Malware Issue
ComboFix 08-06-10.5 - HP_Owner 06/12/2008 14:23:51.2 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner.AE066C3A9B\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\inst.exe
C:\Program Files\Common Files\{1C370~1
C:\Program Files\Common Files\{3C370~1
C:\Program Files\Common Files\{3C370~1\Uninst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 20:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-12 19:50 --------- d-----w C:\Program Files\LimeWire
2008-06-12 19:50 --------- d-----w C:\Program Files\Incomplete
2008-06-12 06:37 --------- d-----w C:\Program Files\Trend Micro
2008-06-10 21:49 --------- d-----w C:\Program Files\Winamp
2008-06-10 05:13 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Azureus
2008-06-10 02:24 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Media Player Classic
2008-06-10 02:16 --------- d-----w C:\Program Files\AC3Filter
2008-06-09 23:36 --------- d-----w C:\Program Files\MP3Parse
2008-06-09 23:22 --------- d-----w C:\Program Files\Xvid
2008-06-09 22:51 --------- d-----w C:\Program Files\ffdshow
2008-06-09 22:50 --------- d-----w C:\Program Files\SHOUTcast Source
2008-06-09 22:50 --------- d-----w C:\Program Files\DSP-worx
2008-06-09 22:49 49,604 ----a-w C:\WINDOWS\system32\RadLightOFRUninstall.exe
2008-06-09 22:49 --------- d-----w C:\Program Files\OpenSource OGG Splitter
2008-06-09 22:49 --------- d-----w C:\Program Files\CDXA Image Reader Filter (SVCDXCD)
2008-06-09 22:36 --------- d-----w C:\Program Files\CD Audio Reader Filter
2008-06-09 22:33 33,533 ----a-w C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2008-06-09 22:33 --------- d-----w C:\Program Files\DirectVobSub
2008-06-09 21:28 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2008-06-09 02:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 02:29 47,360 ----a-w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\pcouffin.sys
2008-06-09 02:29 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Vso
2008-06-09 02:27 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-06-09 02:21 --------- d-----w C:\Program Files\LucasArts
2008-06-09 02:04 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\SSH
2008-06-08 04:10 --------- d-----w C:\Program Files\Panda Security
2008-06-08 03:48 --------- d-----w C:\Program Files\Windows Live
2008-06-07 21:00 --------- d-----w C:\Program Files\SpywareBlaster
2008-06-07 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 19:04 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Lavasoft
2008-06-07 19:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-07 19:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 17:44 --------- d-----w C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\alot
2008-06-07 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-07 06:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-07 06:39 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-07 06:39 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-07 06:39 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-07 06:39 --------- d-----w C:\Program Files\Symantec
2008-06-06 13:58 27,136 ----a-w C:\WINDOWS\CYK36.tmp
2008-06-04 02:47 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\ZoomBrowser EX
2008-06-04 02:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-06-04 01:48 27,136 ----a-w C:\WINDOWS\CYK3B.tmp
2008-06-01 23:26 --------- d-----w C:\Program Files\Canon
2008-06-01 23:18 --------- d-----w C:\Program Files\Common Files\Canon
2008-05-29 04:32 27,136 ----a-w C:\WINDOWS\CYK139.tmp
2008-05-25 23:19 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\PE Explorer
2008-05-16 02:16 27,136 ----a-w C:\WINDOWS\CYK51.tmp
2008-05-12 00:50 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\alot
2008-05-08 03:25 --------- d-----w C:\Documents and Settings\Mom and Dad.AE066C3A9B\Application Data\alot
2008-04-30 22:52 --------- d-----w C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\LimeWire
2008-04-25 21:22 --------- d-----w C:\Program Files\QuickTime
2008-04-25 21:08 --------- d-----w C:\Program Files\Apple Software Update
2008-04-24 05:53 27,136 ----a-w C:\WINDOWS\CYK97F.tmp
2008-04-24 05:40 27,136 ----a-w C:\WINDOWS\CYK97D.tmp
2008-04-24 05:35 --------- d-----w C:\Program Files\DVDVideoSoft
2008-04-24 05:35 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-04-22 05:15 --------- d-----w C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\LimeWire
2008-04-17 05:42 --------- d-----w C:\Program Files\Azureus
2008-04-16 05:29 --------- d-----w C:\Program Files\Chessmaster 8000
2008-04-09 13:17 27,136 ----a-w C:\WINDOWS\CYK3A.tmp
2008-04-05 02:12 27,136 ----a-w C:\WINDOWS\CYK3C.tmp
2008-04-01 04:34 27,136 ----a-w C:\WINDOWS\CYK39.tmp
2008-03-30 20:09 27,136 ----a-w C:\WINDOWS\CYK125.tmp
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2005-01-09 22:46 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

------- Sigcheck -------

08/04/2004 01:00 PM 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
08/04/2004 01:00 PM 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe

03/02/2005 12:19 PM 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
03/08/2007 09:48 AM 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
08/04/2004 01:00 PM 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
03/02/2005 12:09 PM 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
03/08/2007 09:36 AM 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
03/08/2007 09:36 AM 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

08/04/2004 01:00 PM 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
08/04/2004 01:00 PM 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll

09/29/2004 12:27 PM 656896 2c07195588d69a067c2afdaa31759295 C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
01/27/2005 11:08 AM 657920 a8eac5330876548e9966a7d13025d196 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
05/02/2005 02:57 PM 658944 e1e18136f9dd3df1ad9c82193a5898a6 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
03/10/2005 01:43 AM 657920 c8663b488996e89a84c3d17c1d12b79e C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
09/02/2005 05:53 PM 660480 97a6fd7cafd688cf2c78939ebaf0cd0c C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
07/02/2005 08:09 PM 659456 6e533d155b259eb2363d3e04b5be309f C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
10/20/2005 09:38 PM 661504 af785c4947676a7fc1673fdc5c8d0b5b C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
03/03/2006 09:58 PM 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
05/09/2006 11:25 PM 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
06/23/2006 05:25 AM 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
09/14/2006 02:31 AM 664576 d207370287cf769aebebf03837784963 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
10/23/2006 09:34 AM 664576 231ef4179acabe486376b5ca893f1076 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
01/04/2007 08:05 AM 665088 3ffa1573fc274e5aa7467d03941c45ee C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
02/20/2007 03:52 AM 665600 b258c922d22deec880b60720531d7627 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
04/18/2007 06:46 AM 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
06/26/2007 08:35 AM 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
08/22/2007 06:55 AM 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
10/10/2007 11:57 PM 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
12/06/2007 06:44 PM 666112 085a7c37f9c6ede1ba870b7dbec06399 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
02/16/2008 03:32 AM 666112 bb1eacd6ab47e78ebca02eb781550d55 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
08/04/2004 01:00 PM 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB834707$\wininet.dll
09/29/2004 12:47 PM 656896 cba65b573c66fe23f647ff96e3a10994 C:\WINDOWS\$NtUninstallKB867282$\wininet.dll
03/10/2005 02:02 AM 656896 6f018d6319be4f96426ea829b79e05d5 C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
01/27/2005 11:13 AM 656896 b5e043e440b210014e021b24cf0a72e3 C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
07/02/2005 08:11 PM 658432 5b5ff992c0fa762ccf8655fc290e6e52 C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
05/02/2005 02:52 PM 657920 1a078af3f85d10ba56444c23b3a18e74 C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
09/02/2005 05:52 PM 658432 af61ebb1f550175eff406d545d6ab086 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
10/20/2005 09:39 PM 658432 e7b27b6b6e06ce34ea019fd8b858c613 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
03/03/2006 09:33 PM 658432 1c0979c7a489bee573cd0bf4ad94bb06 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
05/09/2006 11:23 PM 658432 38ab7a56f566d9aaad31812494944824 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
06/23/2006 05:02 AM 658944 2b4db890936430c71419037039502752 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
09/14/2006 02:39 AM 658944 621af3f6174a3f60677f5230e28bcc07 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
10/23/2006 09:17 AM 658944 6b2735adff5a5d3b9130ca4a794722f0 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
01/04/2007 07:37 AM 658944 8c393df5234cbcbff1ee31902d6b40ae C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
08/04/2004 01:00 PM 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
04/18/2007 06:31 AM 658944 b7156cd97e739f3014bc4d61758f868a C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
06/26/2007 08:09 AM 658944 184e47c8f7b331025e6dc92740db188f C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
08/22/2007 07:12 AM 658944 1901ad51da8be9f8b38d5d526e5d1788 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
10/11/2007 12:13 AM 659456 2005ad86a22aee68e21ee59f9ccb77f2 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
12/06/2007 07:07 PM 659456 57d1b5150cf6331fac6b3e04c1fcb966 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
02/16/2008 02:59 AM 659456 0c690e77c0e924c45b4d7045b182fff1 C:\WINDOWS\system32\wininet.dll
02/16/2008 02:59 AM 659456 0c690e77c0e924c45b4d7045b182fff1 C:\WINDOWS\system32\dllcache\wininet.dll

05/25/2005 01:07 PM 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
01/13/2006 11:07 AM 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
04/20/2006 06:18 AM 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
10/30/2007 10:53 AM 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
08/04/2004 01:00 PM 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
05/25/2005 01:04 PM 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
08/04/2004 01:00 PM 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
04/20/2006 05:51 AM 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
10/30/2007 11:20 AM 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
10/30/2007 11:20 AM 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

08/04/2004 01:00 PM 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
08/04/2004 01:00 PM 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe

08/04/2004 01:00 PM 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
08/04/2004 01:00 PM 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

08/04/2004 01:00 PM 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
08/04/2004 01:00 PM 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

03/01/2005 06:36 PM 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
12/19/2006 10:12 AM 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
02/28/2007 03:15 AM 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
03/01/2005 06:34 PM 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
12/19/2006 06:55 AM 2015744 bbb2322eb14ad9ad55b1024ffd4d88bf C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
02/28/2007 02:38 AM 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
02/28/2007 02:38 AM 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\system32\ntkrnlpa.exe
08/04/2004 01:00 PM 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntkrnlpa.exe

03/01/2005 07:04 PM 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
12/19/2006 10:51 AM 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
02/28/2007 03:55 AM 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
03/01/2005 06:57 PM 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
12/19/2006 08:15 AM 2136064 8318ed54797f3e513fd5817a1d4bbd18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
02/28/2007 03:10 AM 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
02/28/2007 03:08 AM 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\system32\ntoskrnl.exe
08/04/2004 01:00 PM 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntoskrnl.exe

06/13/2007 04:23 AM 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
06/13/2007 05:26 AM 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
08/04/2004 01:00 PM 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
06/13/2007 04:23 AM 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe

08/04/2004 01:00 PM 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe
08/04/2004 01:00 PM 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe

08/04/2004 01:00 PM 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe
08/04/2004 01:00 PM 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe

08/04/2004 01:00 PM 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
08/04/2004 01:00 PM 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}]
C:\Program Files\alot\bin\alot.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
08/24/2007 09:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/20/2008 08:16 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}"= "C:\Program Files\alot\bin\alot.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [08/24/2007 10:53 PM 714608]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/14/2008 11:01 AM 51048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" [08/26/2007 06:04 PM 687976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Suitcase Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Suitcase Startup.lnk
backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.AE066C3A9B^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\HP_Owner.AE066C3A9B\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 06/06/2005 11:46 PM 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 01/11/2008 11:16 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 02/28/2007 11:06 PM 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 03/20/2007 05:40 PM 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 06/29/2004 06:06 PM 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 07/03/2004 03:49 AM 57344 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 07/06/2004 02:05 AM 2550272 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
-----c--- 05/10/2006 12:12 PM 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 02/14/2008 11:01 AM 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 04/03/2007 04:29 PM 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fplljkduj]
C:\WINDOWS\system32\fplljkduj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 08/04/2003 05:28 PM 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 06/07/2004 07:42 PM 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 06/07/2004 07:53 PM 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 05/07/1998 05:04 PM 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 12/11/2007 01:10 PM 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 10/13/2004 10:24 AM 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 10/16/2002 05:57 PM 81920 C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 03/28/2008 11:37 PM 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 04/14/2004 09:43 PM 233472 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 07/01/2004 07:58 PM 73728 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/14/2007 03:43 AM 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 08/07/2004 03:03 PM 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"MDM"=2 (0x2)
"ISPwdSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Capture Device Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"comHost"=3 (0x3)
"rpcapd"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 14:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-10 04:18:29 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 14:28:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 06/12/2008 14:33:05
ComboFix-quarantined-files.txt 2008-06-12 20:32:12

Pre-Run: 106,810,941,440 bytes free
Post-Run: 106,807,549,952 bytes free

358 --- E O F --- 2008-06-12 09:00:57
kiranaus is offline