Thread: Possible Malware Issue
View Single Post
Old 06-19-2008, 12:03 AM   #21 (permalink)
kiranaus
Registered User
 
Join Date: Jun 2008
Posts: 26
OS: xp sp2


Re: Possible Malware Issue
From what I can tell everything' s back to normal -- the theme and background wallpaper have returned, the icons that I had on my desktop prior to the "incident" have returned to where they used to be with holes only where I deleted .lnks; no odd security warnings when I use windows explorer. I finally got a log from ComboFix. I did however, notice a warning box popped up before combofix and explorer quit and the computer rebooted. It disappeared before I even caught a glimpse of the message. The computer appeared to stall before it restarted with just a blank screen so I left it, but everything seemed fine when I came back. My clock/date format is odd, maybe combofix didn't reset it or something. Here are the logs you requested (double post because of length):

ComboFix 08-06-16.5 - HP_Owner 06/18/2008 23:10:50.16 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner.AE066C3A9B\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner.AE066C3A9B\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner.AE066C3A9B\ntuser.dat . . . . failed to delete

.
--------------- SCopy ---------------

{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP425\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2331652603-1797162650-1282392798-1009 --> C:\Documents and Settings\HP_Owner.AE066C3A9B\ntuser.dat
.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-16 19:09 . 2008-06-18 23:40 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-16 18:36 . 2008-06-16 18:40 63,971,328 --a------ C:\WINDOWS\sectest.db
2008-06-14 23:24 . 2008-04-22 22:16 6,066,176 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-14 23:24 . 2007-04-17 03:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-14 23:24 . 2007-03-07 23:10 991,232 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-14 23:24 . 2008-04-22 22:16 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-14 23:24 . 2008-04-22 22:16 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-14 23:24 . 2008-04-22 22:16 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-14 23:24 . 2008-04-22 22:16 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-14 23:24 . 2008-04-22 22:16 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-14 23:24 . 2008-04-22 01:39 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-13 15:09 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-13 15:08 . 2008-06-13 15:09 <DIR> d-------- C:\Program Files\Java
2008-06-12 00:37 . 2008-06-12 00:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 15:44 . 2008-06-17 17:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-11 15:44 . 2008-06-17 17:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-10 17:14 . 2008-04-14 05:01 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 17:14 . 2008-04-14 05:01 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 16:34 . 2008-06-10 16:34 <DIR> d-------- C:\audio
2008-06-09 20:23 . 2008-06-09 20:24 <DIR> d-------- C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\Media Player Classic
2008-06-09 20:16 . 2008-06-09 20:16 <DIR> d-------- C:\Program Files\AC3Filter
2008-06-09 20:16 . 2007-06-07 13:11 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-06-09 17:36 . 2008-06-09 17:36 <DIR> d-------- C:\Program Files\MP3Parse
2008-06-09 17:22 . 2008-06-09 17:22 <DIR> d-------- C:\Program Files\Xvid
2008-06-09 17:22 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-09 17:22 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-09 17:22 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-09 17:20 . 1999-05-28 15:13 301,568 --a------ C:\WINDOWS\system32\L3CODECP.ACM
2008-06-09 17:20 . 1998-04-30 14:56 129,024 --a------ C:\WINDOWS\UNWISE.EXE
2008-06-09 17:11 . 2008-06-09 17:11 0 --a------ C:\WINDOWS\GraphEdt.INI
2008-06-09 16:50 . 2008-06-09 16:50 <DIR> d-------- C:\Program Files\SHOUTcast Source
2008-06-09 16:50 . 2008-06-09 16:50 <DIR> d-------- C:\Program Files\DSP-worx
2008-06-09 16:49 . 2008-06-09 16:49 <DIR> d-------- C:\Program Files\OpenSource OGG Splitter
2008-06-09 16:49 . 2008-06-09 16:49 <DIR> d-------- C:\Program Files\CDXA Image Reader Filter (SVCDXCD)
2008-06-09 16:49 . 2008-06-09 16:49 49,604 --a------ C:\WINDOWS\system32\RadLightOFRUninstall.exe
2008-06-09 16:36 . 2008-06-09 16:36 <DIR> d-------- C:\Program Files\CD Audio Reader Filter
2008-06-09 16:35 . 2008-06-09 16:51 <DIR> d-------- C:\Program Files\ffdshow
2008-06-09 16:33 . 2008-06-09 16:33 <DIR> d-------- C:\Program Files\DirectVobSub
2008-06-09 16:33 . 2008-06-09 16:33 33,533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2008-06-07 22:09 . 2008-06-07 22:10 <DIR> d-------- C:\Program Files\Panda Security
2008-06-07 13:04 . 2008-06-07 13:04 <DIR> d-------- C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\Lavasoft
2008-06-07 13:02 . 2008-06-07 15:00 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-07 13:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-06 08:27 . 2008-06-06 08:27 <DIR> d-------- C:\WINDOWS\system32\com
2008-06-06 08:27 . 2008-06-16 19:10 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2008-06-06 08:23 . 2008-06-06 08:23 <DIR> d--hs---- C:\found.000
2008-06-06 07:58 . 2008-06-06 07:58 27,136 --a------ C:\WINDOWS\CYK36.tmp
2008-06-03 20:38 . 2008-06-03 20:47 <DIR> d-------- C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\ZoomBrowser EX
2008-06-03 19:48 . 2008-06-03 19:48 27,136 --a------ C:\WINDOWS\CYK3B.tmp
2008-06-01 17:23 . 2008-06-03 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-06-01 17:18 . 2008-06-01 17:18 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-05-31 12:18 . 2008-05-31 12:18 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-28 22:32 . 2008-05-28 22:32 27,136 --a------ C:\WINDOWS\CYK139.tmp
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-25 17:18 . 2008-05-25 17:19 <DIR> d-------- C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\PE Explorer
2008-05-25 17:02 . 2008-05-25 17:02 66,336 --ah----- C:\BBACADEM
2008-05-22 19:54 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-22 19:54 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-05-22 17:24 . 2008-05-22 17:24 142 --a------ C:\WINDOWS\7thLevel.ini
2008-05-22 17:01 . 1995-01-30 01:00 92,208 --a------ C:\WINDOWS\system32\WING.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 05:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-19 05:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-19 05:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-19 00:31 --------- d-----w C:\Program Files\Winamp
2008-06-18 00:09 --------- d-----w C:\Program Files\iTunes
2008-06-18 00:09 --------- d-----w C:\Program Files\iPod
2008-06-18 00:07 --------- d-----w C:\Program Files\QuickTime
2008-06-18 00:07 --------- d-----w C:\Program Files\Bonjour
2008-06-17 01:53 --------- d-----w C:\Program Files\Incomplete
2008-06-16 21:15 --------- d-----w C:\Program Files\LimeWire
2008-06-14 21:32 --------- d-----w C:\Program Files\Windows Live
2008-06-14 21:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 05:13 --------- d-----w C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\Azureus
2008-06-09 21:28 --------- d-----w C:\Program Files\OpenSource Flash Video Splitter
2008-06-09 02:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 02:29 47,360 ----a-w C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\pcouffin.sys
2008-06-09 02:29 --------- d-----w C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\Vso
2008-06-09 02:27 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-06-09 02:21 --------- d-----w C:\Program Files\LucasArts
2008-06-09 02:04 --------- d-----w C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\SSH
2008-06-07 19:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 06:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-07 06:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-07 06:39 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-07 06:39 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-07 06:39 --------- d-----w C:\Program Files\Symantec
2008-06-01 23:26 --------- d-----w C:\Program Files\Canon
2008-05-16 02:16 27,136 ----a-w C:\WINDOWS\CYK51.tmp
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-30 22:52 --------- d-----w C:\Documents and Settings\Natalia.AE066C3A9B\Application Data\LimeWire
2008-04-25 21:08 --------- d-----w C:\Program Files\Apple Software Update
2008-04-24 05:53 27,136 ----a-w C:\WINDOWS\CYK97F.tmp
2008-04-24 05:40 27,136 ----a-w C:\WINDOWS\CYK97D.tmp
2008-04-24 05:35 --------- d-----w C:\Program Files\DVDVideoSoft
2008-04-24 05:35 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-04-22 05:15 --------- d-----w C:\DOCUME~1\HP_OWN~1.AE0\APPLIC~1\LimeWire
2008-04-09 13:17 27,136 ----a-w C:\WINDOWS\CYK3A.tmp
2008-04-05 02:12 27,136 ----a-w C:\WINDOWS\CYK3C.tmp
2008-04-01 04:34 27,136 ----a-w C:\WINDOWS\CYK39.tmp
2008-03-30 20:09 27,136 ----a-w C:\WINDOWS\CYK125.tmp
2005-01-09 22:46 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

------- Sigcheck -------

2004-08-04 13:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2004-08-04 13:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe

2005-03-02 12:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 09:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 13:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 12:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 09:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 13:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll

2005-05-25 13:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 11:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 13:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2004-08-04 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 11:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 11:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 13:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2004-08-04 13:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-04 13:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-04 13:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-01 18:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 10:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 03:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2005-03-01 18:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 06:55 2015744 bbb2322eb14ad9ad55b1024ffd4d88bf C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 02:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 02:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-04 13:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntkrnlpa.exe

2005-03-01 19:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 10:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 03:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2005-03-01 18:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 08:15 2136064 8318ed54797f3e513fd5817a1d4bbd18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 03:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 03:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\system32\ntoskrnl.exe
2004-08-04 13:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntoskrnl.exe

2007-06-13 04:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 05:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 13:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 04:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 13:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe
2004-08-04 13:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe

2004-08-04 13:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe
2004-08-04 13:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe

2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-20 20:16 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cyrillic Keyboard"="C:\CYRSTART\CYRKBD32.EXE" [2004-01-30 06:01 124928]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\HP_Owner.AE066C3A9B\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" [2007-08-26 18:04 687976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Suitcase Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Suitcase Startup.lnk
backup=C:\WINDOWS\pss\Suitcase Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner.AE066C3A9B^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\HP_Owner.AE066C3A9B\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 17:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2004-07-03 03:49 57344 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2004-07-06 02:05 2550272 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a--c--- 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-02-14 11:01 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 16:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 17:28 49152 C:\Program Files\HP\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 2004-06-07 19:42 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 19:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 17:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ahs---- 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2002-10-16 17:57 81920 C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-07-01 19:58 73728 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-08-07 15:03 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"MDM"=2 (0x2)
"ISPwdSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"Capture Device Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"comHost"=3 (0x3)
"rpcapd"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 13:00]
S4 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 14:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-17 02:00:07 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 23:40:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-18 23:48:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 05:47:28

Pre-Run: 122,851,233,792 bytes free
Post-Run: 122,821,980,160 bytes free

362 --- E O F --- 2008-06-15 09:03:12
kiranaus is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here