Thread: Hidden Files can't be shown..[moved from xp]
View Single Post
Old 11-15-2008, 09:45 PM   #8 (permalink)
naj113
Registered User
 
Join Date: Nov 2008
Posts: 8
OS: Win Xp


Re: Hidden Files can't be shown..[moved from xp]
Sorry Reid..i forgot to download it..here is the latest log:


ComboFix 08-11-13.02 - legolas 2008-11-16 12:34:17.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.983 [GMT 8:00]
Running from: d:\my documents\Downloads\Programs\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-15 17:21 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis
2008-11-15 14:54 . 2008-11-14 03:11 99,670 -r-hs---- C:\lky.exe
2008-11-15 13:50 . 2008-11-15 13:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-15 13:50 . 2008-11-15 18:22 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-14 03:11 . 2008-11-14 03:11 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll
2008-11-13 18:54 . 2008-11-14 03:11 99,670 -r-hs---- c:\windows\system32\kamsoft.exe
2008-11-13 18:54 . 2008-11-16 10:15 85,504 -r-hs---- c:\windows\system32\gasretyw0.dll
2008-11-07 17:33 . 2008-11-07 17:33 109,879 -r-hs---- C:\sq.com
2008-11-05 01:47 . 2008-11-05 01:47 <DIR> d-------- C:\rsit
2008-11-05 01:33 . 2008-11-05 01:34 250 --a------ c:\windows\gmer.ini
2008-11-03 21:27 . 2008-11-03 21:27 37,473 --a------ c:\windows\system32\muzika.xm
2008-11-03 21:26 . 2008-11-03 21:26 <DIR> d-------- c:\program files\Alwil Software
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys
2008-11-03 13:40 . 2001-08-17 13:52 18,688 --a------ c:\windows\system32\dllcache\cdaudio.sys
2008-10-26 20:10 . 2008-10-26 20:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-10-26 19:20 . 2008-10-26 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira(2)
2008-10-26 14:58 . 2008-11-09 02:05 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-26 14:58 . 2008-10-26 14:58 1,409 --a------ c:\windows\QTFont.for
2008-10-26 05:16 . 2008-10-26 05:16 <DIR> d--hs---- C:\FOUND.027
2008-10-23 00:42 . 2008-10-23 00:42 <DIR> d-------- C:\Star Wars Jedi Knight - Jedi Academy (2 Cds)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-09-29 14:20 --------- d-----w c:\documents and settings\legolas\Application Data\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Metacafe
2008-09-29 14:16 --------- d-----w c:\program files\Common Files\Akamai
2008-09-17 12:34 --------- d-----w c:\documents and settings\legolas\Application Data\Sony Corporation
2008-09-17 12:26 --------- d-----w c:\program files\Sony
2008-09-17 12:25 --------- d-----w c:\documents and settings\legolas\Application Data\InstallShield
2008-09-17 05:16 --------- d-----w c:\program files\MSECache
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-16_11.19.49.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-16 03:18:32 3,700 ----a-w c:\windows\SoftwareDistribution\EventCache\{51247BA0-12C9-4154-8D85-D1B112CF4F4E}.bin
- 2008-11-03 13:12:24 63,590 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-16 03:20:20 63,590 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 13:12:24 404,536 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-16 03:20:20 404,536 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 1372160]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-25 481280]
"Yahoo! Pager"="~c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"acerWireless"="c:\program files\acer\Wireless\Utility\WlanUtil.exe" [2004-06-09 417792]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 319488]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-09-08 106496]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-19 49152]
"tsnp2std"="c:\windows\tsnp2std.exe" [2005-11-03 106496]
"snp2std"="c:\windows\vsnp2std.exe" [2005-08-16 339968]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-01-31 385024]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" [2007-08-30 61440]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

c:\documents and settings\legolas\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]
Wallpaper Calendar.lnk - c:\program files\zepsoft\Wallpaper Calendar\WallCal3.exe [2002-10-20 1226752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-03-16 10872]
VersionTrackerPro.lnk - c:\windows\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-07-09 53248]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 11:27 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25350:TCP"= 25350:TCP:BitComet 25350 TCP
"25350:UDP"= 25350:UDP:BitComet 25350 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]
R2 Gizmo Plugin;Gizmo VoIP Service;"c:\program files\GizmoPlugin\GizmoPlugin.exe" [2008-01-13 962048]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-09-17 974464]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2008-11-03 18688]
S3 CAM1690;USB PC CAMERA 301P;c:\windows\system32\Drivers\cam1690.sys [2007-09-20 177280]
S3 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\Drivers\epm-shd.sys []
S3 MR97310_VGA_DUAL_CAMERA;Digital Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2007-12-28 115790]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2007-12-12 8816128]
S3 usb2vcom;USB Data Cable;c:\windows\system32\DRIVERS\usb2vcom.sys [2007-10-21 29152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\lky.exe
\Shell\explore\Command - C:\lky.exe
\Shell\open\Command - C:\lky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\lky.exe
\Shell\explore\Command - D:\lky.exe
\Shell\open\Command - D:\lky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c146a76-4f06-11dd-9d97-001167061156}]
\Shell\AutoRun\command - G:\lky.exe
\Shell\explore\Command - G:\lky.exe
\Shell\open\Command - G:\lky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3905910-ff15-11dc-9d41-001167061156}]
\Shell\AutoRun\command - H:\sq.com
\Shell\explore\Command - H:\sq.com
\Shell\open\Command - H:\sq.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3905911-ff15-11dc-9d41-001167061156}]
\Shell\AutoRun\command - G:\sq.com
\Shell\explore\Command - G:\sq.com
\Shell\open\Command - G:\sq.com

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
"c:\program files\Internet Explorer\iexplore.exe" -userconfig
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\legolas\Application Data\Mozilla\Firefox\Profiles\cnbdkcak.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com.my
FF -: plugin - c:\progra~1\YAHOO!\COMMON\npyaxmpb.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 12:35:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3447.dll"
.
Completion time: 2008-11-16 12:36:11
ComboFix-quarantined-files.txt 2008-11-16 04:36:08
ComboFix3.txt 2008-11-16 03:20:38
ComboFix2.txt 2008-11-16 04:15:00

Pre-Run: 4,906,647,552 bytes free
Post-Run: 4,887,642,112 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

232 --- E O F --- 2008-11-13 19:01:11
Attached Files
File Type: txt ComboFix.txt (16.0 KB, 0 views)
naj113 is offline