Thread: Recieved bad email from facebook
View Single Post
Old 11-17-2008, 10:05 AM   #7 (permalink)
highnshy
Registered User
 
highnshy's Avatar
 
Join Date: Nov 2008
Location: Canada
Posts: 24
OS: xp


Re: Recieved bad email from facebook
ComboFix 08-11-16.05 - CDE Student 2008-11-17 12:01:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.580 [GMT -5:00]
Running from: c:\documents and settings\CDE Student\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\CDE Student\Application Data\DriveCleaner Free
c:\documents and settings\CDE Student\Application Data\DriveCleaner Free\Logs\update.log
c:\documents and settings\CDE Student\Application Data\FunWebProducts
c:\documents and settings\CDE Student\Application Data\FunWebProducts\Data\CDE Student\avatar.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\367770
c:\windows\system32\367770\367770.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-17 07:35 . 2008-11-17 07:42 250 --a------ c:\windows\gmer.ini
2008-11-17 07:34 . 2008-11-17 07:34 <DIR> d-------- c:\program files\Trend Micro
2008-11-14 08:34 . 2008-11-14 08:34 <DIR> d-------- C:\DECCHECK
2008-11-13 11:28 . 2008-11-13 11:28 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-13 11:27 . 2008-11-13 11:27 <DIR> d-------- c:\program files\Sun
2008-11-13 09:24 . 2008-11-13 10:16 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-13 09:24 . 2008-11-13 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-11 17:53 . 2008-11-12 07:26 1 ---h----- c:\windows\f49f4daa.dat
2008-11-11 17:50 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 17:50 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-01 14:00 . 2008-11-09 18:30 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-01 14:00 . 2008-11-01 14:00 1,409 --a------ c:\windows\QTFont.for
2008-10-27 06:19 . 2008-10-27 06:19 <DIR> d-------- c:\program files\MSECache
2008-10-25 17:50 . 2008-10-25 17:50 <DIR> d-------- c:\program files\ACNielsen
2008-10-25 17:50 . 2008-10-25 17:50 <DIR> d-------- c:\documents and settings\CDE Student\Application Data\InstallShield
2008-10-25 17:50 . 2005-12-19 15:02 86,082 --a------ c:\windows\system32\ftdiunin.exe
2008-10-25 17:50 . 2005-12-19 15:02 77,890 --a------ c:\windows\system32\FTLang.dll
2008-10-25 17:50 . 2005-12-19 15:02 60,572 --a------ c:\windows\system32\drivers\ftser2k.sys
2008-10-25 17:50 . 2005-12-19 15:02 48,625 --a------ c:\windows\system32\ftserui2.dll
2008-10-25 17:50 . 2005-12-19 15:02 28,449 --a------ c:\windows\system32\drivers\ftdibus.sys
2008-10-25 17:50 . 2005-12-02 12:12 110 --a------ c:\windows\system32\ftdiun2k.ini
2008-10-24 06:14 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-19 08:45 . 2008-02-01 04:43 195,096 --a------ c:\windows\system32\lvci11701193.dll
2008-10-19 08:44 . 2008-10-19 08:44 <DIR> d-------- c:\program files\Logitech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 12:10 --------- d-----w c:\program files\lg_fwupdate
2008-11-13 16:30 --------- d-----w c:\program files\Java
2008-11-12 14:14 --------- d-----w c:\documents and settings\CDE Student\Application Data\AVG7
2008-11-08 22:43 --------- d-----w c:\documents and settings\CDE Student\Application Data\LimeWire
2008-10-25 23:33 --------- d-----w c:\program files\Common Files\logishrd
2008-10-25 22:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 13:44 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-04 13:52 --------- d-----w c:\program files\Google
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-19 12:41 --------- d-----w c:\program files\CyberLink DVD Solution
2008-09-19 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-18 14:49 --------- d-----w c:\program files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2004-10-01 19:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-24 218496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-07-12 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-14 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-09-19 249856]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"MegaPanel"="c:\program files\ACNielsen\Homescan Internet Transporter\HSTrans.exe" [2006-05-11 2064384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-13 136600]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-24 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~2\Power2Go\CLMP3Enc.ACM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S4 HID Input Service (HidServ) ;HID Input Service (HidServ) ;c:\program files\tinyproxy\tinyproxy.exe []

*Newly Created Service* - GMER
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Power2GoExpress - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 12:02:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-17 12:03:34
ComboFix-quarantined-files.txt 2008-11-17 17:03:19

Pre-Run: 63,448,981,504 bytes free
Post-Run: 63,624,523,776 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

149 --- E O F --- 2008-11-12 03:40:00
highnshy is offline