Thread: Help Needed Spyware.possible_website_hijack
View Single Post
Old 06-24-2009, 10:19 PM   #4 (permalink)
IggyPop
Registered User
 
IggyPop's Avatar
 
Join Date: Nov 2007
Posts: 16
OS: Win Xp Pro SP3


Re: Help Needed Spyware.possible_website_hijack
Hi Chemst,
Here is my Combofix report, I noticed it did not successfully install the recovery console?


ComboFix 09-06-23.01 - Shawn 06/24/2009 19:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2361 [GMT -8:00]
Running from: c:\documents and settings\Shawn\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - windows: deleted 96 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\emMON.exe
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 03:20 . 2009-05-23 08:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\NAVENG.SYS
2009-06-25 03:20 . 2009-05-23 08:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\NAVEX15.SYS
2009-06-25 03:20 . 2009-05-23 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\EECTRL.SYS
2009-06-25 03:20 . 2009-05-23 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\ECMSVR32.DLL
2009-06-25 03:20 . 2009-05-23 08:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\CCERASER.DLL
2009-06-25 03:20 . 2009-05-23 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\NAVENG32.DLL
2009-06-25 03:20 . 2009-05-23 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\NAVEX32A.DLL
2009-06-25 03:20 . 2009-05-23 08:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\ERASER.SYS
2009-06-25 03:10 . 2009-03-12 08:42 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-24 02:15 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-24 02:15 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys
2009-06-24 02:15 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-24 02:15 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-24 02:15 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSviA64.sys
2009-06-22 06:19 . 2009-06-22 06:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-06-22 06:18 . 2009-06-22 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-06-22 06:17 . 2009-06-22 06:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-06-22 06:17 . 2009-06-22 06:17 -------- d-----w- c:\documents and settings\Shawn\Application Data\Roxio
2009-06-21 18:26 . 2009-06-21 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-06-21 18:24 . 2009-06-21 18:25 37004560 ----a-w- c:\documents and settings\Shawn\Application Data\Research In Motion\BlackBerry\BlackBerryMediaSyncDM.exe
2009-06-21 05:45 . 2009-06-21 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprint
2009-06-21 05:39 . 2005-03-15 19:11 17920 ----a-w- c:\windows\system32\apintfnt.dll
2009-06-21 05:38 . 2008-11-25 02:04 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2009-06-21 05:31 . 2009-06-21 05:44 -------- d-----w- c:\program files\Sierra Wireless
2009-06-21 05:31 . 2009-06-21 05:44 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-06-21 05:12 . 2008-10-24 01:42 290816 ----a-w- c:\windows\vncutil.exe
2009-06-21 05:12 . 2008-06-24 22:46 104992 ----a-w- c:\windows\RtkAudioService.exe
2009-06-21 05:12 . 2009-06-21 05:12 -------- d-----w- C:\dell
2009-06-21 05:08 . 2009-06-21 05:10 -------- d-----w- c:\program files\HP_WebRelease
2009-06-21 05:07 . 2009-06-21 05:08 -------- d-----w- C:\NVidia
2009-06-21 04:44 . 2009-06-21 04:44 10134 ----a-r- c:\documents and settings\Shawn\Application Data\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
2009-06-21 04:44 . 2007-10-09 16:09 32280 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2009-06-21 04:44 . 2007-10-09 16:09 32152 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2009-06-21 04:44 . 2007-12-03 17:58 69632 ----a-w- c:\windows\system32\KemXML.dll
2009-06-21 04:44 . 2007-12-03 17:58 163840 ----a-w- c:\windows\system32\kemutb.dll
2009-06-21 04:44 . 2007-12-03 17:58 110592 ----a-w- c:\windows\system32\KemWnd.dll
2009-06-21 04:44 . 2007-12-03 17:58 131072 ----a-w- c:\windows\system32\KemUtil.dll
2009-06-21 04:44 . 2009-06-21 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-06-21 04:43 . 2009-06-21 04:43 10134 ----a-r- c:\documents and settings\Shawn\Application Data\Microsoft\Installer\{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}\ARPPRODUCTICON.exe
2009-06-21 04:04 . 2009-06-21 04:05 -------- d-----w- c:\documents and settings\Shawn\Local Settings\Application Data\eSupport.com
2009-06-21 04:04 . 2009-06-21 04:04 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-06-21 01:39 . 2009-06-21 01:39 -------- d-----w- c:\program files\VS Revo Group
2009-06-20 09:16 . 2002-08-19 02:43 794624 ----a-w- c:\windows\system32\spr32d35.dll
2009-06-20 09:05 . 2009-06-20 09:24 -------- d-----w- c:\program files\Punch! Landscape, Deck and Patio Designer
2009-06-20 03:21 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
2009-06-20 03:21 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
2009-06-20 03:21 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
2009-06-20 03:21 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
2009-06-20 03:21 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
2009-06-17 05:56 . 2008-05-14 20:33 121376 ----a-w- c:\windows\system32\bfLLR.dll
2009-06-17 05:56 . 2008-05-14 20:33 114720 ----a-w- c:\windows\system32\instLLR.exe
2009-06-17 04:17 . 2009-06-17 04:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-17 03:59 . 2009-06-17 03:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-17 02:57 . 2009-06-17 03:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-17 02:57 . 2009-06-17 03:02 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2009-06-17 02:57 . 2009-06-17 03:02 35328 ----a-w- c:\windows\system32\drivers\pcntpci5.sys
2009-06-17 02:57 . 2009-06-17 03:02 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2009-06-17 02:57 . 2009-06-17 03:02 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2009-06-17 02:57 . 2009-06-17 03:02 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys
2009-06-17 02:57 . 2009-06-17 03:02 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2009-06-17 02:36 . 2009-06-17 02:36 9728 ----a-w- c:\windows\system32\Native.exe
2009-06-17 02:36 . 2009-06-17 02:58 -------- d-----w- c:\program files\ReimageUndo
2009-06-16 09:22 . 2009-06-17 05:18 -------- d-----w- C:\rei
2009-06-16 09:22 . 2009-06-16 09:22 -------- d-----w- c:\program files\Reimage
2009-06-15 03:38 . 2009-06-15 03:38 152576 ----a-w- c:\documents and settings\Shawn\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-14 23:38 . 2009-06-14 23:39 -------- d-----w- c:\documents and settings\Shawn\Application Data\Blackberry Desktop
2009-06-13 03:50 . 2009-06-13 03:50 256 ----a-w- c:\documents and settings\Shawn\pool.bin
2009-06-11 20:33 . 2009-06-11 20:33 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-06-07 05:51 . 2009-06-07 05:52 -------- d-----w- c:\program files\Roxio
2009-06-07 05:51 . 2009-06-07 05:51 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-07 04:37 . 2009-06-22 08:08 256 ----a-w- c:\windows\system32\pool.bin
2009-06-07 04:36 . 2009-06-22 06:13 -------- d-----w- c:\documents and settings\Shawn\Application Data\Research In Motion
2009-06-07 04:13 . 2009-06-07 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-06-07 04:10 . 2009-06-22 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-06-07 04:10 . 2009-06-07 05:53 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-06-07 04:05 . 2007-01-18 18:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-06-07 04:03 . 2009-06-07 07:01 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-07 04:03 . 2009-06-21 18:26 -------- d-----w- c:\program files\Research In Motion
2009-06-07 03:37 . 2009-06-07 03:37 -------- d-sh--w- c:\windows\ftpcache
2009-05-31 09:06 . 2009-05-31 09:14 -------- d-----w- c:\documents and settings\Shawn\Application Data\vlc
2009-05-31 07:36 . 2009-06-02 02:24 -------- d-----w- c:\documents and settings\Shawn\dwhelper
2009-05-30 20:33 . 2009-05-30 20:33 -------- d-----w- c:\program files\Datel
2009-05-26 05:44 . 2004-12-19 04:32 38229 ------w- c:\windows\system32\drivers\StMp3Rec.sys
2009-05-26 05:37 . 2009-05-26 05:37 -------- d-----w- c:\windows\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 03:26 . 2008-11-15 22:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-25 03:26 . 2009-05-18 20:59 -------- d-----w- c:\program files\Spyware Doctor
2009-06-21 08:54 . 2008-11-15 00:03 -------- d-----w- c:\documents and settings\Shawn\Application Data\U3
2009-06-21 06:02 . 2009-02-22 21:40 1100352 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-21 04:50 . 2008-11-14 21:32 94608 ----a-w- c:\documents and settings\Shawn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-21 04:44 . 2009-06-21 04:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-06-21 04:44 . 2008-11-18 06:15 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-21 01:52 . 2009-04-20 03:50 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-06-21 01:52 . 2008-11-14 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 08:45 . 2008-11-15 00:03 -------- d-----w- c:\documents and settings\Shawn\Application Data\MSN6
2009-06-20 03:56 . 2009-02-02 06:02 -------- d-----w- c:\program files\Acronis
2009-06-20 03:45 . 2009-02-02 06:02 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-06-20 03:30 . 2009-05-24 06:54 -------- d-----w- c:\program files\Norton Save and Restore
2009-06-20 03:30 . 2008-11-16 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-19 06:49 . 2008-11-18 09:38 -------- d-----w- c:\program files\StarWarsGalaxies
2009-06-19 02:15 . 2009-04-29 19:26 117760 ----a-w- c:\documents and settings\Shawn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-18 15:46 . 2008-11-24 08:04 -------- d-----w- c:\program files\SpeedFan
2009-06-17 05:32 . 2008-11-28 02:38 -------- d-----w- c:\program files\Azureus
2009-06-17 04:50 . 2008-11-15 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-17 03:02 . 2004-08-04 10:00 285184 ----a-w- c:\windows\system32\gdi32.dll
2009-06-17 03:02 . 2004-08-04 10:00 246272 ----a-w- c:\windows\system32\es.dll
2009-06-17 03:02 . 2008-11-14 20:16 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-17 03:02 . 2004-08-04 10:00 92504 ----a-w- c:\windows\system32\cdm.dll
2009-06-17 03:02 . 2004-08-04 10:00 71680 ----a-w- c:\windows\system32\admparse.dll
2009-06-17 03:02 . 2004-08-04 10:00 35328 ----a-w- c:\windows\system32\corpol.dll
2009-06-17 03:02 . 2004-08-04 10:00 139264 ----a-w- c:\windows\system32\cscript.exe
2009-06-17 02:37 . 2005-03-30 01:21 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-06-17 02:37 . 2005-03-30 01:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-06-15 05:00 . 2009-06-15 05:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-06-15 04:59 . 2009-06-15 04:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-06-15 04:58 . 2009-06-15 04:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-06-15 04:58 . 2009-06-15 04:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-06-15 04:58 . 2009-06-15 04:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-15 03:51 . 2008-11-15 22:44 -------- d-----w- c:\program files\SpywareBlaster
2009-06-15 03:37 . 2009-02-07 19:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-13 07:35 . 2008-11-15 05:54 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-13 04:02 . 2008-11-15 19:46 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 17:51 . 2008-11-19 07:17 40584 ----a-w- c:\windows\system32\drivers\maplom.sys
2009-06-09 17:50 . 2008-11-19 07:17 43144 ----a-w- c:\windows\system32\drivers\maploml.sys
2009-06-07 04:10 . 2008-11-14 21:25 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-30 20:15 . 2008-11-28 12:02 -------- d-----w- c:\documents and settings\Shawn\Application Data\Azureus
2009-05-29 08:17 . 2008-11-19 06:56 -------- d-----w- c:\program files\Elaborate Bytes
2009-05-26 05:44 . 2009-04-09 03:36 -------- d-----w- c:\program files\iPod
2009-05-25 23:33 . 2009-05-25 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-25 23:32 . 2009-05-23 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-25 08:24 . 2008-05-27 07:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-24 22:26 . 2008-11-15 19:46 -------- d-----w- c:\program files\MSBuild
2009-05-24 07:11 . 2008-11-16 06:36 -------- d-----w- c:\documents and settings\Shawn\Application Data\Symantec
2009-05-24 06:46 . 2009-05-24 06:46 -------- d-----w- c:\program files\inKline Global
2009-05-24 06:25 . 2008-11-16 04:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-24 05:26 . 2009-05-24 05:26 -------- d-----r- c:\program files\Norton Support
2009-05-24 05:06 . 2008-11-16 04:03 -------- d-----w- c:\program files\Symantec
2009-05-24 05:06 . 2009-05-23 21:49 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-24 05:06 . 2009-05-23 21:49 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-24 05:06 . 2009-05-23 21:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-05-24 05:06 . 2009-05-23 21:49 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-23 22:35 . 2009-01-01 10:17 -------- d-----w- c:\program files\Bigfoot Networks
2009-05-23 22:20 . 2009-05-23 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-05-23 21:49 . 2009-05-23 21:49 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-05-23 21:49 . 2009-05-23 21:49 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-05-23 21:49 . 2009-05-23 21:49 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-05-23 21:48 . 2009-05-23 21:48 -------- d-----w- c:\program files\Norton Internet Security
2009-05-23 21:48 . 2009-05-23 21:48 -------- d-----w- c:\program files\Windows Sidebar
2009-05-23 21:47 . 2009-05-23 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-23 21:45 . 2009-05-23 21:45 -------- d-----w- c:\program files\NortonInstaller
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-18 21:04 . 2009-03-05 07:53 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-18 20:59 . 2009-05-18 20:59 -------- d-----w- c:\documents and settings\Shawn\Application Data\PC Tools
2009-05-17 10:16 . 2009-04-01 04:33 -------- d-----w- c:\documents and settings\Shawn\Application Data\uTorrent
2009-05-08 02:31 . 2009-05-08 02:31 -------- d-----w- c:\documents and settings\Shawn\Application Data\MSNInstaller
2009-05-02 04:47 . 2009-05-02 04:47 -------- d-----w- c:\program files\MSN Messenger
2009-05-01 21:54 . 2009-05-01 21:54 231176 ----a-w- c:\windows\system32\PDBoot.exe
2009-04-30 08:39 . 2008-11-15 05:33 -------- d-----w- c:\program files\Windows Live Toolbar
2009-04-30 08:28 . 2008-11-15 05:29 -------- d-----w- c:\program files\Windows Live
2009-04-30 07:33 . 2008-11-15 07:26 -------- d-----w- c:\program files\Dell Support Center
2009-04-29 05:20 . 2008-11-15 22:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-28 19:30 . 2009-02-22 08:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-04-06 23:32 . 2009-02-22 08:56 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 23:32 . 2009-02-22 08:56 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-03 19:18 . 2009-05-18 21:00 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-03-31 19:23 . 2009-05-18 21:04 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-03-31 19:23 . 2009-05-18 21:04 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-03-31 19:23 . 2009-05-18 21:04 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-03-31 19:23 . 2009-05-18 21:04 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-06-17 03:02 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ie7\wininet.dll
[7] 2007-08-14 03:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie8\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-08-20 05:38 659456 87E694D09893978F22024FEEEDF35342 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp2gdr\wininet.dll
[-] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp2qfe\wininet.dll
[-] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp3gdr\wininet.dll
[-] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp3qfe\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\wininet.dll
[-] 2009-06-17 03:03 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\system32\wininet.dll
[7] 2009-03-08 12:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]
"Reimage PC Booster"="c:\program files\Reimage\Reimage PC Booster\Postrebootexecuter.exe" [2009-06-23 83240]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-28 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-10-09 100888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-13 17531392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-20 679936]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 20:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-25 07:58 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Registration Tool.lnk]
backup=c:\windows\pss\Run Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Shawn^Start Menu^Programs^Startup^Neverwinter Nights Registration.lnk]
backup=c:\windows\pss\Neverwinter Nights Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\StarWarsGalaxies\\SwgClient_r.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/18/2009 1:00 PM 130936]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2/1/2009 10:02 PM 134272]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [5/23/2009 9:06 PM 310320]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2/1/2009 10:02 PM 971552]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [5/18/2009 1:04 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [5/18/2009 1:04 PM 39200]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [5/23/2009 9:06 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [5/23/2009 9:05 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys [6/23/2009 6:15 PM 276344]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [5/18/2009 1:02 PM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
R2 Killer Port Manager;Killer Port Manager;c:\program files\Bigfoot Networks\Killer Driver\PortManager.exe [6/16/2009 9:56 PM 236544]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [5/23/2009 9:05 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/25/2009 6:04 PM 101936]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [11/18/2008 11:17 PM 43144]
R3 NetB834x;Killer NIC Gaming Adapter Service;c:\windows\system32\drivers\NetB834x.sys [1/1/2009 2:18 AM 103072]
R3 NetbEdge;Killer NIC NDIS-Edge Service;c:\windows\system32\drivers\NetBEdge.sys [1/1/2009 2:18 AM 22048]
R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [4/4/2008 3:49 PM 136832]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [5/18/2009 1:04 PM 33056]
S0 Lbd;Lbd; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [11/14/2008 1:36 PM 26488]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/22/2008 9:50 PM 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/22/2009 12:56 AM 38496]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/17/2006 10:09 AM 35072]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [5/18/2009 12:59 PM 64392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/18/2009 12:59 PM 348752]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-Comrade - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 19:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B42C9E5A-A4DC-1B20-3BF4-7995B2A877E2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abajgkehfnccennnoppcjoigjhgimhphdj"=hex:6b,61,65,6c,61,64,66,6e,6c,6b,6b,6f,
64,66,6f,6c,61,64,68,6a,61,64,00,00
"pakfdanklgfmddfmcpopmomicbpacppn"=hex:6a,61,61,6b,6c,65,64,70,6d,65,63,68,66,
66,6e,64,6d,6f,67,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(948)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\system32\BfLLR.dll
.
Completion time: 2009-06-25 19:37
ComboFix-quarantined-files.txt 2009-06-25 03:37

Pre-Run: 58,814,095,360 bytes free
Post-Run: 58,885,259,264 bytes free

378
IggyPop is offline