Thread: Need help on possible mal-ware and clean up
View Single Post
Old 07-01-2009, 11:46 PM   #22 (permalink)
Justin1002
Registered User
 
Join Date: Jun 2009
Posts: 29
OS: xp


Re: Need help on possible mal-ware and clean up
Here are my log from the looks of it it does not look good D:

Sorry for long reply scan took 5 hours

ComboFix 09-06-29.07 - HP_Administrator 30/06/2009 17:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1381 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090630-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg7
c:\documents and settings\All Users\Application Data\avg7\Log\emc.log
c:\documents and settings\HP_Administrator\Application Data\AVG7
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\Support Controls\msvcr71.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sprtctlbr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sprtctlln.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sprtctlwmi.dll
c:\program files\Common Files\Symantec Shared\Support Controls\sprtlisten.exe
c:\program files\Common Files\Symantec Shared\Support Controls\SymAData.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymControlChecker.dll
c:\program files\Common Files\Symantec Shared\Support Controls\SymXPep2.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlpr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsi.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsr.dll
c:\program files\Common Files\Symantec Shared\Support Controls\tgctlss.dll
c:\program files\FrostWire
c:\program files\FrostWire\hs_err_pid4124.log
c:\program files\FrostWire\hs_err_pid4716.log
c:\program files\FrostWire\hs_err_pid500.log
c:\program files\FrostWire\log.txt
c:\program files\FrostWire\seenMessages.dat

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-29 03:42 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-06-29 03:42 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2009-06-28 17:32 . 2009-06-28 17:32 627 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DA6C5A23B7F1A041B04320B581B8BEC.dll
2009-06-27 15:53 . 2009-06-27 15:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DivX
2009-06-27 15:13 . 2009-06-27 15:13 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-06-27 04:33 . 2008-04-20 21:50 33088 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-06-26 19:24 . 2005-08-26 01:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-06-26 19:24 . 2009-06-27 17:51 -------- d-----w- c:\program files\SpywareBlaster
2009-06-26 19:11 . 2009-06-26 19:10 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-26 19:08 . 2009-06-26 19:08 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-20 01:41 . 2009-06-25 15:38 -------- d-----w- c:\program files\Warkeys
2009-06-20 01:30 . 2009-06-20 01:30 -------- d-----w- c:\windows\ShellNew
2009-06-20 01:30 . 2009-06-20 01:30 -------- d-----w- c:\program files\AutoHotkey
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-03 22:12 . 2009-06-03 22:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-06-02 23:24 . 2009-06-02 23:28 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-02 23:22 . 2009-06-02 23:22 -------- d-----w- c:\program files\Regensoft
2009-06-02 23:22 . 2009-06-02 23:22 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-02 23:22 . 2009-06-02 23:22 -------- d-----w- c:\program files\Red Kawa
2009-06-01 01:48 . 2009-06-01 02:28 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 23:41 . 2007-09-02 03:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-30 23:40 . 2007-09-02 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-30 23:34 . 2007-11-12 23:42 -------- d-----w- c:\program files\Warcraft III
2009-06-30 20:03 . 2006-11-16 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-30 04:47 . 2008-07-09 05:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-28 17:32 . 2009-06-28 17:32 184 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_116B3484BCF88244C832130D5AAE1E46.dll
2009-06-28 17:32 . 2009-06-28 17:32 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
2009-06-28 17:32 . 2009-06-28 17:32 108 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
2009-06-28 17:32 . 2009-06-28 17:32 41 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_096825A1D2A65CB41B34C8A48E1DD969.dll
2009-06-28 17:32 . 2009-06-28 17:32 823 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_01E4D47B330100000000000000000010.dll
2009-06-28 17:32 . 2009-06-28 17:32 68 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0677512BC3AAE2E4FB6E2DB05C42599D.dll
2009-06-28 17:32 . 2009-06-28 17:32 57 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0690FB333ABD78146BCC9C96CFAFD252.dll
2009-06-28 17:32 . 2009-06-28 17:32 191 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_07ED75EFED5946B4296648AD180135BD.dll
2009-06-28 17:32 . 2009-06-28 17:32 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_038648152B7E812498867BF7F04F578B.dll
2009-06-28 17:32 . 2009-06-28 17:32 58 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0132103250E35A64889A6CBCACCBCA97.dll
2009-06-28 17:32 . 2009-06-28 17:32 833 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll
2009-06-28 17:32 . 2009-06-28 17:32 -------- d-----w- c:\program files\Security Task Manager
2009-06-27 17:51 . 2007-06-07 01:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-27 15:07 . 2008-03-09 19:58 -------- d-----w- c:\program files\CCleaner
2009-06-27 14:52 . 2009-03-13 23:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Xfire
2009-06-27 14:51 . 2009-04-30 23:04 -------- d-----w- c:\program files\Steam
2009-06-26 19:09 . 2006-11-16 19:53 -------- d-----w- c:\program files\Java
2009-06-25 15:37 . 2009-03-13 23:19 -------- d-----w- c:\program files\Xfire
2009-06-03 06:03 . 2007-04-09 20:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent
2009-06-02 23:29 . 2006-11-16 20:28 -------- d-----w- c:\program files\DivX
2009-06-01 04:24 . 2007-11-10 15:50 -------- d-----w- c:\program files\Windows Live
2009-05-29 20:23 . 2008-06-27 23:56 78054 ----a-w- c:\windows\War3Unin.dat
2009-05-21 00:22 . 2009-05-21 00:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\RapidCRC
2009-05-21 00:16 . 2009-05-21 00:16 -------- d-----w- c:\program files\RapidCRC
2009-05-17 17:39 . 2007-08-12 22:30 -------- d-----w- c:\program files\StepMania
2009-05-07 15:44 . 2004-08-09 21:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 01:13 . 2009-05-07 00:06 -------- d-----w- c:\program files\Antares Audio Technologies
2009-05-07 01:02 . 2009-01-08 14:42 -------- d-----w- c:\program files\Perfect World Entertainment
2009-05-07 01:01 . 2009-05-05 22:41 -------- d-----w- c:\program files\City of Heroes
2009-05-07 00:59 . 2006-11-16 20:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-07 00:52 . 2008-07-11 19:28 -------- d-----w- c:\program files\MindArk
2009-05-07 00:40 . 2008-02-18 21:57 -------- d-----w- c:\program files\OGPlanet
2009-05-07 00:39 . 2009-01-18 16:09 -------- d-----w- c:\program files\Sword Of The New World
2009-05-07 00:13 . 2009-05-07 00:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PACE Anti-Piracy
2009-05-07 00:13 . 2009-05-07 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-05-07 00:13 . 2009-05-07 00:13 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2009-05-05 21:53 . 2009-05-05 21:53 -------- d-----w- c:\program files\IAHGames
2009-04-29 04:56 . 2004-08-09 21:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-09 21:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 20:25 . 2007-04-09 22:30 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2006-11-16 20:22 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2006-11-16 20:22 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-15 15:26 . 2004-08-09 21:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-11 22:37 . 2009-04-11 22:37 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-08 04:42 . 2006-11-16 20:22 63432 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 21:32 . 2009-04-08 22:11 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 21:32 . 2009-04-08 22:11 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-01-17 04:02 . 2008-01-17 04:02 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-05-19 23:44 . 2007-05-19 23:44 393 ----a-w- c:\program files\Shortcut to Program Files.lnk
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-01-29 00:49 . 2009-01-29 00:49 62976 ----a-w- c:\program files\mozilla firefox\plugins\uc_sfighters_launching.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 --sh--r- c:\windows\@@desktop.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_20.26.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-30 23:41 . 2009-06-30 23:41 16384 c:\windows\Temp\Perflib_Perfdata_660.dat
+ 2009-06-30 23:41 . 2009-06-30 23:41 16384 c:\windows\Temp\Perflib_Perfdata_140.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2003-07-13 155648]
"Motive SmartBridge"="c:\progra~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [2007-07-26 393216]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-26 148888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-13 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-1-7 2074360]
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-5-3 244736]
Warkeys Update.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-5-3 244736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TELUS eCare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TELUS eCare.lnk
backup=c:\windows\pss\TELUS eCare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56368:TCP"= 56368:TCP:Pando Media Booster
"56368:UDP"= 56368:UDP:Pando Media Booster
"13960:TCP"= 13960:TCP:*:Disabled:SolidNetworkManager
"13960:UDP"= 13960:UDP:*:Disabled:SolidNetworkManager
"25095:TCP"= 25095:TCP:*:Disabled:SolidNetworkManager
"25095:UDP"= 25095:UDP:*:Disabled:SolidNetworkManager
"18329:TCP"= 18329:TCP:*:Disabled:SolidNetworkManager
"18329:UDP"= 18329:UDP:*:Disabled:SolidNetworkManager

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [08/05/2008 3:47 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/05/2008 3:47 PM 20560]
S3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [16/11/2006 2:09 PM 82048]
S3 geebers12;geebers12;\??\c:\documents and settings\HP_Administrator\Desktop\Buffy Engine 2.1\nvid888.sys --> c:\documents and settings\HP_Administrator\Desktop\Buffy Engine 2.1\nvid888.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 2:22 PM 34064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sys --> c:\windows\system32\XDva225.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-03 02:50]

2009-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1102481662-1838141973-3530339067-1007.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-05 22:34]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=64&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: ShaPlus Google Translator - c:\program files\ShaPlus Google Translator\GoogleTranslator.dll/ie.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\m47pkzqh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\m47pkzqh.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 17:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2009-06-30 18:00
ComboFix-quarantined-files.txt 2009-07-01 00:00
ComboFix2.txt 2009-06-30 20:28

Pre-Run: 140,902,387,712 bytes free
Post-Run: 140,880,089,088 bytes free

267 --- E O F --- 2009-06-28 17:59

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 1, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 01, 2009 20:50:31
Records in database: 2412125
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 601245
Threat name: 2
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 07:53:27


File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\Desktop\Musicccc\loltastic.dll Infected: Backdoor.Win32.IRCBot.kwd 1
C:\Documents and Settings\HP_Administrator\Desktop\Musicccc\loltastic.rar Infected: Backdoor.Win32.IRCBot.kwd 1
D:\I386\APPS\APP06901\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
D:\I386\APPS\APP06901\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1

The selected area was scanned.
Attached Files
File Type: txt cflog.txt (21.2 KB, 1 views)
File Type: txt KASPER.txt (1.3 KB, 1 views)
Last edited by TheBruce1; 07-02-2009 at 03:41 AM.
Justin1002 is offline