Tech Support Forum - View Single Post

cwhalen · 07-28-2006, 05:52 PM

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))

No infected files found
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-06-26 18:20:46 ( .D... ) "C:\Program Files\SpywareGuard"
2006-06-26 15:30:42 47564 ( A.SHR ) "C:\NTDETECT.COM"
2006-06-23 18:00:12 ( .D... ) "C:\Program Files\Common Files\Java"
2006-06-21 14:23:06 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-08 12:08:36 534208 ( A.... ) "C:\WINDOWS\system32\SymNeti.dll"
2006-06-08 12:08:36 161472 ( A.... ) "C:\WINDOWS\system32\SymRedir.dll"
2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-16 14:34:38 87808 ( A.... ) "C:\WINDOWS\system32\S32EVNT1.DLL"
2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\system32\java.exe"
2002-09-11 09:26:52 63730 ( A.... ) "C:\Program Files\viewsonicinstruct_xp.pdf"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-07-03 20:40 78,488 C:\WINDOWS\system32\XMD5.dll
2006-07-03 20:40 101,888 C:\WINDOWS\system32\vb6stkit.dll
2006-06-26 18:30 21,312 C:\WINDOWS\choice.exe
2006-06-23 18:23 266,391,552 C:\hiberfil.sys
2006-06-23 18:01 53,346 C:\WINDOWS\system32\javaw.exe
2006-06-23 18:01 49,248 C:\WINDOWS\system32\java.exe
2006-06-23 18:01 127,078 C:\WINDOWS\system32\javaws.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SmcService"="\"C:\\PROGRA~1\\Sygate\\SPF\\smc.exe\" -startgui"
"CleanIt"="\"C:\\Program Files\\CleanIt\\cleanit.exe\""
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NAV CfgWiz"="\"C:\\Program Files\\Norton AntiVirus\\CfgWiz.exe\" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE \"REBOOT\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Microsoft Works Update Detection"="\"c:\\Program Files\\Microsoft Works\\WkDetect.exe\""
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{E8DEC8EA-8D80-4ec6-AF6B-190A765F1D2F}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Carol Whalen.job

Completion time: Fri 07/28/2006 18:49:57.31
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-28.184704.txt
ComboFix.2006-07-28.184940.txt

07-28-2006, 05:52 PM	#8 (permalink)
cwhalen Registered User Join Date: Jun 2006 Posts: 41 OS: windows xp	new log (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log ))))))))))))))))))))))))))))))))))))))))))))))))))))) No infected files found (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-06-26 18:20:46 ( .D... ) "C:\Program Files\SpywareGuard" 2006-06-26 15:30:42 47564 ( A.SHR ) "C:\NTDETECT.COM" 2006-06-23 18:00:12 ( .D... ) "C:\Program Files\Common Files\Java" 2006-06-21 14:23:06 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-08 12:08:36 534208 ( A.... ) "C:\WINDOWS\system32\SymNeti.dll" 2006-06-08 12:08:36 161472 ( A.... ) "C:\WINDOWS\system32\SymRedir.dll" 2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll" 2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll" 2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll" 2006-05-16 14:34:38 87808 ( A.... ) "C:\WINDOWS\system32\S32EVNT1.DLL" 2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\system32\javaws.exe" 2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\system32\javaw.exe" 2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\system32\java.exe" 2002-09-11 09:26:52 63730 ( A.... ) "C:\Program Files\viewsonicinstruct_xp.pdf" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-03 20:40 78,488 C:\WINDOWS\system32\XMD5.dll 2006-07-03 20:40 101,888 C:\WINDOWS\system32\vb6stkit.dll 2006-06-26 18:30 21,312 C:\WINDOWS\choice.exe 2006-06-23 18:23 266,391,552 C:\hiberfil.sys 2006-06-23 18:01 53,346 C:\WINDOWS\system32\javaw.exe 2006-06-23 18:01 49,248 C:\WINDOWS\system32\java.exe 2006-06-23 18:01 127,078 C:\WINDOWS\system32\javaws.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SmcService"="\"C:\\PROGRA~1\\Sygate\\SPF\\smc.exe\" -startgui" "CleanIt"="\"C:\\Program Files\\CleanIt\\cleanit.exe\"" "Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\"" "Logitech Utility"="Logi_MwX.Exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe\"" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "NAV CfgWiz"="\"C:\\Program Files\\Norton AntiVirus\\CfgWiz.exe\" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE \"REBOOT\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Microsoft Works Update Detection"="\"c:\\Program Files\\Microsoft Works\\WkDetect.exe\"" "MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\"" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{E8DEC8EA-8D80-4ec6-AF6B-190A765F1D2F}"="" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="" HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Carol Whalen.job Completion time: Fri 07/28/2006 18:49:57.31 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt ComboFix.2006-07-28.184704.txt ComboFix.2006-07-28.184940.txt