|
Registered User
Join Date: Sep 2006
Posts: 24
OS: XP
|
combofix log:
Owner - 06-09-27 12:28:48.18 Service Pack 2
ComboFix 06.09.25 - Running from: "C:\Documents and Settings\Owner\Desktop"
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Owner\Application Data\Dxcknwrd.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2006-08-27 to 2006-09-27 ))))))))))))))))))))))))))))))))))
2006-09-24 19:29 215,308 --a------ C:\WINDOWS\srvtcogesu.exe
2006-09-24 19:28 215,308 --a------ C:\WINDOWS\srvczpqlfm.exe
2006-09-24 19:23 215,308 --a------ C:\WINDOWS\srvotfewuo.exe
2006-09-24 14:04 4,096 -rah----- C:\WINDOWS\system32\svch05t.dll
2006-09-24 14:03 95,232 --a------ C:\WINDOWS\system32\ulhakjl.dll
2006-09-24 14:03 72,704 --a------ C:\WINDOWS\system32\nlkkmve.dll
2006-09-24 14:02 32,768 --a------ C:\WINDOWS\1205.exe
2006-09-24 14:02 215,308 --a------ C:\WINDOWS\srvjfwxbdl.exe
2006-09-23 12:58 893 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-09-23 02:31 45,065 --a------ C:\WINDOWS\TIELT001.exe
2006-09-23 02:31 32,768 --a------ C:\WINDOWS\DXCecho.exe
2006-09-23 02:31 268,581 --a------ C:\WINDOWS\popupwithcast.exe
2006-09-23 02:31 139,264 --a------ C:\WINDOWS\MirarSetup_876057.exe
2006-09-23 02:31 1,233 --a------ C:\WINDOWS\system32\pcucb187.sys
2006-09-23 02:25 19,456 --a------ C:\WINDOWS\system32\2000.exe
2006-09-22 15:19 19,456 --a------ C:\WINDOWS\system32\index.exe
2006-09-22 14:24 19,456 --a------ C:\WINDOWS\system32\500.exe
2006-09-22 13:19 19,456 --a------ C:\WINDOWS\system32\100.exe
2006-09-22 12:49 19,456 --a------ C:\WINDOWS\system32\pusk.exe
2006-09-22 10:36 53,248 --a------ C:\WINDOWS\uni_7eh.exe
2006-09-22 07:33 19,456 --a------ C:\WINDOWS\system32\unload.exe
2006-09-21 13:16 4,096 -rah----- C:\WINDOWS\system32\svch10.dll
2006-09-07 20:37 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2006-09-06 15:52 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-27 12:25 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-27 02:29 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-09-26 21:31 -------- d-------- C:\Program Files\Trillian
2006-09-26 13:14 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-09-26 03:06 -------- d-------- C:\Program Files\Common Files
2006-09-25 10:46 -------- d-------- C:\Program Files\Symantec
2006-09-25 10:46 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-24 19:33 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-09-24 19:18 -------- d-------- C:\Documents and Settings\Owner\Application Data\foobar2000
2006-09-24 19:09 -------- d-------- C:\Program Files\Common Files\oqum
2006-09-23 16:35 -------- d-------- C:\Program Files\G6 U-DISK Manager
2006-09-23 02:26 -------- d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2006-09-21 11:30 -------- d-------- C:\Program Files\WinPLOSION
2006-09-18 23:50 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-18 23:50 -------- d-------- C:\Program Files\Common Files\Real
2006-09-18 23:45 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-09-18 11:04 -------- d-------- C:\Program Files\WinRAR
2006-09-11 21:22 -------- d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2006-09-06 15:44 -------- d-------- C:\Program Files\Network Associates
2006-09-06 15:44 -------- d-------- C:\Program Files\Common Files\Cisco Systems
2006-09-06 15:43 -------- d-------- C:\Program Files\Common Files\Network Associates
2006-09-06 15:32 -------- d-------- C:\Program Files\Internet Explorer
2006-09-06 15:29 -------- d-------- C:\Program Files\Outlook Express
2006-09-06 15:29 -------- d-------- C:\Program Files\Messenger
2006-09-06 15:29 -------- d-------- C:\Program Files\Common Files\System
2006-08-25 21:38 -------- d-------- C:\Program Files\Movie Player
2006-08-24 03:07 -------- d-------- C:\Program Files\2BrightSparks
2006-08-23 22:36 -------- d-------- C:\Program Files\Azureus
2006-08-23 19:12 -------- d-------- C:\Documents and Settings\Owner\Application Data\Help
2006-08-23 19:08 -------- d-------- C:\Program Files\PowerQuest
2006-08-22 13:40 -------- d-------- C:\Documents and Settings\Owner\Application Data\Sun
2006-08-21 13:09 873 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2006-08-21 13:09 0 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini
2006-08-21 13:09 -------- d-------- C:\Program Files\Adobe
2006-08-21 13:04 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-21 13:04 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-08-21 12:28 -------- d-------- C:\Program Files\DivX
2006-08-21 12:26 -------- d-------- C:\Program Files\ffdshow
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-21 02:53 167936 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-08-21 02:36 -------- d-------- C:\Program Files\Illustrate
2006-08-19 23:30 -------- d-------- C:\Program Files\illiminable
2006-08-19 20:41 -------- d-------- C:\Program Files\MsnMusic
2006-08-19 20:40 -------- d-------- C:\Program Files\Windows Media Player
2006-08-19 01:11 -------- d-------- C:\Program Files\Java
2006-08-19 01:08 -------- d-------- C:\Program Files\Common Files\Java
2006-08-14 20:52 78848 --a------ C:\WINDOWS\system32\nsr10.dll
2006-08-04 11:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-04 11:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-03 22:00 -------- d-a------ C:\Program Files\snes9xw-1.5
2006-08-03 16:53 -------- d-------- C:\Program Files\oggenc
2006-08-03 16:47 -------- d-------- C:\Program Files\Exact Audio Copy
2006-07-30 12:32 -------- d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 22:05 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-03 17:40 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-07-03 17:40 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-07-03 17:40 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-07-03 17:40 620180 --a------ C:\WINDOWS\system32\DivX.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
"oqum"="C:\\PROGRA~1\\COMMON~1\\oqum\\oqumm.exe"
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sachost"="C:\\WINDOWS\\sachostx.exe"
"ms052346715437"="C:\\WINDOWS\\ms052346715437.exe"
"win32074671543723"="C:\\WINDOWS\\win32074671543723.exe"
"ms047234671543"="C:\\WINDOWS\\ms047234671543.exe"
"Zero Knowledge Freedom"="C:\\Program Files\\Zero Knowledge\\Freedom\\AutoStarterR.exe"
"WinPLOSION"="\"C:\\Program Files\\WinPLOSION\\winplosion.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"stonedrv"="c:\\windows\\system32\\stonedrv.exe"
"Share-to-Web Namespace Daemon"="c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"pcucb187"="RUNDLL32.EXE w002935c.dll,n 004cb18300000005002935c"
"nwiz"="nwiz.exe /installquiet /keeploaded"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NAV CfgWiz"="C:\\PROGRA~1\\NORTON~1\\Cfgwiz.exe /R"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"EPSON Stylus C62 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S0BIC1.EXE /P23 \"EPSON Stylus C62 Series\" /O6 \"USB001\" /M \"Stylus C62\""
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"BlockTracker"="c:\\hp\\bin\\BlockTracker.exe"
"BCNT"="C:\\PROGRA~1\\AWS\\WEATHE~1\\BCNT.EXE"
"AutoTBar"="C:\\hp\\bin\\autotbar.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"win32086715437234"="C:\\WINDOWS\\win32086715437234.exe"
"{35-59-9C-CB-ZN}"="C:\\windows\\system32\\ordsregs.exe ELT001"
"sys015437234671"="C:\\WINDOWS\\sys015437234671.exe"
"ms063467154372"="C:\\WINDOWS\\ms063467154372.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b5
"NoRecentDocsMenu"=hex:01,00,00,00
"NoActiveDesktop"=hex:01,00,00,00
"NoDrives"=hex:00,00,00,00
"NoDriveAutoRun"=hex:fd,03,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5b,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: Wed 09/27/2006 12:32:03.03
ComboFix.txt
ComboFix2.txt
|