Thread: Command Service
View Single Post
Old 09-27-2006, 03:03 PM   #24 (permalink)
egotrippen
Registered User
 
Join Date: Sep 2006
Posts: 24
OS: XP


combofix:
Owner - 06-09-27 16:57:06.75 Service Pack 2
ComboFix 06.09.25 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-08-27 to 2006-09-27 ))))))))))))))))))))))))))))))))))


2006-09-07 20:37 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2006-09-06 15:52 127,208 --a------ C:\WINDOWS\system32\mucltui.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-27 15:52 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-27 15:51 -------- d-------- C:\Program Files\Internet Explorer
2006-09-27 15:49 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-27 14:12 -------- d-------- C:\Program Files\CleanUp!
2006-09-27 14:00 -------- d-------- C:\Program Files\Common Files
2006-09-27 13:16 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-09-27 13:15 -------- d-------- C:\Program Files\Trillian
2006-09-26 13:14 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-09-25 10:46 -------- d-------- C:\Program Files\Symantec
2006-09-25 10:46 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-24 19:33 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-09-24 19:18 -------- d-------- C:\Documents and Settings\Owner\Application Data\foobar2000
2006-09-23 16:35 -------- d-------- C:\Program Files\G6 U-DISK Manager
2006-09-23 02:26 -------- d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2006-09-21 11:30 -------- d-------- C:\Program Files\WinPLOSION
2006-09-18 23:50 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-18 23:50 -------- d-------- C:\Program Files\Common Files\Real
2006-09-18 23:45 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-09-18 11:04 -------- d-------- C:\Program Files\WinRAR
2006-09-11 21:22 -------- d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2006-09-06 15:44 -------- d-------- C:\Program Files\Network Associates
2006-09-06 15:44 -------- d-------- C:\Program Files\Common Files\Cisco Systems
2006-09-06 15:43 -------- d-------- C:\Program Files\Common Files\Network Associates
2006-09-06 15:29 -------- d-------- C:\Program Files\Outlook Express
2006-09-06 15:29 -------- d-------- C:\Program Files\Messenger
2006-09-06 15:29 -------- d-------- C:\Program Files\Common Files\System
2006-08-25 21:38 -------- d-------- C:\Program Files\Movie Player
2006-08-24 03:07 -------- d-------- C:\Program Files\2BrightSparks
2006-08-23 22:36 -------- d-------- C:\Program Files\Azureus
2006-08-23 19:12 -------- d-------- C:\Documents and Settings\Owner\Application Data\Help
2006-08-23 19:08 -------- d-------- C:\Program Files\PowerQuest
2006-08-22 13:40 -------- d-------- C:\Documents and Settings\Owner\Application Data\Sun
2006-08-21 13:09 873 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2006-08-21 13:09 0 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini
2006-08-21 13:09 -------- d-------- C:\Program Files\Adobe
2006-08-21 13:04 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-21 13:04 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-08-21 12:28 -------- d-------- C:\Program Files\DivX
2006-08-21 12:26 -------- d-------- C:\Program Files\ffdshow
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-21 02:53 167936 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-08-21 02:36 -------- d-------- C:\Program Files\Illustrate
2006-08-19 23:30 -------- d-------- C:\Program Files\illiminable
2006-08-19 20:41 -------- d-------- C:\Program Files\MsnMusic
2006-08-19 20:40 -------- d-------- C:\Program Files\Windows Media Player
2006-08-19 01:11 -------- d-------- C:\Program Files\Java
2006-08-19 01:08 -------- d-------- C:\Program Files\Common Files\Java
2006-08-04 11:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-04 11:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-03 22:00 -------- d-a------ C:\Program Files\snes9xw-1.5
2006-08-03 16:53 -------- d-------- C:\Program Files\oggenc
2006-08-03 16:47 -------- d-------- C:\Program Files\Exact Audio Copy
2006-07-30 12:32 -------- d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 22:05 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-03 17:40 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-07-03 17:40 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-07-03 17:40 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-07-03 17:40 620180 --a------ C:\WINDOWS\system32\DivX.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zero Knowledge Freedom"="C:\\Program Files\\Zero Knowledge\\Freedom\\AutoStarterR.exe"
"WinPLOSION"="\"C:\\Program Files\\WinPLOSION\\winplosion.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"Share-to-Web Namespace Daemon"="c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"pcucb187"="RUNDLL32.EXE w002935c.dll,n 004cb18300000005002935c"
"nwiz"="nwiz.exe /installquiet /keeploaded"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"EPSON Stylus C62 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S0BIC1.EXE /P23 \"EPSON Stylus C62 Series\" /O6 \"USB001\" /M \"Stylus C62\""
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"BlockTracker"="c:\\hp\\bin\\BlockTracker.exe"
"BCNT"="C:\\PROGRA~1\\AWS\\WEATHE~1\\BCNT.EXE"
"AutoTBar"="C:\\hp\\bin\\autotbar.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b5
"NoRecentDocsMenu"=hex:01,00,00,00
"NoActiveDesktop"=hex:01,00,00,00
"NoDrives"=hex:00,00,00,00
"NoDriveAutoRun"=hex:fd,03,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5b,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Wed 09/27/2006 16:57:56.57
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
egotrippen is offline