Tech Support Forum - View Single Post

teevee · 10-08-2006, 12:46 AM

Computer seems to be running better. Here are the logs after running the programs you specified.

Combofix:

Mike - 06-10-07 22:10:56.73 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Mike\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 ))))))))))))))))))))))))))))))))))

2006-10-07 09:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-07 09:21 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-07 09:21 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-07 09:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-07 09:21 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-01 19:58 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-10-01 19:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-10-01 19:58 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-10-01 19:57 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2006-10-01 19:57 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2006-10-01 19:57 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2006-10-01 19:57 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2006-10-01 19:57 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-07 22:07 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-07 21:45 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-10-07 20:28 -------- d-------- C:\Program Files\Hijack this
2006-10-07 19:13 -------- d-------- C:\Program Files\MSN Messenger
2006-10-07 19:12 -------- d-------- C:\Program Files\Messenger
2006-10-07 19:07 -------- d-------- C:\Program Files\iTunes
2006-10-07 19:07 -------- d-------- C:\Program Files\Internet Explorer
2006-10-07 19:04 -------- d-------- C:\Program Files\ewido anti-malware
2006-10-07 19:03 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-07 19:00 -------- d-------- C:\Program Files\AVG Anti-Spyware 7.5
2006-10-07 09:25 -------- d-------- C:\Program Files\CleanUp!
2006-10-05 22:14 -------- d-------- C:\Documents and Settings\Mike\Application Data\Skype
2006-10-05 22:11 -------- d-------- C:\Program Files\Registry Mechanic
2006-10-05 21:50 -------- d-------- C:\Documents and Settings\Mike\Application Data\Vidalia
2006-10-05 21:50 -------- d-------- C:\Documents and Settings\Mike\Application Data\Tor
2006-10-01 19:57 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-01 19:57 -------- d-------- C:\Program Files\Logitech
2006-10-01 19:57 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-01 11:35 -------- d-------- C:\Program Files\Nagra Master - ROM 102 Utility
2006-10-01 11:32 -------- d-------- C:\Program Files\IBP 9
2006-10-01 11:32 -------- d-------- C:\Program Files\GameTap
2006-10-01 10:49 -------- d-------- C:\Program Files\XaMp studio
2006-09-30 16:35 -------- d-------- C:\Program Files\Vidalia
2006-09-30 16:35 -------- d-------- C:\Program Files\Tor
2006-09-30 16:35 -------- d-------- C:\Program Files\Privoxy
2006-09-30 16:29 -------- d-------- C:\Program Files\Steganos Internet Anonym 2006
2006-09-30 14:33 -------- d-------- C:\Program Files\Steganos Internet Anonym Pro 2006 v8.0 + Keygen_By_CORE
2006-09-09 14:19 -------- d-------- C:\Documents and Settings\Mike\Application Data\IBP
2006-09-05 22:18 -------- d-------- C:\Program Files\Symantec
2006-09-05 22:14 -------- d-------- C:\Program Files\Common Files
2006-09-05 19:30 -------- d-------- C:\Program Files\Norton SystemWorks
2006-09-04 15:42 -------- d---s---- C:\Documents and Settings\Mike\Application Data\Microsoft
2006-09-04 15:33 -------- d-------- C:\Program Files\Windows Media Player
2006-09-04 15:26 -------- d-------- C:\Program Files\Yahoo!
2006-09-03 22:44 -------- d-------- C:\Program Files\DT Tierworks
2006-09-03 21:08 -------- d-------- C:\Program Files\TCFD-3xx
2006-09-03 18:50 -------- d-------- C:\Documents and Settings\Mike\Application Data\Adobe
2006-09-02 11:53 -------- d-------- C:\Documents and Settings\Mike\Application Data\Macromedia
2006-08-28 22:52 -------- d-------- C:\Program Files\Avery DesignPro 5.0 Limited Edition
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 03:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 22:21 -------- d-------- C:\Documents and Settings\Mike\Application Data\LimeWire
2006-07-27 07:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"TivoTransfer"="\"C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TivoTransfer.exe\" /auto:TivoTransfer /registry /service"
"TivoServer"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe\" /auto:TivoServer /registry /service"
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"AGRSMMSG"="AGRSMMSG.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb04"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Completion time: 07/10/2006 22:11:51.40
ComboFix.txt

Kaspersky Log:

Sunday, October 08, 2006 12:44:15 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/10/2006
Kaspersky Anti-Virus database records: 229872

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 75108
Number of viruses found 1
Number of infected objects 3 / 0
Number of suspicious objects 0
Duration of the scan process 01:04:43

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mike\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Mike\Desktop\smirfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mike\Desktop\smirfraudfix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mike\Desktop\smirfraudfix\SmitfraudFix.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mike\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Mike\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Log.txt Object is locked skipped

C:\Program Files\Alcohol 120%\Alcohol 120\StarWind\logs\starwind.2006-10-07.22-23-52.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0506NAV~.TMP Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0929NAV~.TMP Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{E14C5E60-3F93-4753-B951-276775F0F870}\RP245\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

10-08-2006, 12:46 AM	#6 (permalink)
teevee Registered User Join Date: Oct 2006 Posts: 7 OS: xp	Computer seems to be running better. Here are the logs after running the programs you specified. Combofix: Mike - 06-10-07 22:10:56.73 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Mike\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 )))))))))))))))))))))))))))))))))) 2006-10-07 09:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-10-07 09:21 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-10-07 09:21 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-10-07 09:21 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-10-07 09:21 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2006-10-01 19:58 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2006-10-01 19:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2006-10-01 19:58 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2006-10-01 19:57 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2006-10-01 19:57 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2006-10-01 19:57 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2006-10-01 19:57 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll 2006-10-01 19:57 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-07 22:07 -------- d-------- C:\Program Files\Mozilla Firefox 2006-10-07 21:45 -------- d-------- C:\Program Files\Symantec AntiVirus 2006-10-07 20:28 -------- d-------- C:\Program Files\Hijack this 2006-10-07 19:13 -------- d-------- C:\Program Files\MSN Messenger 2006-10-07 19:12 -------- d-------- C:\Program Files\Messenger 2006-10-07 19:07 -------- d-------- C:\Program Files\iTunes 2006-10-07 19:07 -------- d-------- C:\Program Files\Internet Explorer 2006-10-07 19:04 -------- d-------- C:\Program Files\ewido anti-malware 2006-10-07 19:03 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-10-07 19:00 -------- d-------- C:\Program Files\AVG Anti-Spyware 7.5 2006-10-07 09:25 -------- d-------- C:\Program Files\CleanUp! 2006-10-05 22:14 -------- d-------- C:\Documents and Settings\Mike\Application Data\Skype 2006-10-05 22:11 -------- d-------- C:\Program Files\Registry Mechanic 2006-10-05 21:50 -------- d-------- C:\Documents and Settings\Mike\Application Data\Vidalia 2006-10-05 21:50 -------- d-------- C:\Documents and Settings\Mike\Application Data\Tor 2006-10-01 19:57 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-10-01 19:57 -------- d-------- C:\Program Files\Logitech 2006-10-01 19:57 -------- d-------- C:\Program Files\Common Files\Logitech 2006-10-01 11:35 -------- d-------- C:\Program Files\Nagra Master - ROM 102 Utility 2006-10-01 11:32 -------- d-------- C:\Program Files\IBP 9 2006-10-01 11:32 -------- d-------- C:\Program Files\GameTap 2006-10-01 10:49 -------- d-------- C:\Program Files\XaMp studio 2006-09-30 16:35 -------- d-------- C:\Program Files\Vidalia 2006-09-30 16:35 -------- d-------- C:\Program Files\Tor 2006-09-30 16:35 -------- d-------- C:\Program Files\Privoxy 2006-09-30 16:29 -------- d-------- C:\Program Files\Steganos Internet Anonym 2006 2006-09-30 14:33 -------- d-------- C:\Program Files\Steganos Internet Anonym Pro 2006 v8.0 + Keygen_By_CORE 2006-09-09 14:19 -------- d-------- C:\Documents and Settings\Mike\Application Data\IBP 2006-09-05 22:18 -------- d-------- C:\Program Files\Symantec 2006-09-05 22:14 -------- d-------- C:\Program Files\Common Files 2006-09-05 19:30 -------- d-------- C:\Program Files\Norton SystemWorks 2006-09-04 15:42 -------- d---s---- C:\Documents and Settings\Mike\Application Data\Microsoft 2006-09-04 15:33 -------- d-------- C:\Program Files\Windows Media Player 2006-09-04 15:26 -------- d-------- C:\Program Files\Yahoo! 2006-09-03 22:44 -------- d-------- C:\Program Files\DT Tierworks 2006-09-03 21:08 -------- d-------- C:\Program Files\TCFD-3xx 2006-09-03 18:50 -------- d-------- C:\Documents and Settings\Mike\Application Data\Adobe 2006-09-02 11:53 -------- d-------- C:\Documents and Settings\Mike\Application Data\Macromedia 2006-08-28 22:52 -------- d-------- C:\Program Files\Avery DesignPro 5.0 Limited Edition 2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 03:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-20 22:21 -------- d-------- C:\Documents and Settings\Mike\Application Data\LimeWire 2006-07-27 07:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "TivoTransfer"="\"C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TivoTransfer.exe\" /auto:TivoTransfer /registry /service" "TivoServer"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe\" /auto:TivoServer /registry /service" "Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit" "AGRSMMSG"="AGRSMMSG.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HPDJ Taskbar Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpztsb04" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LogitechVideoTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogiTray" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DrgToDsc" "hkey"="HKLM" "command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioEngineUtility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EngUtil" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\"" "inimapping"="0" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Completion time: 07/10/2006 22:11:51.40 ComboFix.txt Kaspersky Log: Sunday, October 08, 2006 12:44:15 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 8/10/2006 Kaspersky Anti-Virus database records: 229872 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ Scan Statistics Total number of scanned objects 75108 Number of viruses found 1 Number of infected objects 3 / 0 Number of suspicious objects 0 Duration of the scan process 01:04:43 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Mike\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Mike\Desktop\smirfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Mike\Desktop\smirfraudfix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Mike\Desktop\smirfraudfix\SmitfraudFix.zip ZIP: infected - 1 skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Mike\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mike\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Mike\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Log.txt Object is locked skipped C:\Program Files\Alcohol 120%\Alcohol 120\StarWind\logs\starwind.2006-10-07.22-23-52.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\Program Files\Symantec AntiVirus\SAVRT\0506NAV~.TMP Object is locked skipped C:\Program Files\Symantec AntiVirus\SAVRT\0929NAV~.TMP Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{E14C5E60-3F93-4753-B951-276775F0F870}\RP245\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.