|
Registered User
Join Date: Nov 2005
Posts: 29
OS: XP
|
After it rebooted there was some new stuff on my desktop that I didn't put there. Online Security Guide, Security Troubleshooting, and VirusBusters. Heres the Log.
Jason - 06-12-01 16:04:23.20 Service Pack 2
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jason"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ixt0.dll
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Common Files\{3818518E-0BB0-1033-0331-060506220001}
C:\Program Files\Safety Bar
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{9818518E-0BB0-1033-0331-060506220001}
((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 ))))))))))))))))))))))))))))))))))
2006-12-01 16:08 <DIR> d-------- C:\WINNT
2006-12-01 16:06 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-01 12:08 77,824 --a------ C:\WINDOWS\system32\tpedvf.dll
2006-12-01 12:08 <DIR> d-------- C:\Program Files\Virus-Bursters
2006-12-01 12:02 94,208 --a------ C:\WINDOWS\system32\txvxvj.dll
2006-12-01 12:02 70,656 --a------ C:\WINDOWS\system32\zlkbjsi.dll
2006-12-01 12:00 72,704 --a------ C:\WINDOWS\system32\drvtum.dll
2006-12-01 12:00 40,973 ---hs---- C:\WINDOWS\system32\iiiihii.dll
2006-11-28 21:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\dvdcss
2006-11-28 20:37 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft
2006-11-28 20:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-28 17:39 <DIR> d-------- C:\Program Files\VSAdd-in
2006-11-28 17:38 801,914 ---hs---- C:\WINDOWS\system32\svvwa.bak1
2006-11-28 17:38 704,564 ---hs---- C:\WINDOWS\system32\awvvs.dll
2006-11-28 17:38 42,516 --a------ C:\WINDOWS\system32\kobtkxyl.dll
2006-11-28 17:06 <DIR> d-------- C:\Program Files\WinRAR
2006-11-28 12:30 641,021 --a------ C:\WINDOWS\unins000.exe
2006-11-28 12:30 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2006-11-28 12:30 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-11-28 12:30 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2006-11-28 12:30 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-11-28 12:30 187,904 --a------ C:\WINDOWS\system32\Lame.exe
2006-11-28 12:30 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll
2006-11-28 12:30 <DIR> d-------- C:\Program Files\XviD
2006-11-19 22:04 <DIR> d-------- C:\Program Files\Alarm Clock
2006-11-16 09:27 <DIR> d-------- C:\a960884c588070d1b2f0
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iTunes
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iPod
2006-11-12 17:23 <DIR> d-------- C:\Program Files\QuickTime
2006-11-12 17:22 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-08 12:33 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\rt61.sys
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2006-11-08 12:33 243,328 --a------ C:\WINDOWS\system32\rt2500.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2006-11-08 12:33 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2006-11-08 12:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-01 16:08 -------- d-------- C:\Program Files\Common Files
2006-12-01 16:02 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-22 21:21 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-22 21:21 -------- d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2006-11-22 21:20 -------- d-------- C:\Program Files\Adobe
2006-11-21 23:05 4096 --a------ C:\Documents and Settings\Jason\Application Data\dvd.bmk
2006-11-16 09:27 -------- d-------- C:\Program Files\Internet Explorer
2006-11-10 14:47 -------- d-------- C:\Documents and Settings\Jason\Application Data\SolidWorks
2006-11-08 12:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-11-08 12:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-01 21:11 88 -r-hs---- C:\WINDOWS\system32\9D64738EF4.sys
2006-11-01 21:11 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-31 21:19 -------- d-------- C:\Program Files\TallStick
2006-10-30 15:18 -------- d-------- C:\Program Files\VstPlugins
2006-10-30 15:18 -------- d-------- C:\Program Files\Image-Line
2006-10-22 23:00 -------- d-------- C:\Documents and Settings\Jason\Application Data\DivX
2006-10-22 22:59 -------- d-------- C:\Program Files\DivX
2006-10-16 23:30 -------- d-------- C:\Program Files\Audacity 1.3 Beta
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-09 12:26 -------- d-------- C:\Program Files\LimeWire
2006-10-09 12:26 -------- d-------- C:\Program Files\Java
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvtum.dll,startup"
"txvxvj.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\txvxvj.dll,mxrultb"
"Virus-Bursters"="C:\\Program Files\\Virus-Bursters\\virus-bursters.exe /h"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"expatriates"="{1a01a98c-4f25-42e1-971a-185cf63569b2}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-12-01 16:10:43.76
|