Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Computer might be infected help pls Computer might be infected help pls
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 05-03-2008, 05:51 PM   #1 (permalink)
Registered User
 
Join Date: Apr 2008
Location: 3 Feet behide your car
Posts: 14
OS: xp home edition sp3


Computer might be infected help pls
Here is my log file~

Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:29 PM, on 5/3/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IEPro\MiniDM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\CCleaner\CCleaner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.myspace.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1171608810890
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Derek
O17 - HKLM\Software\..\Telephony: DomainName = Derek
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Derek
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Derek
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = Derek
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = Derek
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12689 bytes
razer276 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-03-2008, 07:11 PM   #2 (permalink)
Registered User
 
Join Date: Apr 2008
Location: 3 Feet behide your car
Posts: 14
OS: xp home edition sp3


Am I infected?
this is my results from a combofix scan

Quote:
ComboFix 08-05-01.3 - Workspace 2008-05-03 18:56:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.110 [GMT -7:00]
Running from: C:\Documents and Settings\Workspace\My Documents\My Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Workspace\err.log
C:\install.exe
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-05-03 17:54 . 2008-05-03 17:54 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-03 17:45 . 2008-05-03 17:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-09 09:42 . 2008-02-12 14:59 1,306,624 --------- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-04-09 09:42 . 2008-02-12 02:48 79,872 --------- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-09 09:39 . 2008-02-12 14:59 584,704 --a------ C:\WINDOWS\system32\RPCRT4.dll
2008-04-09 09:37 . 2008-04-09 09:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-09 09:37 . 2008-02-12 14:58 284,672 --a------ C:\WINDOWS\system32\gdi32.dll
2008-04-09 09:29 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002955_.tmp
2008-04-09 09:23 . 2008-04-09 09:23 <DIR> d-------- C:\WINDOWS\EHome
2008-04-05 16:23 . 2008-04-05 16:23 <DIR> d-------- C:\Program Files\HyperCam
2008-04-05 16:23 . 2008-04-05 16:23 3,343 --a------ C:\WINDOWS\UnHyCam.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 19:52 1,175,552 ----a-w C:\WINDOWS\system32\XCoreLib.dll
2008-05-04 01:44 --------- d-----w C:\Program Files\Logitech
2008-05-04 01:41 --------- d-----w C:\Program Files\Common Files\Logitech
2008-05-04 01:39 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-04 01:35 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-05-04 01:31 88,576 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-05-04 01:31 27,488 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-04 01:31 2,256,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-04 01:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-04 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-04 00:29 118,784 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-04-09 03:46 --------- d-----w C:\Program Files\Steam
2008-04-09 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-08 04:03 161,280 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-04-08 04:03 1,568,768 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-04-04 05:36 227,840 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-04-04 04:54 --------- d-----w C:\Documents and Settings\Workspace\Application Data\LimeWire
2008-04-03 20:59 --------- d-----w C:\Program Files\IEPro
2008-04-03 20:55 --------- d-----w C:\Documents and Settings\Workspace\Application Data\IEPro
2008-04-02 05:49 --------- d-----w C:\Program Files\Dell
2008-04-02 00:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-01 23:57 --------- d-----w C:\Program Files\Symantec
2008-04-01 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-01 21:11 97,792 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-01 21:11 1,500,160 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-04-01 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-01 20:51 --------- d-----w C:\Program Files\Alwil Software
2008-03-31 05:45 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-31 04:24 --------- d-----w C:\Program Files\InfraRecorder
2008-03-31 04:23 --------- d-----w C:\Documents and Settings\Workspace\Application Data\InfraRecorder
2008-03-31 03:29 49,152 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-31 03:11 --------- d-----w C:\Program Files\Roxio
2008-03-31 03:07 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-03-31 03:06 --------- d-----w C:\Program Files\7-Zip
2008-03-30 18:26 520,704 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-03-30 18:26 1,453,568 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-03-30 18:05 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-30 18:05 --------- d-----w C:\Documents and Settings\Workspace\Application Data\SUPERAntiSpyware.com
2008-03-20 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 03:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-19 03:35 --------- d-----w C:\Documents and Settings\Workspace\Application Data\iolo
2008-03-19 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-03-17 03:44 --------- d-----w C:\Program Files\TweakNow RegCleaner Std
2008-03-17 03:43 --------- d-----w C:\Program Files\CCleaner
2008-03-16 03:50 --------- d-----w C:\Documents and Settings\Workspace\Application Data\SiteAdvisor
2008-03-14 06:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-14 06:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-14 05:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-14 05:14 --------- d-----w C:\Program Files\Zone Labs
2008-03-14 04:52 --------- d-----w C:\Program Files\Windows SteadyState
2008-03-14 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-14 04:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-10 03:44 --------- d-----w C:\Program Files\LimeWire
2008-03-08 06:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-03-07 21:47 --------- d-----w C:\Program Files\Java
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-12 23:12 1,788 ----a-w C:\WINDOWS\system32\dcache.bin
2008-02-12 23:04 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-02-12 21:59 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-02-12 21:58 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-02-12 21:57 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-02-12 21:55 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-02-12 21:55 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-02-12 21:55 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-02-12 21:55 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-02-12 18:32 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-02-12 11:04 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-02-12 10:18 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-02-12 10:10 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-02-12 10:05 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-02-12 10:05 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-02-12 10:05 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-02-12 09:48 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-02-12 09:47 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-02-12 09:47 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-02-12 09:47 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-02-12 09:45 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-02-12 09:26 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-02-12 09:26 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-02-12 09:26 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-02-12 08:49 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-02-12 08:38 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-02-12 08:32 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-02-12 08:29 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-02-12 08:28 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-02-12 08:10 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-02-12 08:06 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-02-12 08:04 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-02-12 08:04 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-02-12 08:03 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-02-12 07:59 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-02-12 07:06 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-02-05 01:23 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2006-09-11 01:02 8 ----a-w C:\Documents and Settings\Workspace\Application Data\usb.dat.bin
2007-02-01 02:40 56 --sh--r C:\WINDOWS\system32\9F6FB99659.sys
2007-02-01 02:40 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 14:59 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-17 20:19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42 1404928]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 01:12 94208]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 14:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50 81920]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 03:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 03:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 03:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 03:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 03:00 455168]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-03 11:25 36904]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30 85184]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-15 05:28:52 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Workspace\\Application Data\\Microsoft\\Installer\\{F99C5427-4D78-43E2-B97E-F4C4E622D612}\\MapleStory.exe21_F99C54274D7843E2B97EF4C4E622D612.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 13:33]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys [2007-09-02 12:44]
S3 BlackJoseph1;BlackJoseph1;C:\Documents and Settings\Workspace\Desktop\maplestory hacks\BlackJoseph_Engine\BlackJoseph Engine\BlackJ32.sys []
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\WORKSP~1\LOCALS~1\Temp\cdrmkaun.sys []
S3 CEDRIVER51;CEDRIVER51;G:\Gunz\TheBOUEngine\DBK32.sys []
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys []
S3 cheetah1;Cheetah1;C:\Documents and Settings\Workspace\Desktop\Cheetah Engine 2.0\Cheetah Engine 2.0\cheetahrules.sys []
S3 DADriv1;DADriv1;C:\Documents and Settings\Workspace\Desktop\Da_HackPack\DAK32.sys []
S3 geebers12;geebers12;C:\Documents and Settings\Workspace\Desktop\Wonka Engine V1.12\nvid888.sys []
S3 iCheat1;iCheat1;C:\Documents and Settings\Workspace\Desktop\Thinder_v41_Hack_Pax\iCheat Engine\nvid999.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Workspace\Desktop\HackPAck\HackPackV4\IlvMoney1129.sys []
S3 KIKIDRIVER;KIKIDRIVER;C:\Documents and Settings\Workspace\Desktop\hack\kikiuce141\kiki.sys []
S3 MzBot.sys;MzBot.sys;C:\WINDOWS\system32\MzBot.sys [2007-04-01 04:41]
S3 MzBot;MzBot;C:\MzBot.sys []
S3 npkycryp;npkycryp;C:\Nexon\MapleStory\npkycryp.sys []
S3 puma1;puma1;C:\Documents and Settings\Workspace\Desktop\Puma Engine + [2].CT\Puma Engine + [2].CT\puma.sys []
S3 Revolution1;Revolution1;C:\Documents and Settings\Workspace\Desktop\SHAK3.sys []
S3 sejt1;sejt1;C:\Documents and Settings\Workspace\Desktop\Akuma+CT+Autolink+Bot+DXWnd\Akuma Engine\sejt.sys []
S3 SHAK31;SHAK31;C:\Documents and Settings\Workspace\Desktop\RE 4.2\RE 4.2\SHAK3.sys []
S3 SoRa01;SoRa01;C:\Documents and Settings\Workspace\Desktop\virus\SoRa Remake Engine 2.6\SoRa Remak Engine 2.6\SoRa.sys []
S3 spuce1;spuce1;C:\Documents and Settings\Workspace\Desktop\maplestory hacks\spuce\SPUCE 2.0\spuce.sys []
S3 spydetector;spydetector;C:\Program Files\Spyware Process Detector\spydetector.sys []
S3 TSHAK3T1;TSHAK3T1;C:\Documents and Settings\Workspace\Desktop\Re-Engine3.2\RE 3.2\spuce.sys []
S3 uzeil1;uzeil1;C:\Documents and Settings\Workspace\Desktop\Advanced_Hack_Pack\Advanced_Hack_Pack\Engines\Mini Engine\Mini Engine\uzeil.sys []
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
S3 xp1;xp1;C:\Documents and Settings\Workspace\Desktop\Hack pack\xpengine\xpengine\xp.sys []
S3 Yakir1;Yakir1;C:\Documents and Settings\Workspace\Desktop\ZenXEngine v2(Beta Closed)\Log Evasion Engine\ZenX.Sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 01:30:01 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DEREK-Workspace).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-05-04 01:35:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 19:05:52
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\??\C:\Documents and Settings\Workspace\Desktop\Puma Engine +
[2].CT\Puma Engine + [2].CT\puma.sys"


[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\puma1]
"ImagePath"="\??\C:\Documents and Settings\Workspace\Desktop\Puma Engine +
.
Completion time: 2008-05-03 19:09:22
ComboFix-quarantined-files.txt 2008-05-04 02:09:14

Pre-Run: 84,768,415,744 bytes free
Post-Run: 85,330,026,496 bytes free

233 --- E O F --- 2008-04-09 0103
razer276 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:43 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82