Results 1 to 2 of 2

Thread: some virus/spyware I don't know what it is

  1. 2008-01-17, 23:08 #1
    waryabee
    waryabee is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    2

    Default some virus/spyware I don't know what it is

    Here's combofix log. My laptop is infected by some malware. I have TrendMicro installed yet no help. Tried to install webroot and it gives error whenever I try to open.

    I have several tens of .tmp files in my MyDocuments folder.

    Combofix log attached.
  2. 2008-01-17, 23:11 #2
    waryabee
    waryabee is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    2

    Default the file didn't attach properly I guess here's the log

    ComboFix 08-01-18.1 - Abhijit 2008-01-17 15:54:18.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1287 [GMT -5:00]
    Running from: C:\Documents and Settings\Abhijit\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\pos10.tmp
    C:\pos100.tmp
    C:\pos101.tmp
    C:\pos102.tmp
    C:\pos103.tmp
    C:\pos104.tmp
    C:\pos105.tmp
    C:\pos106.tmp
    C:\pos107.tmp
    C:\pos108.tmp
    C:\pos109.tmp
    C:\pos10A.tmp
    C:\pos10B.tmp
    C:\pos10C.tmp
    C:\pos10D.tmp
    C:\pos10E.tmp
    C:\pos10F.tmp
    C:\pos11.tmp
    C:\pos110.tmp
    C:\pos111.tmp
    C:\pos112.tmp
    C:\pos113.tmp
    C:\pos114.tmp
    C:\pos115.tmp
    C:\pos116.tmp
    C:\pos117.tmp
    C:\pos118.tmp
    C:\pos119.tmp
    C:\pos11A.tmp
    C:\pos11B.tmp
    C:\pos11C.tmp
    C:\pos11D.tmp
    C:\pos11E.tmp


    C:\pos345.tmp
    C:\pos346.tmp
    C:\pos347.tmp
    C:\pos348.tmp
    C:\pos349.tmp
    C:\pos34A.tmp
    C:\pos34B.tmp
    C:\pos34C.tmp
    C:\pos34D.tmp
    C:\pos34E.tmp
    C:\pos34F.tmp
    C:\pos35.tmp
    C:\pos350.tmp
    C:\pos351.tmp
    C:\pos352.tmp
    C:\pos353.tmp
    C:\pos354.tmp
    C:\pos355.tmp
    C:\pos356.tmp
    C:\pos357.tmp
    C:\pos358.tmp
    C:\pos359.tmp
    C:\pos35A.tmp
    C:\pos35B.tmp
    C:\pos35C.tmp
    C:\pos35D.tmp
    C:\pos35E.tmp
    C:\pos35F.tmp
    C:\pos36.tmp
    C:\pos360.tmp
    C:\pos361.tmp
    C:\pos362.tmp
    C:\pos363.tmp
    C:\pos364.tmp
    C:\pos365.tmp
    C:\pos366.tmp
    C:\pos367.tmp
    C:\pos368.tmp
    C:\pos369.tmp
    C:\pos36A.tmp
    C:\pos36B.tmp
    C:\pos36C.tmp
    C:\pos36D.tmp
    C:\pos36E.tmp
    C:\pos36F.tmp
    C:\pos37.tmp
    C:\pos370.tmp
    C:\pos371.tmp
    C:\pos372.tmp
    C:\pos373.tmp
    C:\pos374.tmp
    C:\pos375.tmp
    C:\pos376.tmp
    C:\pos377.tmp
    C:\pos378.tmp
    C:\pos379.tmp
    C:\pos37A.tmp
    C:\pos37B.tmp
    C:\pos37C.tmp
    C:\pos37D.tmp
    C:\pos37E.tmp
    C:\pos37F.tmp
    C:\pos38.tmp
    C:\pos380.tmp
    C:\pos381.tmp
    C:\pos382.tmp
    C:\pos383.tmp
    C:\pos384.tmp
    C:\pos385.tmp
    C:\pos386.tmp
    C:\pos387.tmp
    C:\pos388.tmp
    C:\pos389.tmp
    C:\pos38A.tmp
    C:\pos38B.tmp
    C:\pos38C.tmp
    C:\pos38D.tmp
    C:\pos38E.tmp
    C:\pos38F.tmp
    C:\pos39.tmp
    C:\pos390.tmp
    C:\pos391.tmp
    C:\pos392.tmp
    C:\pos393.tmp
    C:\pos394.tmp
    C:\pos395.tmp
    C:\pos396.tmp
    C:\pos397.tmp
    C:\pos398.tmp
    C:\pos399.tmp
    C:\pos39A.tmp
    C:\pos39B.tmp
    C:\pos39C.tmp
    C:\pos39D.tmp
    C:\pos39E.tmp
    C:\pos39F.tmp
    C:\pos3A.tmp
    C:\pos3A0.tmp
    C:\pos3A1.tmp
    C:\pos3A2.tmp
    C:\pos3A3.tmp
    C:\pos3A4.tmp
    C:\pos3A5.tmp
    C:\pos3A6.tmp
    C:\pos3A7.tmp
    C:\pos3A8.tmp
    C:\pos3A9.tmp
    C:\pos3AA.tmp
    C:\pos3AB.tmp
    C:\pos3AC.tmp
    C:\pos3AD.tmp
    C:\pos3AE.tmp
    C:\pos3AF.tmp
    C:\pos3B.tmp
    C:\pos3B0.tmp
    C:\pos3B1.tmp
    C:\pos3B2.tmp
    C:\pos3B3.tmp
    C:\pos3B4.tmp
    C:\pos3B5.tmp
    C:\pos3B6.tmp
    C:\pos3B7.tmp
    C:\pos3B8.tmp
    C:\pos3B9.tmp
    C:\pos3BA.tmp
    C:\pos3BB.tmp
    C:\pos3BC.tmp
    C:\pos3BD.tmp
    C:\pos3BE.tmp
    C:\pos3BF.tmp
    C:\pos3C.tmp
    C:\pos3C0.tmp
    C:\pos3C1.tmp
    C:\pos3C2.tmp
    C:\pos3C3.tmp
    C:\pos3C4.tmp
    C:\pos3C5.tmp
    C:\pos3C6.tmp
    C:\pos3C7.tmp
    C:\pos3C8.tmp
    C:\pos3C9.tmp
    C:\pos3CA.tmp
    C:\pos3CB.tmp
    C:\pos3CC.tmp
    C:\pos3CD.tmp
    C:\pos3CE.tmp
    C:\pos3CF.tmp
    C:\pos3D.tmp
    C:\pos3D0.tmp
    C:\pos3D1.tmp
    C:\pos3D2.tmp
    C:\pos3D3.tmp
    C:\pos3D4.tmp
    C:\pos3D5.tmp
    C:\pos3D6.tmp
    C:\pos3D7.tmp
    C:\pos3D8.tmp
    C:\pos3D9.tmp
    C:\pos3DA.tmp
    C:\pos3DB.tmp
    C:\pos3DC.tmp
    C:\pos3DD.tmp
    C:\pos3DE.tmp
    C:\pos3DF.tmp
    C:\pos3E.tmp
    C:\pos3E0.tmp
    C:\pos3E1.tmp
    C:\pos3E2.tmp
    C:\pos3E3.tmp
    C:\pos3E4.tmp
    C:\pos3E5.tmp
    C:\pos3E6.tmp
    C:\pos3E7.tmp
    C:\pos3E8.tmp
    C:\pos3E9.tmp
    C:\pos3EA.tmp
    C:\pos3EB.tmp
    C:\pos3EC.tmp
    C:\pos3ED.tmp
    C:\pos3EE.tmp
    C:\pos3EF.tmp
    C:\pos3F.tmp
    C:\pos3F0.tmp
    C:\pos3F1.tmp
    C:\pos3F2.tmp
    C:\pos3F3.tmp
    C:\pos3F4.tmp
    C:\pos40.tmp
    C:\pos41.tmp
    C:\pos42.tmp
    C:\pos43.tmp
    C:\pos44.tmp
    C:\pos45.tmp
    C:\pos46.tmp
    C:\pos47.tmp
    C:\pos48.tmp
    C:\pos49.tmp
    C:\pos4A.tmp
    C:\pos4B.tmp
    C:\pos4C.tmp
    C:\pos4D.tmp
    C:\pos4E.tmp
    C:\pos4F.tmp
    C:\pos50.tmp
    C:\pos51.tmp
    C:\pos52.tmp
    C:\pos53.tmp
    C:\pos54.tmp
    C:\pos55.tmp
    C:\pos56.tmp
    C:\pos57.tmp
    C:\pos58.tmp
    C:\pos59.tmp
    C:\pos5A.tmp
    C:\pos5B.tmp
    C:\pos5C.tmp
    C:\pos5D.tmp
    C:\pos5E.tmp
    C:\pos5F.tmp
    C:\pos60.tmp
    C:\pos61.tmp
    C:\pos62.tmp
    C:\pos63.tmp
    C:\pos64.tmp
    C:\pos65.tmp
    C:\pos66.tmp
    C:\pos67.tmp
    C:\pos68.tmp
    C:\pos69.tmp
    C:\pos6A.tmp
    C:\pos6B.tmp
    C:\pos6C.tmp
    C:\pos6D.tmp
    C:\pos6E.tmp
    C:\pos6F.tmp
    C:\pos70.tmp
    C:\pos71.tmp
    C:\pos72.tmp
    C:\pos73.tmp
    C:\pos74.tmp
    C:\pos75.tmp
    C:\pos76.tmp
    C:\pos77.tmp
    C:\pos78.tmp
    C:\pos79.tmp
    C:\pos7A.tmp
    C:\pos7B.tmp
    C:\pos7C.tmp
    C:\pos7D.tmp
    C:\pos7E.tmp
    C:\pos7F.tmp
    C:\pos80.tmp
    C:\pos81.tmp
    C:\pos82.tmp
    C:\pos83.tmp
    C:\pos84.tmp
    C:\pos85.tmp
    C:\pos86.tmp
    C:\pos87.tmp
    C:\pos88.tmp
    C:\pos89.tmp
    C:\pos8A.tmp
    C:\pos8B.tmp
    C:\pos8C.tmp
    C:\pos8D.tmp
    C:\pos8E.tmp
    C:\pos8F.tmp
    C:\pos90.tmp
    C:\pos91.tmp
    C:\pos92.tmp
    C:\pos93.tmp
    C:\pos94.tmp
    C:\pos95.tmp
    C:\pos96.tmp
    C:\pos97.tmp
    C:\pos98.tmp
    C:\pos99.tmp
    C:\pos9A.tmp
    C:\pos9B.tmp
    C:\pos9C.tmp
    C:\pos9D.tmp
    C:\pos9E.tmp
    C:\pos9F.tmp
    C:\posA0.tmp
    C:\posA1.tmp
    C:\posA2.tmp
    C:\posA3.tmp
    C:\posA4.tmp
    C:\posA5.tmp
    C:\posA6.tmp
    C:\posA7.tmp
    C:\posA8.tmp
    C:\posA9.tmp
    C:\posAA.tmp
    C:\posAB.tmp
    C:\posAC.tmp
    C:\posAD.tmp
    C:\posAE.tmp
    C:\posAF.tmp
    C:\posB.tmp
    C:\posB0.tmp
    C:\posB1.tmp
    C:\posB2.tmp
    C:\posB3.tmp
    C:\posB4.tmp
    C:\posB5.tmp
    C:\posB6.tmp
    C:\posB7.tmp
    C:\posB8.tmp
    C:\posB9.tmp
    C:\posBA.tmp
    C:\posBB.tmp
    C:\posBC.tmp
    C:\posBD.tmp
    C:\posBE.tmp
    C:\posBF.tmp
    C:\posC.tmp
    C:\posC0.tmp
    C:\posC1.tmp
    C:\posC2.tmp
    C:\posC3.tmp
    C:\posC4.tmp
    C:\posC5.tmp
    C:\posC6.tmp
    C:\posC7.tmp
    C:\posC8.tmp
    C:\posC9.tmp
    C:\posCA.tmp
    C:\posCB.tmp
    C:\posCC.tmp
    C:\posCD.tmp
    C:\posCE.tmp
    C:\posCF.tmp
    C:\posD0.tmp
    C:\posD1.tmp
    C:\posD2.tmp
    C:\posD3.tmp
    C:\posD4.tmp
    C:\posD5.tmp
    C:\posD6.tmp
    C:\posD7.tmp
    C:\posD8.tmp
    C:\posD9.tmp
    C:\posDA.tmp
    C:\posDB.tmp
    C:\posDC.tmp
    C:\posDD.tmp
    C:\posDE.tmp
    C:\posDF.tmp
    C:\posE.tmp
    C:\posE0.tmp
    C:\posE1.tmp
    C:\posE2.tmp
    C:\posE3.tmp
    C:\posE4.tmp
    C:\posE5.tmp
    C:\posE6.tmp
    C:\posE7.tmp
    C:\posE8.tmp
    C:\posE9.tmp
    C:\posEA.tmp
    C:\posEB.tmp
    C:\posEC.tmp
    C:\posED.tmp
    C:\posEE.tmp
    C:\posEF.tmp
    C:\posF.tmp
    C:\posF0.tmp
    C:\posF1.tmp
    C:\posF2.tmp
    C:\posF3.tmp
    C:\posF4.tmp
    C:\posF5.tmp
    C:\posF6.tmp
    C:\posF7.tmp
    C:\posF8.tmp
    C:\posF9.tmp
    C:\posFA.tmp
    C:\posFB.tmp
    C:\posFC.tmp
    C:\posFD.tmp
    C:\posFE.tmp
    C:\posFF.tmp
    C:\Program Files\Spruce
    C:\Program Files\Spruce\Spruce.dll
    C:\Program Files\Spruce\Spruce.dll.intermediate.manifest
    C:\Program Files\Spruce\Spruce.exe
    C:\Program Files\Spruce\Spruce.info
    C:\Program Files\Spruce\Spruce.original
    C:\Program Files\Spruce\SpruceRg.dll
    C:\Program Files\Spruce\un_SpruceSetup_17737.exe
    C:\Program Files\Spruce\un_SpruceSetup_17737.txt
    C:\Program Files\Spruce\X_Spruce.exe
    C:\Program Files\Spruce\X_Spruce.log
    C:\WINDOWS\b122.exe
    C:\WINDOWS\system32\bkmqdfex.dllbox
    C:\WINDOWS\system32\byxuurp.dll
    C:\WINDOWS\system32\ctfmon.exe.tmp
    C:\WINDOWS\system32\iifcawt.dll
    C:\WINDOWS\system32\ijllm.ini
    C:\WINDOWS\system32\ijllm.ini2
    C:\WINDOWS\system32\jlanssvk.dllbox
    C:\WINDOWS\system32\mllji.dll
    C:\WINDOWS\system32\pac.txt

    .
    ((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
    .

    2008-01-17 15:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-16 13:59 . 2008-01-16 14:05 <DIR> d-------- C:\Program Files\Sophos
    2008-01-16 13:59 . 2008-01-16 13:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sophos
    2008-01-16 13:56 . 2008-01-17 15:13 <DIR> d-------- C:\stdtsa
    2008-01-16 13:30 . 2008-01-16 13:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
    2008-01-16 13:27 . 2008-01-16 13:27 <DIR> d-------- C:\Program Files\Webroot
    2008-01-16 13:27 . 2008-01-16 13:27 <DIR> d-------- C:\Documents and Settings\Abhijit\Application Data\Webroot
    2008-01-16 13:27 . 2008-01-16 13:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
    2008-01-16 13:27 . 2008-01-16 13:27 <DIR> d-------- C:\DOCUME~1\Abhijit\APPLIC~1\Webroot
    2008-01-13 20:29 . 2008-01-13 20:29 <DIR> d-------- C:\Documents and Settings\Abhijit\Application Data\ABBYY
    2008-01-13 20:29 . 2008-01-13 20:29 <DIR> d-------- C:\DOCUME~1\Abhijit\APPLIC~1\ABBYY
    2008-01-13 03:20 . 2008-01-13 03:20 39,936 --a------ C:\WINDOWS\mrofinu572.exe.tmp
    2008-01-13 03:19 . 2008-01-13 03:23 <DIR> d-------- C:\WINDOWS\system32\edcA01
    2008-01-13 03:19 . 2008-01-13 03:19 <DIR> d-------- C:\Temp\Ryuan1
    2008-01-01 17:06 . 2008-01-01 17:06 <DIR> d-------- C:\Documents and Settings\Abhijit\Application Data\Logitech
    2008-01-01 17:06 . 2008-01-01 17:06 <DIR> d-------- C:\DOCUME~1\Abhijit\APPLIC~1\Logitech
    2008-01-01 17:03 . 2008-01-01 17:03 <DIR> d-------- C:\Program Files\Common Files\Logitech
    2008-01-01 17:03 . 2004-10-21 13:30 71,535 --------- C:\WINDOWS\system32\drivers\LMOUKE.sys
    2008-01-01 17:03 . 2004-10-21 13:31 54,851 --------- C:\WINDOWS\system32\drivers\L8042MOU.SYS
    2008-01-01 17:03 . 2004-10-21 13:32 13,107 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
    2008-01-01 15:10 . 2006-06-09 12:47 47,104 --a------ C:\WINDOWS\system32\ico.exe
    2008-01-01 15:09 . 2006-01-03 03:13 1,443,464 -ra------ C:\WINDOWS\system32\Flash8a.ocx
    2008-01-01 15:09 . 2006-01-03 03:13 1,443,464 -ra------ C:\WINDOWS\Flash8a.ocx
    2007-12-31 23:22 . 2007-12-31 23:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Marlin
    2007-12-31 23:20 . 2007-12-31 23:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\kinoma
    2007-12-31 23:19 . 2007-12-31 23:19 <DIR> d-------- C:\Program Files\DIFX
    2007-12-31 23:18 . 2008-01-01 16:32 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-12-31 23:17 . 2007-12-31 23:17 <DIR> d-------- C:\Program Files\Sony
    2007-12-31 23:17 . 2007-12-31 23:17 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
    2007-12-30 10:50 . 2007-12-30 10:50 2,326 --a------ C:\WINDOWS\system32\tmp.reg
    2007-12-30 02:41 . 2007-12-30 02:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-12-30 02:39 . 2007-12-30 02:39 <DIR> d-------- C:\Documents and Settings\Abhijit\Application Data\SUPERAntiSpyware.com
    2007-12-30 02:39 . 2007-12-30 02:39 <DIR> d-------- C:\DOCUME~1\Abhijit\APPLIC~1\SUPERAntiSpyware.com
    2007-12-29 17:11 . 2007-12-29 17:11 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2007-12-29 16:38 . 2007-12-29 16:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Rabio
    2007-12-29 16:32 . 2007-12-29 16:32 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
    2007-12-29 16:26 . 2007-12-29 16:26 <DIR> d-------- C:\WINDOWS\system32\ardCo02
    2007-12-29 16:26 . 2007-12-29 16:26 <DIR> d-------- C:\Temp\cEeer12

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-13 08:25 --------- d-----w C:\Program Files\Apoint
    2008-01-01 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-01 21:32 --------- d-----w C:\Program Files\Dell
    2008-01-01 16:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-12-29 21:32 --------- d-----w C:\Program Files\QuickTime
    2007-12-23 02:19 --------- d-----w C:\Program Files\DivX
    .
    Code:
    <pre>
----a-w            15,360 2007-12-29 22:11:48  C:\WINDOWS\system32\ctfmon .exe
</pre>

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [ ]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 06:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
    "{67-71-1C-C3-ZN}"="c:\windows\system32\dwdsrngt.exe" [ ]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [ ]
    "PMX Daemon"="ICO.EXE" [2006-06-09 12:47 47104 C:\WINDOWS\system32\ico.exe]

    C:\Documents and Settings\Abhijit\Start Menu\Programs\Startup\
    Spruce - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir [2007-12-29 16:30:15]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-01-02 21:52:35]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-01-01 17:03:12]

    C:\DOCUME~1\Abhijit\STARTM~1\Programs\Startup\
    Spruce - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir [2007-12-29 16:30:15]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
    backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Media Card Companion Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk
    backup=C:\WINDOWS\pss\Media Card Companion Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    C:\Program Files\Apoint\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2007-12-30 11:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    --a------ 2007-03-15 10:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    --a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    --a------ 2006-06-06 17:06 77824 C:\WINDOWS\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    --a------ 2006-06-06 17:10 118784 C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    --a------ 2006-06-06 17:09 94208 C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
    --a------ 2004-10-30 15:59 385024 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2006-02-23 15:45 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    --------- 2005-02-10 17:00 1937408 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
    --a------ 2006-12-29 01:52 3429904 C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --------- 2004-04-11 21:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2003-11-19 18:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-06-23 15:34 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    --a------ 2004-01-07 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2006-11-03 17:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    R2 AlteraProgrammer;Altera Programmer;C:\WINDOWS\system32\DRIVERS\pgdnt.sys [2005-08-06 02:38]
    S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2004-12-02 21:04]
    S3 CamAv;SAMSUNG Video Capture;C:\WINDOWS\system32\Drivers\CamAv.sys [2005-12-16 03:53]
    S3 CAMFLT;%CAMFLT.SvcDesc%;C:\WINDOWS\system32\drivers\CAMFLT.sys [2005-07-19 19:23]
    S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 13:47]
    S3 psa805;Aurilium Sound Agent 2 (WDM);C:\WINDOWS\system32\drivers\psa805.sys []
    S3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;C:\WINDOWS\system32\DRIVERS\QsndEnum.sys []

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-18 16:41:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\Program Files\Logitech\SetPoint\lgscroll.dll
    .
    Completion time: 2008-01-18 16:46:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-18 21:46:45
    ComboFix2.txt 2007-12-30 17:07:40
    .
    2008-01-10 17:03:23 --- E O F ---
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules