-
Combofix log from CFScript.txt entry - Thanks!
ComboFix 09-03-12.01 - Home 2009-03-12 21:52:11.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.216 [GMT -5:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Home\Desktop\CFScript.txt
AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.
2009-03-10 00:11 . 2009-03-10 00:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-10 00:11 . 2009-03-10 00:11 <DIR> d-------- c:\documents and settings\Home\Application Data\Malwarebytes
2009-03-10 00:11 . 2009-03-10 00:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-10 00:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-10 00:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-07 21:06 . 2009-03-07 21:06 <DIR> d-------- c:\documents and settings\Home\Application Data\InstallShield
2009-03-05 00:53 . 2009-03-05 00:53 <DIR> d-------- c:\program files\CCleaner
2009-03-05 00:32 . 2009-03-05 00:56 <DIR> d-------- c:\program files\Enigma Software Group
2009-03-04 23:49 . 2009-03-04 23:49 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-04 01:55 . 2009-03-04 01:59 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-02-27 20:05 . 2009-03-01 23:20 <DIR> d-------- c:\documents and settings\Home\Application Data\.purple
2009-02-27 20:03 . 2009-02-27 20:03 <DIR> d-------- c:\program files\Pidgin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 02:44 256 ----a-w c:\documents and settings\Home\pool.bin
2009-03-11 03:13 --------- d-----w c:\program files\Spybot
2009-03-11 03:12 --------- d-----w c:\program files\mozilla.org
2009-03-11 03:11 --------- d-----w c:\program files\Lavasoft
2009-03-10 04:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-09 13:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2009-03-09 03:34 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-06 03:44 --------- d-----w c:\documents and settings\Home\Application Data\AVG7
2009-03-05 05:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-05 05:57 --------- d-----w c:\program files\Common Files\Adobe
2009-02-28 01:05 --------- d-----w c:\documents and settings\Home\Application Data\.gaim
2009-02-28 00:55 --------- d-----w c:\program files\Gaim
2009-02-21 19:11 --------- d-----w c:\documents and settings\Home\Application Data\Canon
2009-01-23 05:59 --------- d-----w c:\documents and settings\Home\Application Data\OpenOffice.org2
2005-12-05 17:59 1,615,920 ----a-w c:\program files\Mozilla Firefox.sit
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2007-07-17 1328400]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-06-03 180316]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-07-07 274432]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-22 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-22 610304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2009-02-24 590848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-09 282624]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"nwiz"="nwiz.exe" [2003-06-24 c:\windows\system32\nwiz.exe]
"WLANSTA.EXE"="WLANSTA.EXE" [2002-07-04 c:\windows\system32\WLANSTA.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-26 219136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2007-08-28 54512]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.1]
--a------ 2005-12-16 18:59 107008 c:\program files\eFax Messenger 4.1\J2GDllCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 15:24 278528 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2003-06-24 13:32 4800512 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-08-09 12:17 282624 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)
"iPodService"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\Macromedia\\HomeSite 5\\Homesite5.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Funkitron\\Scrabble\\Scrabble.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Documents and Settings\\Home\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
R3 EMCR;EMCR;c:\windows\system32\drivers\EMCR7SK.sys [2004-05-02 68480]
S3 G231;G101/G231 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [2005-04-02 117248]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\DRIVERS\tnet1130x.sys --> c:\windows\system32\DRIVERS\tnet1130x.sys [?]
S3 WLANRB;NETGEAR Wireless 802.11b LAN RB Driver;c:\windows\system32\drivers\MA401RB.sys [2005-06-01 593920]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html
IE: {{ADFCCE65-DF10-46fd-B04A-53CCBE2A0795}
IE: {{E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - c:\program files\Adblock Pro\AdblockPro.dll
TCP: {35459D40-1C1D-4993-B2D8-5E9E24AA64E1} = 68.168.96.130,68.168.96.133
TCP: {A9C61ABE-41F4-4377-AE7E-ABA36F6AA123} = 68.168.96.130,68.168.96.133
DPF: {00191E43-49C2-48E2-A548-8F702D75622A} - hxxps://conference.oracle.com/imtapp/res/jar/cnsload.cab
DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} - hxxp://video.vividas.com/CDN1/5029_paramount/en/web/player/vivid_ocx.jpeg
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\uonxpt28.default\
FF - prefs.js: browser.startup.homepage - file:///C:/_maddie/index.html
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.00.19.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 21:55:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????h????????? ??TB???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-03-12 21:59:34
ComboFix-quarantined-files.txt 2009-03-13 02:58:46
ComboFix2.txt 2009-03-10 05:06:20
ComboFix3.txt 2009-03-10 04:45:44
Pre-Run: 19,364,487,168 bytes free
Post-Run: 19,362,160,640 bytes free
138
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
