|
-
June 10th, 2009, 04:06 PM
#31
ComboFix 09-06-09.06 - User 06/10/2009 14:56.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.52 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090609-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\drivers\logiflt.iad"
"c:\windows\system32\drivers\lvuvc.hs"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\21671
c:\21671\CF4483.exe
c:\21671\Nircmd.com
C:\Tools-AV
c:\tools-av\en.txt
c:\tools-av\fr.txt
c:\tools-av\Load-CF.bat
c:\tools-av\wget.com
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
.
((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.
2009-06-10 16:13 . 2009-06-10 16:13 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 15:18 . 2009-02-05 21:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-10 15:18 . 2009-02-05 21:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-10 15:18 . 2009-02-05 21:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-10 15:18 . 2009-02-05 21:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-10 15:18 . 2009-02-05 21:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-10 15:18 . 2009-02-05 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-10 15:18 . 2009-02-05 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-10 15:18 . 2009-02-05 21:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-10 15:17 . 2009-02-05 21:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-10 15:17 . 2009-06-10 15:17 -------- d-----w- c:\program files\Alwil Software
2009-06-05 22:00 . 2009-06-09 17:35 14 ----a-w- c:\windows\popcinfo.dat
2009-06-05 21:50 . 2009-06-09 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-06-05 21:50 . 2009-06-05 21:50 -------- d-----w- c:\program files\Gateway Games
2009-06-05 16:06 . 2009-06-05 16:06 -------- d-sh--w- c:\documents and settings\User\PrivacIE
2009-06-05 16:04 . 2009-06-05 16:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-05 15:53 . 2009-06-05 15:53 -------- d-----w- c:\program files\iPod
2009-06-05 15:53 . 2009-06-05 15:54 -------- d-----w- c:\program files\iTunes
2009-06-05 15:37 . 2009-06-05 15:37 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 23:00 . 2009-06-04 23:00 -------- d-sh--w- c:\documents and settings\User\IECompatCache
2009-06-04 17:37 . 2009-06-04 17:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-04 15:41 . 2009-06-04 15:41 -------- d-sh--w- c:\documents and settings\User\IETldCache
2009-06-04 15:39 . 2009-06-04 15:39 -------- d-----w- c:\windows\ie8updates
2009-06-04 15:38 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-04 15:36 . 2009-06-04 15:37 -------- dc-h--w- c:\windows\ie8
2009-05-26 18:13 . 2009-05-28 03:35 -------- d-----w- c:\program files\FirefoxPortable
2009-05-20 13:15 . 2008-04-14 11:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 20:51 . 2008-10-21 19:53 -------- d-----w- c:\documents and settings\User\Application Data\DNA
2009-06-10 18:55 . 2009-05-01 18:18 -------- d-----w- c:\documents and settings\User\Application Data\FrostWire
2009-06-10 15:50 . 2008-10-21 19:53 -------- d-----w- c:\program files\DNA
2009-06-09 16:44 . 2009-03-23 17:02 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-08 20:17 . 2009-03-12 15:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-05 21:35 . 2009-06-08 18:54 170896 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-06-05 15:53 . 2008-06-29 06:26 -------- d-----w- c:\program files\Common Files\Apple
2009-06-05 15:32 . 2008-07-20 14:46 -------- d-----w- c:\program files\Safari
2009-05-27 16:20 . 2009-03-09 17:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-27 16:19 . 2009-03-28 20:21 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 19:20 . 2009-03-09 17:27 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 19:19 . 2009-03-09 17:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-26 01:02 . 2009-03-08 02:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-26 01:02 . 2009-03-08 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-26 01:01 . 2008-06-29 06:41 -------- d-----w- c:\program files\Google
2009-05-20 22:21 . 2008-07-07 19:19 50920 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 13:25 . 2008-01-07 23:34 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-14 17:11 . 2009-05-01 18:17 -------- d-----w- c:\program files\FrostWire
2009-05-11 15:27 . 2008-10-16 19:20 -------- d-----w- c:\program files\DivX
2009-05-11 15:26 . 2009-05-11 15:25 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-09 23:15 . 2009-04-29 18:33 -------- d-----w- c:\program files\IrfanView
2009-05-04 04:40 . 2009-05-04 04:40 -------- d-----w- c:\documents and settings\User\Application Data\Final Draft
2009-05-04 04:38 . 2009-05-04 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Final Draft
2009-05-04 04:31 . 2009-05-04 04:31 51712 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D174.exe
2009-05-04 04:31 . 2009-05-04 04:31 51712 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D173.exe
2009-05-04 04:31 . 2009-05-04 04:31 51712 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D172.exe
2009-05-04 04:31 . 2009-05-04 04:31 27648 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D171.exe
2009-05-04 04:30 . 2009-05-04 04:30 -------- d-----w- c:\program files\Final Draft Tagger
2009-05-04 04:30 . 2009-05-04 04:30 -------- d-----w- c:\program files\Final Draft 7
2009-05-04 04:29 . 2009-03-12 15:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-01 18:26 . 2009-05-01 18:26 0 ----a-w- c:\documents and settings\User\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-05-01 18:01 . 2009-05-01 18:01 -------- d-----w- c:\documents and settings\User\Application Data\Pirates of the Atlantic
2009-05-01 17:59 . 2009-02-14 17:59 -------- d-----w- c:\program files\LimeWire
2009-05-01 17:39 . 2008-06-29 16:42 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
2009-04-21 21:39 . 2009-05-01 18:34 2789376 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\ClientCells.dll
2009-04-21 21:39 . 2009-05-01 18:34 131072 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\Silverlight.Headup.Common.dll
2009-04-21 21:39 . 2009-05-01 18:34 2359296 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\CommonCells.dll
2009-04-21 21:39 . 2009-05-01 18:34 233472 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\Silverlight.Charm.Engine.dll
2009-04-21 21:37 . 2009-05-01 18:34 28672 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\Silverlight.Headup.Bridge.dll
2009-04-21 21:36 . 2009-05-01 18:34 52736 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\SmartThreadPool.dll
2009-04-21 21:36 . 2009-05-01 18:34 209408 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\SilverlightContrib.dll
2009-04-21 21:35 . 2009-05-01 18:34 133120 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\SilverSgmlReader.dll
2009-04-21 21:35 . 2009-05-01 18:34 361984 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\BidiControls.dll
2009-04-21 21:35 . 2009-05-01 18:34 200704 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\Microsoft.Windows.Controls.dll
2009-04-21 21:35 . 2009-05-01 18:34 23040 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\Wintellect.Threading.Silverlight.dll
2009-04-18 23:02 . 2009-04-18 23:02 -------- d-----w- c:\program files\MSXML 6.0
2009-04-17 17:48 . 2009-04-17 17:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-03-31 14:57 . 2009-03-07 01:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-03-27 15:21 . 2009-03-27 15:21 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-19 22:32 . 2009-03-19 22:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 22:32 . 2008-01-29 18:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 610304]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-8-26 91440]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/10/2009 9:18 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/10/2009 9:18 AM 20560]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/23/2005 7:06 AM 231424]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/20/2008 5:18 PM 356920]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]
2009-06-10 c:\windows\Tasks\User_Feed_Synchronization-{2ADF982F-A5A8-4D3F-BD1A-B8DF057C95BF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 14:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-10 15:01
ComboFix-quarantined-files.txt 2009-06-10 21:01
ComboFix2.txt 2009-06-10 20:29
ComboFix3.txt 2009-06-08 19:28
Pre-Run: 49,235,480,576 bytes free
Post-Run: 49,222,230,016 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
220 --- E O F --- 2009-06-04 15:39
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
