ComboFix 08-09-04.09 - ADMIN 09/06/2008 0:07:42.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1025.18.533 [GMT 3:00]
Running from: C:\Documents and Settings\ADMIN\سطح المكتب\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\ADMIN\قائمة ابدأ\البرامج\Uninstall.lnk
C:\test.txt
C:\Windows\Mylist.dll
C:\Windows\system32\mdm.exe
C:\Windows\system32\pthreadVC.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 21:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-05 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-04 17:59 98,304 ----a-w C:\Windows\DUMPac19.tmp
2008-09-04 17:15 --------- d-----w C:\Program Files\MessengerDiscovery
2008-09-02 21:24 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
2008-09-01 00:00 --------- d-----w C:\Program Files\AxBx
2008-08-30 04:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-30 02:55 --------- d-----w C:\Program Files\ThreatExpert Memory Scanner
2008-08-30 01:34 --------- d-----w C:\Program Files\UltraISO
2008-08-30 01:34 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-08-26 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-26 20:27 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\Desktopicon
2008-08-26 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 06:29 --------- d-----w C:\Program Files\ma-config.com
2008-08-26 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-08-26 06:05 55,929 ----a-w C:\Windows\BricoPackUninst.cmd
2008-08-26 06:05 5,798 ----a-w C:\Windows\BricoPackFoldersDelete.cmd
2008-08-26 06:05 218,624 ----a-w C:\Windows\system32\uxtheme.dll
2008-08-25 05:11 577,024 ----a-w C:\Windows\user32.dll
2008-08-24 21:35 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\Avira
2008-08-24 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-08-24 20:32 --------- d-----w C:\Program Files\WinHex
2008-08-24 03:24 --------- d-----w C:\Program Files\Error Repair Professional
2008-08-24 02:19 --------- d-----w C:\Program Files\security
2008-08-23 19:05 --------- d-----w C:\Program Files\RamCleaner
2008-08-19 15:37 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-08-19 13:17 --------- d-----w C:\Program Files\ShaPlus Google Translator
2008-08-19 01:01 --------- d-----w C:\Program Files\Quranzu1
2008-08-17 20:44 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\DPA
2008-08-17 20:43 --------- d-----w C:\Program Files\Digitope Setup
2008-08-17 20:43 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\Digitope
2008-08-17 18:11 --------- d-----w C:\Program Files\HEXwrite
2008-08-16 19:55 --------- d-----w C:\Program Files\CodeLifter5
2008-08-16 16:46 --------- d-----w C:\Program Files\Common Files\xing shared
2008-08-15 16:24 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\SystemGadgets
2008-08-15 03:36 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\XMen
2008-07-29 17:21 218,376 ----a-w C:\Windows\system32\klogon.dll
2008-07-29 17:20 24,774 ----a-w C:\Windows\system32\drivers\klopp.dat
2008-07-19 05:34 --------- d-----w C:\Program Files\Innovative Solutions
2008-07-19 05:27 --------- d-----w C:\Program Files\Intel
2008-07-19 05:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-17 18:21 --------- d-----w C:\Program Files\sploit Framework
2008-07-15 23:59 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\VMware
2008-07-15 23:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-07-15 23:37 --------- d-----w C:\Program Files\VMware
2008-07-15 23:37 --------- d-----w C:\Program Files\Common Files\VMware
2008-07-15 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-07-15 23:31 --------- d-----w C:\Program Files\Privacy Guardian
2008-07-15 23:27 --------- d-----w C:\Program Files\free-downloads.net
2008-07-15 23:27 --------- d-----w C:\Program Files\Conduit
2008-07-15 23:27 --------- d-----w C:\Program Files\Alcohol Soft
2008-07-15 23:25 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-07-15 23:24 --------- d-----w C:\Program Files\uTorrent
2008-07-15 23:24 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\uTorrent
2008-07-15 16:29 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-07-15 16:29 172,032 ------w C:\Windows\Setup1.exe
2008-07-15 16:29 --------- d-----w C:\Program Files\Golden Al-Wafi Translator
2008-07-14 06:22 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\Hide IP NG
2008-07-14 03:09 --------- d-----w C:\Program Files\Paltalk Messenger
2008-07-14 03:09 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\Paltalk
2008-07-14 01:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-14 01:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-14 01:13 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-14 01:13 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\SUPERAntiSpyware.com
2008-07-14 00:04 --------- d-----w C:\Program Files\DVDVideoSoft
2008-07-14 00:04 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-07-14 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\XemiComputers
2008-07-14 00:02 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\XemiComputers
2008-07-13 21:59 --------- d-----w C:\Program Files\Opera
2008-07-13 18:45 90,112 ----a-w C:\Windows\system32\agsaami.dll
2008-07-13 18:45 610,304 ----a-w C:\Windows\system32\agsaamg.dll
2008-07-13 18:45 372,736 ----a-w C:\Windows\system32\agsaamc.dll
2008-07-13 18:45 2,535,424 ----a-w C:\Windows\system32\agsaamj.dll
2008-07-13 18:45 1,986,560 ----a-w C:\Windows\system32\akll.dll
2008-07-13 18:45 1,245,184 ----a-w C:\Windows\system32\bkll.dll
2008-07-13 18:45 1,212,416 ----a-w C:\Windows\system32\ckll.dll
2008-07-13 18:45 --------- d-----w C:\Program Files\Real_SC
2008-07-13 06:02 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\Media Player Classic
2008-07-11 04:06 16,299,862 ------w C:\$Persi0.sys
2008-07-11 04:06 --------- d-----w C:\Program Files\Faronics
2008-07-11 03:42 --------- d-----w C:\Program Files\Web Publish
2008-07-11 03:35 --------- d-----w C:\Program Files\No-IP
2008-07-11 02:55 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-11 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\CenerTCPMessenger
2008-07-11 02:13 --------- d-----w C:\Program Files\PHP Expert Editor 4.2
2008-07-11 01:58 --------- d-----w C:\Program Files\WinPcap
2008-07-11 01:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-11 00:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-11 00:57 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\Yahoo!
2008-07-11 00:49 --------- d-----w C:\Program Files\Resource Tuner
2008-07-11 00:49 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\Resource Tuner
2008-07-11 00:48 --------- d-----w C:\Program Files\BreakPoint Software
2008-07-11 00:43 --------- d-----w C:\Program Files\Driver-Soft
2008-07-11 00:41 --------- d-----w C:\Program Files\Webroot
2008-07-11 00:41 --------- d-----w C:\Program Files\TechSmith
2008-07-11 00:41 --------- d-----w C:\Program Files\Common Files\Webroot Shared
2008-07-11 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-11 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-11 00:41 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\Webroot
2008-07-11 00:40 --------- d-----w C:\Documents and Settings\ADMIN\Application Data\Skype
.
------- Sigcheck -------
08/25/2008 08:11 AM 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\Windows\user32.dll
05/13/2008 12:31 AM 485376 590f60fbbcc32f4a4ab953b3e5f9745c C:\Windows\system32\user32.dll
08/25/2008 08:11 AM 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\Windows\system\user32.dll
05/12/2008 11:06 PM 361344 68f06fe0021b01e670af37b8c5964fdf C:\Windows\system32\drivers\tcpip.sys
05/13/2008 12:27 AM 2190336 b36ae3354cff9a4b664901b3c4f06c4c C:\Windows\system32\ntoskrnl.exe
05/13/2008 12:23 AM 974848 5320ea6507cfa8abc92caf91cd2fc8a5 C:\Windows\explorer.exe
05/13/2008 12:22 AM 40448 372853620778b679c89ca4feaf4c7753 C:\Windows\system32\ctfmon.exe
07/30/2007 07:19 PM 68440 84d9a61860272d6177d46c86b8431557 C:\Windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [02/14/2008 02:54 PM 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper s\{ecdee021-0d17-467f-a1ff-c7a115230949}]
02/14/2008 02:54 PM 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [02/14/2008 02:54 PM 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [02/14/2008 02:54 PM 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/11/2008 03:34 AM 2577840]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [03/22/2008 10:18 PM 1271808]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [08/16/2007 04:19 PM 5728112]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [03/19/2007 01:05 AM 630784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [05/02/2008 07:15 AM 15872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/13/2008 12:22 AM 40448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [03/01/2008 03:53 PM 124928 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
06/28/2007 08:39 PM 65536 C:\WINDOWS\system32\LogonDll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN^قائمة ابدأ^البرامج^بدء التشغيل^No-IP DUC.lnk]
path=C:\Documents and Settings\ADMIN\قائمة ابدأ\البرامج\بدء التشغيل\No-IP DUC.lnk
backup=C:\WINDOWS\pss\No-IP DUC.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN^قائمة ابدأ^البرامج^بدء التشغيل^Vista Build Tag.lnk]
path=C:\Documents and Settings\ADMIN\قائمة ابدأ\البرامج\بدء التشغيل\Vista Build Tag.lnk
backup=C:\WINDOWS\pss\Vista Build Tag.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^PalTalk.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^قائمة ابدأ^البرامج^بدء التشغيل^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\قائمة ابدأ\البرامج\بدء التشغيل\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Active Desktop Calendar]
--a------ 05/07/2008 01:24 PM 3727360 C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 01/11/2008 10:16 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
--a------ 06/26/2006 05:26 AM 118784 C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 07/16/2008 02:29 AM 4608 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMWallpaperChanger]
--a------ 11/03/2006 09:52 PM 69632 C:\WINDOWS\system32\WallChan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 05/13/2008 12:22 AM 40448 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSpace]
--a------ 05/22/2008 07:48 PM 373152 C:\Program Files\Drive Space Indicator\DrvSpace.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 06/21/2005 04:44 PM 126976 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 07/11/2008 03:34 AM 2577840 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 06/21/2005 04:48 PM 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 08/16/2007 04:19 PM 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Pro Dispatcher v3]
--a------ 12/10/2006 09:25 PM 512000 C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerTweak Menu]
--a------ 07/05/2005 03:04 AM 828416 C:\WINDOWS\system32\mmm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDaemon]
--a------ 04/19/2005 12:57 AM 111104 C:\WINDOWS\sdaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 02/01/2008 05:22 PM 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 03/25/2008 04:28 AM 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWd]
--a------ 04/19/2005 12:56 AM 26624 C:\WINDOWS\winwd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 08/16/2008 07:42 PM 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 05/02/2008 07:15 AM 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 10/08/2007 09:26 AM 55856 C:\Program Files\VMware\VMware Workstation\hqtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 10/08/2007 09:27 AM 72240 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a------ 10/03/2007 09:23 AM 1206600 C:\Program Files\Webroot\Washer\wwDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 09/16/2004 05:39 AM 69632 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\kav\\kis7.0\\english\\setup.exe"=
R0 DeepFrz;DeepFrz;C:\Windows\system32\drivers\DeepFrz.sys [06/28/2007 08:45 PM 131472]
R0 WINSEC;WINSEC;C:\Windows\system32\drivers\WINSEC.SYS [04/19/2005 12:57 AM 20352]
R2 Apache2.2;Apache2.2;C:\AppServ\Apache2.2\bin\httpd.exe [01/09/2007 07:17 PM 20539]
R2 winser;winser;C:\WINDOWS\system32\winsersec.exe [04/14/2005 01:37 AM 53248]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [10/03/2007 09:23 AM 598856]
R3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM 27136]
S2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [ ]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [ ]
S2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [ ]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [07/25/2008 08:57 PM 191656]
*Newly Created Service* - HELPSVC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-TiGeR-Firewall - C:\Documents and Settings\ADMIN\قائمة ابدأ\البرامج\بدء التشغيل\TiGeR-Firewall.EXE
HKU-Default-Run-TaskSwitchXP - C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
HKU-Default-Run-RocketDock - C:\Program Files\RocketDock\RocketDock.exe
HKU-Default-Run-Sonic RecordNow! - (no file)
MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
MSConfigStartUp-Hide IP NG - C:\Program Files\Hide IP NG\hideipng.exe
MSConfigStartUp-nod32kui - C:\Program Files\Eset\nod32kui.exe
MSConfigStartUp-PowerArchiver Tray - C:\Program Files\PowerArchiver\PASTARTER.EXE
MSConfigStartUp-RocketDock - C:\Program Files\RocketDock\RocketDock.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\yvesdp5o.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np32asw.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM1.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM2.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM3.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM4.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM5.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM6.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
.
------- File Associations (Beta) -------
.
inffile=C:\WINDOWS\system32\Notepad2.exe %1
inifile=C:\WINDOWS\system32\Notepad2.exe %1
txtfile=C:\WINDOWS\system32\Notepad2.exe %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-09-06 00:11:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="C:\AppServ\MySQL\bin\mysqld-nt --defaults-file=C:\AppServ\MySQL\my.ini mysql"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\LogonDll.dll
PROCESS: C:\Windows\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\FARONICS\DEEP FREEZE\INSTALL C-0\DF5SERV.EXE
C:\PROGRAM FILES\HOTSPOT SHIELD\BIN\OPENVPNAS.EXE
C:\APPSERV\MYSQL\BIN\MYSQLD-NT.EXE
C:\PROGRAM FILES\TECHSMITH\SNAGIT 9\SNAGIT32.EXE
C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE
C:\DOCUMENTS AND SETTINGS\ADMIN\C:\PROGRAM FILES\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\VMOUNT2.EXE
C:\WINDOWS\SYSTEM32\VMNAT.EXE
C:\PROGRAM FILES\TECHSMITH\SNAGIT 9\TSCHELP.EXE
C:\PROGRAM FILES\TECHSMITH\SNAGIT 9\SNAGPRIV.EXE
C:\PROGRAM FILES\VMWARE\VMWARE WORKSTATION\VMWARE-AUTHD.EXE
C:\WINDOWS\SYSTEM32\VMNETDHCP.EXE
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\PROGRAM FILES\TECHSMITH\SNAGIT 9\SNAGITEDITOR.EXE
C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IEMONITOR.EXE
.
**************************************************************************
.
Completion time: 09/06/2008 0:13:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 21:12:54
Pre-Run: 11,986,681,856 bytes free
Post-Run: 11,916,476,416 bytes free
336
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
