TechSpot

Are my HjT and ComboFix logs clean?

By CJ-real
Sep 1, 2008
  1. ComboFix log:
    Code:
    ComboFix 08-09-01.01 - CJ1 2008-09-02  0:15:42.1 - NTFSx86
    Running from: C:\Documents and Settings\CJ1\My Documents\Scores\ComboFix.exe
     * Created a new restore point
    
    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .
    
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\bin.clearspring.com
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\bin.clearspring.com\clearspring.sol
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\interclick.com
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\interclick.com\ud.sol
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\static.youku.com
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\static.youku.com\v1.0.0255\v\swf\qplayer.swf\qplayer.sol
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\static.youku.com\v1.0.0259\v\swf\qplayer.swf\qplayer.sol
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\static.youku.com\v1.0.0307\v\swf\qplayer.swf\qplayer.sol
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
    C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
    C:\Program Files\Common Files\{34E14~1\Uninst.exe
    C:\WINDOWS\qmdispatch.dll
    C:\WINDOWS\system32\actskn43.ocx
    C:\WINDOWS\system32\components
    C:\WINDOWS\system32\mlkkj.bak2
    C:\WINDOWS\system32\mlkkj.ini
    C:\WINDOWS\system32\skinboxer43.dll
    
    .
    (((((((((((((((((((((((((   Files Created from 2008-08-01 to 2008-09-01  )))))))))))))))))))))))))))))))
    .
    
    2008-08-31 10:49 . 2008-08-31 10:49	<DIR>	d--------	C:\Program Files\Notepad++
    2008-08-31 10:49 . 2008-08-31 11:07	<DIR>	d--------	C:\Documents and Settings\CJ1\Application Data\Notepad++
    2008-08-17 23:01 . 2008-08-17 23:01	0	--a------	C:\Documents and Settings\CJ1\jagex_runescape_preferences.dat
    2008-08-15 10:33 . 2008-05-01 15:30	331,776	---------	C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-09 12:12 . 2008-08-09 12:12	<DIR>	d--------	C:\Documents and Settings\CJ1\Application Data\Atari
    2008-08-09 12:12 . 2008-08-16 16:33	43,520	--a------	C:\WINDOWS\system32\CmdLineExt03.dll
    2008-08-09 12:11 . 2008-08-09 12:11	<DIR>	d--------	C:\Program Files\Common Files\PocketSoft
    2008-08-09 12:11 . 2002-02-27 17:50	197,120	--a------	C:\WINDOWS\patchw32.dll
    2008-08-09 12:07 . 2008-08-09 12:07	<DIR>	d--------	C:\Program Files\Atari
    2008-08-01 20:54 . 2008-08-01 21:01	<DIR>	d--------	C:\xampp
    2008-08-01 17:48 . 2008-08-01 17:48	<DIR>	d--------	C:\Program Files\MySQL
    
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    
    Continued in the next post
     
  2. CJ-real

    CJ-real TS Rookie Topic Starter Posts: 56

    Code:
    2008-09-01 23:23	---------	d-----w	C:\Program Files\Common Files\{34E147BB-0745-1033-0928-05050622002c}
    2008-09-01 22:56	---------	d-----w	C:\Documents and Settings\CJ1\Application Data\Azureus
    2008-08-31 10:46	61,440	----a-w	C:\WINDOWS\Internet Logs\xDBE1.tmp
    2008-08-31 09:10	---------	d-----w	C:\Documents and Settings\CJ1\Application Data\CoreFTP
    2008-08-30 21:04	9,293,824	----a-w	C:\WINDOWS\Internet Logs\xDBE0.tmp
    2008-08-30 21:04	79,360	----a-w	C:\WINDOWS\Internet Logs\xDBDF.tmp
    2008-08-29 11:23	97,928	----a-w	C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-08-28 22:00	9,281,536	----a-w	C:\WINDOWS\Internet Logs\xDBDE.tmp
    2008-08-28 22:00	42,496	----a-w	C:\WINDOWS\Internet Logs\xDBDD.tmp
    2008-08-28 12:38	9,283,584	----a-w	C:\WINDOWS\Internet Logs\xDBDC.tmp
    2008-08-28 12:38	41,984	----a-w	C:\WINDOWS\Internet Logs\xDBDB.tmp
    2008-08-28 09:11	---------	d-----w	C:\Program Files\Dl_cats
    2008-08-27 21:05	9,284,096	----a-w	C:\WINDOWS\Internet Logs\xDBDA.tmp
    2008-08-27 21:05	59,392	----a-w	C:\WINDOWS\Internet Logs\xDBD9.tmp
    2008-08-26 22:04	9,282,560	----a-w	C:\WINDOWS\Internet Logs\xDBD8.tmp
    2008-08-26 22:04	40,448	----a-w	C:\WINDOWS\Internet Logs\xDBD7.tmp
    2008-08-25 23:15	9,282,560	----a-w	C:\WINDOWS\Internet Logs\xDBD6.tmp
    2008-08-25 23:15	64,000	----a-w	C:\WINDOWS\Internet Logs\xDBD4.tmp
    2008-08-25 12:03	---------	d-----w	C:\Documents and Settings\All Users\Application Data\pdf995
    2008-08-24 20:10	9,285,632	----a-w	C:\WINDOWS\Internet Logs\xDBD5.tmp
    2008-08-24 20:10	70,144	----a-w	C:\WINDOWS\Internet Logs\xDBD3.tmp
    2008-08-23 18:16	39,424	----a-w	C:\WINDOWS\Internet Logs\xDBD2.tmp
    2008-08-22 22:01	9,279,488	----a-w	C:\WINDOWS\Internet Logs\xDBD1.tmp
    2008-08-22 22:01	40,960	----a-w	C:\WINDOWS\Internet Logs\xDBD0.tmp
    2008-08-22 09:22	9,280,512	----a-w	C:\WINDOWS\Internet Logs\xDBCF.tmp
    2008-08-22 09:22	46,080	----a-w	C:\WINDOWS\Internet Logs\xDBCE.tmp
    2008-08-22 00:59	9,300,992	----a-w	C:\WINDOWS\Internet Logs\xDBCD.tmp
    2008-08-22 00:59	72,704	----a-w	C:\WINDOWS\Internet Logs\xDBCC.tmp
    2008-08-21 20:44	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-20 22:47	41,472	----a-w	C:\WINDOWS\Internet Logs\xDBCB.tmp
    2008-08-20 20:14	9,278,464	----a-w	C:\WINDOWS\Internet Logs\xDBCA.tmp
    2008-08-20 20:14	40,448	----a-w	C:\WINDOWS\Internet Logs\xDBC9.tmp
    2008-08-20 09:25	9,279,488	----a-w	C:\WINDOWS\Internet Logs\xDBC8.tmp
    2008-08-20 09:25	46,592	----a-w	C:\WINDOWS\Internet Logs\xDBC7.tmp
    2008-08-19 21:50	9,277,952	----a-w	C:\WINDOWS\Internet Logs\xDBC6.tmp
    2008-08-19 21:50	44,544	----a-w	C:\WINDOWS\Internet Logs\xDBC5.tmp
    2008-08-19 07:35	9,278,976	----a-w	C:\WINDOWS\Internet Logs\xDBC4.tmp
    2008-08-19 07:35	42,496	----a-w	C:\WINDOWS\Internet Logs\xDBC3.tmp
    2008-08-18 21:27	9,277,440	----a-w	C:\WINDOWS\Internet Logs\xDBC2.tmp
    2008-08-18 21:27	52,736	----a-w	C:\WINDOWS\Internet Logs\xDBC1.tmp
    2008-08-18 12:02	9,277,440	----a-w	C:\WINDOWS\Internet Logs\xDBC0.tmp
    2008-08-18 12:02	49,152	----a-w	C:\WINDOWS\Internet Logs\xDBBF.tmp
    2008-08-17 23:07	9,283,584	----a-w	C:\WINDOWS\Internet Logs\xDBBE.tmp
    2008-08-17 23:07	786,944	----a-w	C:\WINDOWS\Internet Logs\xDBBD.tmp
    2008-08-16 23:02	9,276,928	----a-w	C:\WINDOWS\Internet Logs\xDBBC.tmp
    2008-08-16 23:02	53,248	----a-w	C:\WINDOWS\Internet Logs\xDBBB.tmp
    2008-08-16 16:25	43,008	----a-w	C:\WINDOWS\Internet Logs\xDBBA.tmp
    2008-08-16 07:28	45,568	----a-w	C:\WINDOWS\Internet Logs\xDBB9.tmp
    2008-08-16 07:08	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-15 23:22	9,256,960	----a-w	C:\WINDOWS\Internet Logs\xDBB8.tmp
    2008-08-15 23:22	65,536	----a-w	C:\WINDOWS\Internet Logs\xDBB7.tmp
    2008-08-14 22:58	9,249,792	----a-w	C:\WINDOWS\Internet Logs\xDBB6.tmp
    2008-08-14 22:58	183,296	----a-w	C:\WINDOWS\Internet Logs\xDBB5.tmp
    2008-08-14 10:52	---------	d-----w	C:\Documents and Settings\CJ1\Application Data\uTorrent
    2008-08-14 10:48	---------	d-----w	C:\Documents and Settings\CJ1\Application Data\JDiskReport
    2008-08-13 20:50	9,245,696	----a-w	C:\WINDOWS\Internet Logs\xDBB4.tmp
    2008-08-13 20:50	55,808	----a-w	C:\WINDOWS\Internet Logs\xDBB3.tmp
    2008-08-12 20:40	2,906,624	----a-w	C:\WINDOWS\Internet Logs\xDBB2.tmp
    2008-08-12 07:13	24,940,654	----a-w	C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-08-11 21:00	9,243,136	----a-w	C:\WINDOWS\Internet Logs\xDBB1.tmp
    2008-08-11 21:00	127,488	----a-w	C:\WINDOWS\Internet Logs\xDBB0.tmp
    2008-08-11 15:04	58,368	----a-w	C:\WINDOWS\Internet Logs\xDBAF.tmp
    2008-08-10 21:53	72,704	----a-w	C:\WINDOWS\Internet Logs\xDBAE.tmp
    2008-08-09 22:05	9,241,600	----a-w	C:\WINDOWS\Internet Logs\xDBAD.tmp
    2008-08-09 11:07	---------	d--h--w	C:\Program Files\InstallShield Installation Information
    2008-08-08 20:58	9,231,872	----a-w	C:\WINDOWS\Internet Logs\xDBAC.tmp
    2008-08-08 20:58	38,400	----a-w	C:\WINDOWS\Internet Logs\xDBAB.tmp
    2008-08-08 19:31	48,640	----a-w	C:\WINDOWS\Internet Logs\xDBAA.tmp
    2008-08-08 12:12	9,227,776	----a-w	C:\WINDOWS\Internet Logs\xDBA9.tmp
    2008-08-08 12:12	46,080	----a-w	C:\WINDOWS\Internet Logs\xDBA8.tmp
    2008-08-07 22:57	9,227,776	----a-w	C:\WINDOWS\Internet Logs\xDBA7.tmp
    2008-08-07 21:02	9,227,776	----a-w	C:\WINDOWS\Internet Logs\xDBA6.tmp
    2008-08-07 21:02	87,040	----a-w	C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-08-06 20:19	9,229,312	----a-w	C:\WINDOWS\Internet Logs\xDBA5.tmp
    2008-08-06 20:19	2,153,472	----a-w	C:\WINDOWS\Internet Logs\xDB98.tmp
    2008-08-05 20:26	9,225,728	----a-w	C:\WINDOWS\Internet Logs\xDB65.tmp
    2008-08-05 20:26	44,032	----a-w	C:\WINDOWS\Internet Logs\xDB1D.tmp
    2008-08-05 14:25	9,225,728	----a-w	C:\WINDOWS\Internet Logs\xDB14.tmp
    2008-08-05 14:25	49,152	----a-w	C:\WINDOWS\Internet Logs\xDB13.tmp
    2008-08-04 20:11	9,225,728	----a-w	C:\WINDOWS\Internet Logs\xDB12.tmp
    2008-08-04 20:11	40,960	----a-w	C:\WINDOWS\Internet Logs\xDB11.tmp
    2008-08-04 15:45	9,226,752	----a-w	C:\WINDOWS\Internet Logs\xDB10.tmp
    2008-08-04 15:45	50,176	----a-w	C:\WINDOWS\Internet Logs\xDBF.tmp
    2008-08-03 21:34	9,225,728	----a-w	C:\WINDOWS\Internet Logs\xDBE.tmp
    2008-08-03 21:34	40,960	----a-w	C:\WINDOWS\Internet Logs\xDBD.tmp
    2008-08-03 11:02	29,696	----a-w	C:\WINDOWS\Internet Logs\xDBC.tmp
    2008-08-03 08:56	9,226,240	----a-w	C:\WINDOWS\Internet Logs\xDBB.tmp
    2008-08-03 08:56	42,496	----a-w	C:\WINDOWS\Internet Logs\xDBA.tmp
    2008-08-02 20:47	9,225,728	----a-w	C:\WINDOWS\Internet Logs\xDB9.tmp
    2008-08-02 20:47	61,952	----a-w	C:\WINDOWS\Internet Logs\xDB8.tmp
    2008-08-02 15:38	9,223,680	----a-w	C:\WINDOWS\Internet Logs\xDB7.tmp
    2008-08-02 15:38	39,424	----a-w	C:\WINDOWS\Internet Logs\xDB6.tmp
    2008-08-02 07:48	36,352	----a-w	C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-08-01 21:01	142,848	----a-w	C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-08-01 16:21	---------	d-----w	C:\Program Files\QuickTime
    2008-07-31 20:58	46,080	----a-w	C:\WINDOWS\Internet Logs\xDBA3.tmp
    2008-07-31 20:57	9,116,672	----a-w	C:\WINDOWS\Internet Logs\xDBA4.tmp
    2008-07-31 09:58	9,118,720	----a-w	C:\WINDOWS\Internet Logs\xDBA2.tmp
    2008-07-31 09:58	115,200	----a-w	C:\WINDOWS\Internet Logs\xDBA1.tmp
    2008-07-29 22:08	9,080,320	----a-w	C:\WINDOWS\Internet Logs\xDBA0.tmp
    2006-07-25 16:38	168	--sh--r	C:\WINDOWS\system32\2FD5F30194.sys
    2006-05-06 07:55	80	--sh--r	C:\WINDOWS\system32\9401F3D52F.dll
    2006-07-25 16:39	3,766	--sha-w	C:\WINDOWS\system32\KGyGaAvL.sys
    
    Continued in the next post
     
  3. CJ-real

    CJ-real TS Rookie Topic Starter Posts: 56

    Code:
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
    "DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 07:39 69632]
    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480]
    "dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 08:45 430080]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33 155648]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
    "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [2005-06-27 06:05 282624]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 12:23 1235736]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-08-01 17:19 155648]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 28160 C:\WINDOWS\KHALMNPR.Exe]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSVideo"= CSvidcap.dll
    
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
    backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
    backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
    backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
    backup=C:\WINDOWS\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^CJ1^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\CJ1\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^CJ1^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
    path=C:\Documents and Settings\CJ1\Start Menu\Programs\Startup\WinMySQLadmin.lnk
    backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    /WinStart [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    --a------ 2004-07-19 08:51 306688 C:\Program Files\Dell Support\DSAgnt.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    --a------ 2005-01-27 02:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    --------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-07-27 17:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    --a------ 2005-06-10 16:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2004-12-18 01:20 278528 C:\Program Files\iTunes\iTunesHelper.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
    --a------ 2005-06-27 06:05 282624 C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    --a------ 2005-07-12 20:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-02-10 13:22 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-08-01 17:19 155648 C:\Program Files\QuickTime\qttask.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    --a------ 2005-12-01 22:06 26112 C:\Program Files\Real\RealPlayer\realplay.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2008-06-12 17:18 1271032 C:\Program Files\Steam\steam.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    --a------ 2008-05-15 16:11 3644464 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    --a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    --a------ 2005-03-10 14:01 28160 C:\WINDOWS\KHALMNPR.Exe
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "StyleXPService"=2 (0x2)
    "ServiceLayer"=3 (0x3)
    "ose"=3 (0x3)
    "iPodService"=3 (0x3)
    "gusvc"=2 (0x2)
    "FirebirdServerDefaultInstance"=3 (0x3)
    "FirebirdGuardianDefaultInstance"=2 (0x2)
    "dlcd_device"=3 (0x3)
    "Apache2.2"=2 (0x2)
    "Apache2"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    "aawservice"=2 (0x2)
    "UleadBurningHelper"=3 (0x3)
    "SQLAgent$SONY_MEDIAMGR"=3 (0x3)
    "MSSQLServerADHelper"=3 (0x3)
    "MSSQL$SONY_MEDIAMGR"=3 (0x3)
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    
    
    Continued in the next post
     
  4. CJ-real

    CJ-real TS Rookie Topic Starter Posts: 56

    Code:
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 12:23]
    R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2007-05-07 17:13]
    R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-06-14 18:02]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 12:23]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 12:23]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 21:02]
    R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-06-21 09:19]
    S3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
    S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys []
    S3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 15:15]
    S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 02:05]
    S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 02:05]
    S4 NMSAccessU;NMSAccessU;C:\Documents and Settings\CJ1\Local Settings\Temp\{2DDA757A-8C6E-405B-A313-2EE78C2D30FB}\NMSAccessU.exe []
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb3ab9c-fa9a-11dc-abd2-0013ced813d3}]
    \Shell\AutoRun\command - E:\AutoRun.exe
    
    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder
    .
    - - - - ORPHANS REMOVED - - - -
    
    MSConfigStartUp-BootSkin Startup Jobs - C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe
    MSConfigStartUp-H2O - C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    MSConfigStartUp-IWM Agent - C:\Program Files\IWM\IWM.exe
    MSConfigStartUp-LogonStudio - C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe
    MSConfigStartUp-Ninja Surfing - C:\Program Files\NinjaSurfing\nsurfing.exe
    MSConfigStartUp-NotebookHardwareControl - C:\Program Files\Notebook Hardware Control\nhc.exe
    MSConfigStartUp-NSLauncher - C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
    MSConfigStartUp-PcSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    MSConfigStartUp-ProxyWay - C:\Documents and Settings\CJ1\My Documents\Proxyway\proxyway.exe
    MSConfigStartUp-Skype - C:\Documents and Settings\CJ1\Phone\Skype.exe
    MSConfigStartUp-STYLEXP - C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
    MSConfigStartUp-ussshreg - C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe
    MSConfigStartUp-UVS10 Preload - C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    
    
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\CJ1\Application Data\Mozilla\Firefox\Profiles\kqs5a871.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.co.uk
    .
    
    **************************************************************************
    
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-02 00:24:45
    Windows 5.1.2600 Service Pack 2 NTFS
    
    scanning hidden processes ... 
    
    scanning hidden autostart entries ...
    
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      DLCDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
    
    scanning hidden files ... 
    
    scan completed successfully
    hidden files: 0
    
    **************************************************************************
    .
    Completion time: 2008-09-02  0:28:36
    ComboFix-quarantined-files.txt  2008-09-01 23:28:26
    
    Pre-Run: 19,103,440,896 bytes free
    Post-Run: 19,120,095,232 bytes free
    
    337	--- E O F ---	2008-09-01 07:56:39
    
    HjT log in the next post
     
  5. CJ-real

    CJ-real TS Rookie Topic Starter Posts: 56

    HjT log:
    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 00:37:32, on 02/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\xampp\apache\bin\apache.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\xampp\mysql\bin\mysqld-nt.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\xampp\apache\bin\apache.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\dlcdcoms.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\program files\hijackthis\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9A680A84-DEDA-4EE2-AACC-82F2F4754949}: NameServer = 192.168.1.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe" -k runservice (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    
    Thanks :D
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...