Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijackthis and Combo fix log Please help diagnose


  • This topic is locked This topic is locked
No replies to this topic

#1 pajaropr

pajaropr

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 27 December 2007 - 07:40 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:39 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3071123
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198530789640
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10779 bytes


Combofix log


ComboFix 07-12-21.4 - Tatito 2007-12-26 21:44:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.452 [GMT -5:00]
Running from: C:\Documents and Settings\Tatito\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.

2007-12-25 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-25 17:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-25 12:33 . 2007-11-23 07:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2007-12-25 12:33 . 2007-11-23 07:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2007-12-25 12:33 . 2007-11-23 07:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GTek
2007-12-25 12:33 . 2007-11-23 07:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2007-12-25 12:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll.wusetup.10643703.new
2007-12-25 11:53 . 2007-12-25 11:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-25 11:53 . 2007-12-25 11:53 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\SUPERAntiSpyware.com
2007-12-25 11:53 . 2007-12-25 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-25 11:52 . 2007-12-25 11:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 11:40 . 2007-12-25 11:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-25 11:40 . 2007-12-25 11:40 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-25 11:40 . 2007-12-25 11:40 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-25 11:40 . 2007-12-25 11:40 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-25 11:33 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-25 11:20 . 2007-12-25 11:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 17:19 . 2007-12-26 21:42 <DIR> d-------- C:\Program Files\IntelligentAdvisor
2007-12-23 17:36 . 2007-12-26 21:32 7,534 --a------ C:\WINDOWS\system32\Config.MPF
2007-12-23 17:03 . 2007-12-24 19:31 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-12-23 17:03 . 2007-12-23 17:03 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\SiteAdvisor
2007-12-23 17:03 . 2007-12-23 17:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-23 17:03 . 2007-12-23 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-23 17:01 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-12-23 17:00 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-23 17:00 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-12-23 17:00 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-23 17:00 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-12-23 17:00 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-23 17:00 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-12-23 16:59 . 2007-12-23 16:59 <DIR> d-------- C:\Program Files\McAfee.com
2007-12-23 16:59 . 2007-12-26 10:19 <DIR> d-------- C:\Program Files\McAfee
2007-12-23 16:59 . 2007-12-24 01:31 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-12-23 16:57 . 2007-12-23 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-23 16:40 . 2007-12-23 16:40 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-23 16:40 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-23 16:40 . 2007-12-23 16:40 376 --a------ C:\WINDOWS\ODBC.INI
2007-12-23 16:39 . 2007-12-23 16:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-23 16:38 . 2007-12-23 16:38 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-23 16:36 . 2007-12-23 16:36 <DIR> dr-h----- C:\MSOCache
2007-12-22 22:46 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-22 22:46 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-22 22:45 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-22 22:45 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-22 22:45 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-22 22:45 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-22 22:45 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-22 22:45 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-22 22:45 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-22 22:22 . 2007-12-22 22:22 <DIR> d-------- C:\Program Files\WSfonts
2007-12-22 22:22 . 2007-12-22 22:23 <DIR> d-------- C:\Program Files\Common Files\WORDsearch
2007-12-22 22:22 . 2007-12-22 22:22 <DIR> d-------- C:\Program Files\Bible Explorer 4
2007-12-22 22:22 . 2007-12-22 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\wsc
2007-12-22 22:22 . 2007-12-22 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WORDsearch
2007-12-22 22:22 . 2007-12-22 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{10659AF2-4F35-499C-A058-D29D27AEE138}
2007-12-22 22:22 . 2005-06-15 03:00 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-12-10 11:13 . 2007-12-10 11:13 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\Viewpoint
2007-12-06 22:59 . 2007-12-06 22:59 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\CyberLink
2007-12-05 01:24 . 2007-12-05 01:24 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-04 10:27 . 2007-12-26 21:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-04 10:27 . 2007-12-04 10:27 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-04 10:26 . 2007-12-04 10:26 <DIR> d-------- C:\Program Files\iTunes
2007-12-04 10:26 . 2007-12-04 10:26 <DIR> d-------- C:\Program Files\iPod
2007-12-04 10:26 . 2007-12-09 08:58 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\Apple Computer
2007-12-04 10:25 . 2007-12-04 10:25 <DIR> d-------- C:\Program Files\QuickTime
2007-12-04 10:25 . 2007-12-04 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-04 10:24 . 2007-12-04 10:24 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-04 10:24 . 2007-12-04 10:24 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-04 10:24 . 2007-12-04 10:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-04 10:15 . 2007-12-04 10:15 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\MSNInstaller
2007-12-04 08:20 . 2007-12-24 23:21 <DIR> d-------- C:\Documents and Settings\Tatito\Shared
2007-12-04 08:20 . 2007-12-25 02:24 <DIR> d-------- C:\Documents and Settings\Tatito\Incomplete
2007-12-04 08:20 . 2007-12-25 02:03 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\LimeWire
2007-12-04 08:19 . 2007-12-04 23:35 <DIR> d-------- C:\Program Files\LimeWire
2007-12-04 08:16 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-03 10:45 . 2007-12-03 10:45 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\acccore
2007-12-03 10:44 . 2007-12-24 10:33 <DIR> d-------- C:\Program Files\AIMTunes
2007-12-03 10:44 . 2007-12-03 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-03 10:44 . 2007-12-03 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-03 10:44 . 2007-12-03 10:44 21 --a------ C:\WINDOWS\atid.ini
2007-12-03 10:43 . 2007-12-03 10:45 <DIR> d-------- C:\Program Files\AIM6
2007-12-03 10:39 . 2007-12-03 10:39 2 --a------ C:\WINDOWS\msoffice.ini
2007-12-03 10:18 . 2007-12-03 10:18 <DIR> d--hs---- C:\Documents and Settings\Tatito\UserData
2007-12-03 10:11 . 2007-12-03 10:11 <DIR> d-------- C:\Program Files\Comcast
2007-12-02 02:07 . 2007-12-02 20:52 <DIR> d-------- C:\Program Files\iLuminaPT
2007-12-02 01:13 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-02 01:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-02 01:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-02 01:13 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-02 01:13 . 2007-12-02 01:13 4,128 --a------ C:\INFCACHE.1
2007-12-01 10:29 . 2007-11-23 07:27 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\Roxio
2007-12-01 10:29 . 2007-11-23 07:03 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\InstallShield
2007-12-01 10:29 . 2007-11-23 07:17 <DIR> d--h----- C:\Documents and Settings\Tatito\Application Data\GTek
2007-12-01 10:29 . 2007-11-23 07:08 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\ATI
2007-12-01 10:28 . 2007-11-23 07:27 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Roxio
2007-12-01 10:28 . 2007-11-23 07:03 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield
2007-12-01 10:28 . 2007-11-23 07:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\GTek
2007-12-01 10:28 . 2007-11-23 07:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2007-12-01 10:21 . 2007-12-01 10:21 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 06:27 --------- d-----w C:\Program Files\Google
2007-12-03 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-03 15:44 --------- d-----w C:\Program Files\Viewpoint
2007-12-03 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-03 15:43 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-03 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\silsipa_.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\silmipa_.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\sildipa_.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\sedi.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\sedbi.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\sedb.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\sed.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\lrssys4.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\lrssys3.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\lrssys2.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\lrssys1.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\hebii.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\griii.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\griibi.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\griib.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\grii.fot
2007-11-23 12:27 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2007-11-23 12:24 --------- d-----w C:\Program Files\Microsoft Works
2007-11-23 12:24 --------- d-----w C:\Program Files\EarthLink Setup
2007-11-23 12:24 --------- d-----w C:\Program Files\Dell
2007-11-23 12:23 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2007-11-23 12:23 --------- d-----w C:\Program Files\Real
2007-11-23 12:23 --------- d-----w C:\Program Files\Learn2.com
2007-11-23 12:23 --------- d-----w C:\Program Files\Common Files\Real
2007-11-23 12:23 --------- d-----w C:\Program Files\Common Files\Nullsoft
2007-11-23 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-23 12:22 --------- d-----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
2007-11-23 12:22 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-11-23 12:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-23 12:21 --------- d-----w C:\Program Files\MUSICMATCH
2007-11-23 12:20 --------- d-----w C:\Program Files\Dell DataSafe Online
2007-11-23 12:20 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-23 12:18 --------- d-----w C:\Program Files\Yahoo!
2007-11-23 12:18 --------- d-----w C:\Program Files\Dell Support Center
2007-11-23 12:18 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-11-23 12:18 --------- d-----w C:\Program Files\Common Files\supportsoft
2007-11-23 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2007-11-23 12:17 --------- d-----w C:\Program Files\DellSupport
2007-11-23 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gtek
2007-11-23 12:13 --------- d-----w C:\Program Files\Roxio
2007-11-23 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2007-11-23 12:12 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-23 12:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-23 12:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-23 12:09 --------- d-----w C:\Program Files\NetZeroInstallers
2007-11-23 12:09 --------- d-----w C:\Program Files\Digital Line Detect
2007-11-23 12:09 --------- d-----w C:\Program Files\CyberLink
2007-11-23 12:09 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-11-23 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-23 12:08 --------- d-----w C:\Program Files\NetWaiting
2007-11-23 12:08 --------- d-----w C:\Program Files\Modem Helper
2007-11-23 12:07 --------- d-----w C:\Program Files\Sigmatel
2007-11-23 12:06 --------- d-----w C:\Program Files\CONEXANT
2007-11-23 12:04 --------- d-----w C:\Program Files\AMD
2007-11-23 12:03 --------- d-----w C:\Program Files\Synaptics
2007-11-23 12:03 --------- d-----w C:\Program Files\Broadcom
2007-11-23 12:03 --------- d-----w C:\Program Files\ATI Technologies
2007-11-23 12:00 --------- d-----w C:\Program Files\Java
2007-11-23 12:00 --------- d-----w C:\Program Files\Common Files\Java
2007-11-23 11:59 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-23 11:40 49,152 ----a-w C:\WINDOWS\setpwrcg.exe
2007-11-23 11:39 6,988 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_1501.mrk
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-31 10:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-17 03:16 90,112 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-10-17 03:16 6,684,672 ----a-w C:\WINDOWS\system32\atioglx1.dll
2007-10-17 03:16 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-10-17 03:16 5,148,672 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-10-17 03:16 430,080 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-10-17 03:16 41,984 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-10-17 03:16 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-10-17 03:16 303,104 ----a-w C:\WINDOWS\system32\ATIDEMGR.dll
2007-10-17 03:16 294,912 ----a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
2007-10-17 03:16 294,912 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-10-17 03:16 260,608 ----a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
2007-10-17 03:16 260,608 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-10-17 03:16 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-10-17 03:16 24,064 ----a-w C:\WINDOWS\system32\ativcoxx.dll
2007-10-17 03:16 221,184 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-10-17 03:16 2,518,336 ----a-w C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-10-17 03:16 2,518,336 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-10-17 03:16 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-10-17 03:16 118,784 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-10-17 03:16 106,496 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-10-17 03:16 1,777,152 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-10-17 03:16 1,092,960 ----a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
2007-10-17 03:16 1,092,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]
2007-12-11 16:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 12:47]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 13:29]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 12:06 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 12:40]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-23 07:20]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-06-21 15:06]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-23 07:09:06]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-04 15:24:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-23 21:59:49 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-12-23 21:59:47 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 21:46:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-26 21:46:44
.
2007-12-26 02:11:05 --- E O F ---

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users