"Michael" - 2005-06-27 16:05:10 - ComboFix 07-06-27.7 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2005-05-27 to 2005-06-27 )))))))))))))))))))))))))))))))
2005-06-27 16:04 49,152 --a------ C:\WINDOWS\nircmd.exe
2005-06-27 16:02 <DIR> d-------- C:\bintheredunthat
2005-06-27 15:59 <DIR> d-------- C:\BFU
2005-06-26 16:44 <DIR> d-------- C:\Program Files\Bazooka Scanner
2005-06-26 16:03 <DIR> d-------- C:\Program Files\uTorrent
2005-06-26 16:03 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\uTorrent
2005-06-24 19:51 <DIR> d-------- C:\WINDOWS\Downloaded Installations
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-24 23:06:13 -------- d-----w C:\Program Files\VstPlugins
2007-06-24 23:04:41 -------- d-----w C:\Program Files\Image-Line
2007-06-24 16:40:25 -------- d-----w C:\DOCUME~1\Michael\APPLIC~1\BitTorrent
2007-06-24 16:33:06 -------- d-----w C:\Program Files\BitTorrent
2007-06-24 15:43:14 -------- d-----w C:\DOCUME~1\Michael\APPLIC~1\LimeWire
2007-06-20 22:58:47 -------- d-----w C:\DOCUME~1\Michael\APPLIC~1\Help
2007-06-20 21:34:05 -------- d-----w C:\Program Files\Creative
2007-06-20 21:12:42 126,976 ----a-w C:\WINDOWS\system32\unzdll.dll
2007-06-20 21:12:36 -------- d-----w C:\Program Files\Gateway
2007-06-20 02:20:39 -------- d-----w C:\Program Files\Lavasoft
2007-06-20 02:20:16 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-20 02:18:01 -------- d-----w C:\Program Files\MSXML 6.0
2007-06-20 02:17:28 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-06-20 02:02:13 -------- d-----w C:\Program Files\MSBuild
2007-06-20 01:59:06 -------- d-----w C:\Program Files\Reference Assemblies
2007-06-20 01:35:50 -------- d-----w C:\DOCUME~1\Michael\APPLIC~1\X-Setup Pro
2007-06-20 01:15:56 -------- d-----w C:\Program Files\Messenger
2007-06-20 01:06:20 -------- d-----w C:\Program Files\GameFace Messenger
2007-06-20 01:06:08 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-20 00:41:37 -------- d-----w C:\DOCUME~1\Michael\APPLIC~1\acccore
2007-06-20 00:41:25 -------- d-----w C:\Program Files\AIM6
2007-06-20 00:40:57 -------- d-----w C:\Program Files\Viewpoint
2007-06-20 00:40:46 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-20 00:40:42 335 ----a-w C:\WINDOWS\nsreg.dat
2007-06-20 00:36:15 1,280 ----a-w C:\WINDOWS\checkip.dat
2007-06-20 00:33:11 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-20 00:33:04 -------- d-----w C:\Program Files\NETGEAR
2007-06-20 00:29:32 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-20 00:29:08 -------- d-----w C:\Program Files\ASUSTeK
2007-06-20 00:28:04 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-20 00:27:12 -------- d-----w C:\Program Files\ITE
2007-06-20 00:25:11 -------- d-----w C:\Program Files\AMD
2007-06-20 00:24:16 -------- d-----w C:\Program Files\Realtek AC97
2007-06-20 00:21:58 8 ----a-w C:\DFIMB.DAT
2007-06-20 00:17:12 -------- d-----w C:\Program Files\microsoft frontpage
2007-06-20 00:16:48 0 --sha-r C:\MSDOS.SYS
2007-06-20 00:16:48 0 --sha-r C:\IO.SYS
2007-06-20 00:16:48 0 ----a-w C:\CONFIG.SYS
2007-06-20 00:16:48 0 ----a-w C:\AUTOEXEC.BAT
2007-06-20 00:15:25 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-20 00:14:45 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-06-20 00:14:37 -------- d-----w C:\Program Files\Movie Maker
2007-06-20 00:13:02 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-20 00:12:44 -------- d-----w C:\Program Files\Online Services
2007-06-20 00:12:26 -------- d-----w C:\Program Files\Windows Plus
2007-06-20 00:11:00 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-20 00:10:53 -------- d-----w C:\Program Files\Windows NT
2007-06-19 20:05:02 -------- d-----w C:\Program Files\Common Files\ODBC
2007-06-19 20:04:59 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 19:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-03-23 10:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 10:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 00:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2007-02-07 09:22:24 194,304 ----a-w C:\WINDOWS\system32\drivers\wg111v2.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
2006-12-04 20:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
2006-12-04 18:37:58 1,317,648 ----a-w C:\WINDOWS\system32\msxml6.dll
2006-11-13 06:02:58 36,352 ------w C:\WINDOWS\system32\tsgqec.dll
2006-11-13 06:02:58 288,768 ------w C:\WINDOWS\system32\rhttpaa.dll
2006-11-13 06:02:58 116,736 ------w C:\WINDOWS\system32\aaclient.dll
2006-11-13 06:02:58 1,866,240 ----a-w C:\WINDOWS\system32\mstscax.dll
2006-11-08 01:03:36 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2006-11-08 01:03:36 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2006-11-07 08:06:47 600,576 ----a-w C:\WINDOWS\system32\mstsc.exe
2006-11-07 07:26:44 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2006-11-07 07:26:42 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2006-11-01 19:17:45 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
2006-10-30 07:33:58 9,480 ----a-w C:\WINDOWS\system32\icardres.dll
2006-10-30 07:33:58 83,968 ----a-w C:\WINDOWS\system32\infocardapi.dll
2006-10-30 07:33:58 556,296 ----a-w C:\WINDOWS\system32\icardagt.exe
2006-10-24 16:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll
2006-10-24 16:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll
2006-10-24 16:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll
2006-10-24 16:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll
2006-10-21 01:30:06 1,980,704 ----a-w C:\WINDOWS\system32\milcore.dll
2006-10-21 01:30:02 769,312 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2006-10-21 01:30:00 478,496 ----a-w C:\WINDOWS\system32\evr.dll
2006-10-21 01:29:58 344,352 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2006-10-21 01:29:54 159,008 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2005-12-09 15:06 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SmartGuardian"="C:\Program Files\ITE\Smart Guardian\ITESMART.exe" [2006-01-18 09:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 08:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=1 (0x1)
"NoStartMenuEjectPC"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4edbdd5d-1e9f-11dc-b629-806d6172696f}]
AutoRun\command- D:\SetupWizard.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4edbdd5e-1e9f-11dc-b629-806d6172696f}]
AutoRun\command- E:\autorun.exe
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.netRootkit scan 2005-06-27 16:06:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2005-06-27 16:06:19
--- E O F ---
________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 4:21:24 PM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael\Desktop\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESMART.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
______________________________________________________________
i just restarted after running combofix and hijackthis, and most everything seems to be back in order. i noticed after running bfu, it put the ie icon back on the desktop and made it my default search engine, and when it was done, brought up the "my documents" folder. task manager comes up again, and when i try to run regedit it now comes up again too. i just ran adaware 07' and it said i just had some cookies, however aim still doesnt connect, which usually tells me something is wrong. if you notice my date is wrong, i know, i have to tell it its 2005 to run fruity loops and get the producer edition being that the reg is from 2005, hope that helps somebody. this whole problem is from a bad fruity loops dl from limewire, the wal-mart of worms. thanks man.
Show Posts