So my comp had been slow for the past couple of days, and yesterday it just randomly shut down and when I started it back up it froze. Anyways, I had some time today and went through Osiris's guide. Through the scannings I found a couple of Trojans in win32 and I think I deleted them, but just in case could you guys take a look at my logs? Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:18, on 2/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1201108691495
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201111902218
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FA321D1-4CEB-4ACA-A79E-90901D650B46}: NameServer = 167.206.245.130,167.206.245.129
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 6225 bytes
ComboFix 09-02-28.01 - mike 2009-02-28 21:20:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.426 [GMT -5:00]
Running from: c:\documents and settings\mike\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090228-0] *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\program files\mm.BOT
c:\program files\mm.BOT\Config\mm.LifeCheck.ini
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.CH
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.ID
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.PK
c:\program files\mm.BOT\Copy of Config\Config.ini
c:\program files\mm.BOT\Copy of Config\CSZonSequence.txt
c:\program files\mm.BOT\Copy of Config\HammerdinSequence.txt
c:\program files\mm.BOT\Copy of Config\mm.BOT.ini
c:\program files\mm.BOT\Copy of Config\mm.BOT.Sequences.ini
c:\program files\mm.BOT\Copy of Config\mm.BotState.ini
c:\program files\mm.BOT\Copy of Config\mm.LifeCheck.ini
c:\program files\mm.BOT\Copy of Config\mm.MultiKeys.ini
c:\program files\mm.BOT\Copy of Config\mm.PKID.ini
c:\program files\mm.BOT\Copy of Config\mm.PlayKeys.ini
c:\program files\mm.BOT\Copy of Config\mmcl.PKID.Compiler.exe
c:\program files\mm.BOT\Copy of Config\NecroSequence.txt
c:\program files\mm.BOT\Copy of Config\SorcSequence.txt
c:\program files\mm.BOT\Copy of Config\System\d2-cdkey.exe
c:\program files\mm.BOT\Copy of Config\System\listfile.dat
c:\program files\mm.BOT\Copy of Config\System\LMPQAPI.DLL
c:\program files\mm.BOT\Copy of Config\System\mm.Boxes.Ref.ini
c:\program files\mm.BOT\Copy of Config\System\mm.PKID.Ref
c:\program files\mm.BOT\Copy of Config\System\mm.PKID.Usr.CH
c:\program files\mm.BOT\Copy of Config\System\mm.PKID.Usr.ID
c:\program files\mm.BOT\Copy of Config\System\mm.PKID.Usr.PK
c:\program files\mm.BOT\Copy of Config\System\MPQ2K.exe
c:\program files\mm.BOT\Copy of Config\System\OrbReference.ini
c:\program files\mm.BOT\Copy of Config\System\Process.exe
c:\program files\mm.BOT\Copy of Config\System\SFmpq.dll
c:\program files\mm.BOT\Copy of Config\System\staredit.exe
c:\program files\mm.BOT\Copy of Config\System\Storm.dll
c:\program files\mm.BOT\Copy of Config\WindDruidSequence.txt
c:\program files\mm.BOT\Logs\Compiler.txt
c:\program files\mm.BOT\Logs\Good_Items.txt
c:\program files\mm.BOT\Logs\LifeCheck.txt
c:\program files\mm.BOT\Logs\Picked_Items.txt
c:\program files\mm.BOT\Logs\ScanDrop_Items.txt
c:\program files\mm.BOT\Logs\Sold_Items.txt
c:\program files\mm.BOT\Scripts\ACT1_5NEWEST.log
c:\program files\mm.BOT\Scripts\Andy\Andy.au3
c:\program files\mm.BOT\Scripts\Andy\Andy_WP.au3
c:\program files\mm.BOT\Scripts\Andy\AndyFocus.au3
c:\program files\mm.BOT\Scripts\Andy\KukBot.log
c:\program files\mm.BOT\Scripts\Andy\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\Bot.log
c:\program files\mm.BOT\Scripts\Config.ini
c:\program files\mm.BOT\Scripts\CTA.au3
c:\program files\mm.BOT\Scripts\Meph\KukBot.log
c:\program files\mm.BOT\Scripts\Meph\Meph.au3
c:\program files\mm.BOT\Scripts\Meph\Meph_WP.au3
c:\program files\mm.BOT\Scripts\Meph\MephFocus.au3
c:\program files\mm.BOT\Scripts\Meph\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\PotBot.exe
c:\program files\mm.BOT\Scripts\PotThread.exe
c:\program files\mm.BOT\Scripts\RECOVER_NEWST_SCR.exe
c:\program files\mm.BOT\Scripts\safe_seq.ini
c:\program files\mm.BOT\Scripts\SafeMainSeq.ini
c:\program files\mm.BOT\Scripts\safestarter.au3
c:\program files\mm.BOT\Scripts\safestarter.ini
c:\program files\mm.BOT\Scripts\Shenk\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\Shenk\ShenkFocus.au3
c:\program files\mm.BOT\Scripts\StartPotthread.exe
c:\program files\mm.BOT\Scripts\Trav\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\Trav\TravFocus.au3
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UACD.SYS
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))))
.
2009-02-28 20:02 . 2009-02-28 20:02 <DIR> d-------- c:\documents and settings\mike\Application Data\Malwarebytes
2009-02-28 20:02 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-28 20:01 . 2009-02-28 20:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 20:01 . 2009-02-28 20:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-28 20:01 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-28 19:30 . 2009-02-28 19:30 <DIR> d-------- C:\VundoFix Backups
2009-02-28 19:09 . 2009-02-28 19:09 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 19:01 . 2009-02-28 19:01 <DIR> d-------- c:\program files\CCleaner
2009-02-28 18:55 . 2009-02-28 18:55 <DIR> d-------- c:\program files\CleanUp!
2009-02-28 18:48 . 2009-02-28 18:48 <DIR> d-------- c:\program files\MSConfig CleanUp
2009-02-27 19:23 . 2009-02-27 19:35 <DIR> d-------- c:\program files\Diablo II 3
2009-02-27 11:07 . 2009-02-27 11:07 <DIR> d-------- c:\program files\Alwil Software
2009-02-24 21:49 . 2009-02-24 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-24 21:27 . 2009-02-24 21:27 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-02-17 00:33 . 2009-02-17 00:33 268 --ah----- C:\sqmdata07.sqm
2009-02-17 00:33 . 2009-02-17 00:33 244 --ah----- C:\sqmnoopt07.sqm
2009-02-16 22:15 . 2008-11-02 01:06 847,360 --a------ c:\windows\system32\JS32.dll
2009-02-16 22:07 . 2009-02-16 22:10 <DIR> d-------- c:\program files\Diablo II bot
2009-02-13 23:42 . 2009-02-13 23:42 <DIR> d-------- C:\Sandbox
2009-02-13 23:41 . 2009-02-13 23:41 <DIR> d-------- c:\program files\Sandboxie
2009-02-13 23:41 . 2009-02-27 20:13 1,374 --a------ c:\windows\Sandboxie.ini
2009-02-13 23:27 . 2009-02-27 21:12 <DIR> d-------- c:\program files\Diablo II 2
2009-02-13 20:58 . 2009-02-13 20:58 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-13 20:26 . 2009-02-27 20:43 <DIR> d-------- c:\program files\mIRC
2009-02-13 20:26 . 2009-02-27 23:38 <DIR> d-------- c:\documents and settings\mike\Application Data\mIRC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 23:51 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-28 23:51 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-28 23:19 --------- d-----w c:\program files\Sierra On-Line
2009-02-28 23:06 --------- d-----w c:\documents and settings\mike\Application Data\OpenOffice.org2
2009-02-28 04:38 --------- d-----w c:\program files\Diablo II
2009-02-27 16:02 --------- d-----w c:\program files\a-squared Anti-Malware
2009-02-23 00:32 --------- d-----w c:\program files\MediaCoder
2009-02-21 17:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-21 03:10 --------- d-----w c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-02-21 03:10 --------- d-----w c:\program files\Digital Guitar Tuner 2.3
2009-02-19 16:02 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-16 19:17 --------- d-----w c:\documents and settings\Yosley\Application Data\Apple Computer
2009-02-14 01:57 --------- d-----w c:\program files\Java
2009-02-09 02:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-09 02:32 --------- d-----w c:\program files\EA GAMES
2009-02-08 19:33 --------- d-----w c:\documents and settings\mike\Application Data\uTorrent
2009-01-25 03:37 --------- d-----w c:\program files\Paradox Interactive
2009-01-24 04:30 --------- d-----w c:\documents and settings\mike\Application Data\U3
2009-01-20 00:44 --------- d-----w c:\program files\Common Files\3DO Shared
2009-01-20 00:44 --------- d-----w c:\program files\3DO
2009-01-19 06:22 --------- d-----w c:\program files\uTorrent
2009-01-11 02:14 --------- d-----w c:\documents and settings\mike\Application Data\Gearbox Software
2008-09-15 22:38 0 ----a-w c:\documents and settings\mike\ck-purge.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\Bf2_w32ded.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"c:\\Program Files\\Strategy First\\Europa Universalis 2\\EU2.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\mike\\Desktop\\New Folder (2)\\System\\EiB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-27 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-27 20560]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2008-01-23 41025]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2009-01-05 103936]
.
Contents of the 'Scheduled Tasks' folder
2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\mike\Application Data\Mozilla\Firefox\Profiles\en8u1vpy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 21:26:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-28 21:30:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-01 02:30:09
Pre-Run: 68,662,644,736 bytes free
Post-Run: 68,545,720,320 bytes free
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
223 --- E O F --- 2008-06-11 02:39:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:18, on 2/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1201108691495
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201111902218
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FA321D1-4CEB-4ACA-A79E-90901D650B46}: NameServer = 167.206.245.130,167.206.245.129
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 6225 bytes
ComboFix 09-02-28.01 - mike 2009-02-28 21:20:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.426 [GMT -5:00]
Running from: c:\documents and settings\mike\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090228-0] *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\program files\mm.BOT
c:\program files\mm.BOT\Config\mm.LifeCheck.ini
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.CH
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.ID
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.PK
c:\program files\mm.BOT\Copy of Config\Config.ini
c:\program files\mm.BOT\Copy of Config\CSZonSequence.txt
c:\program files\mm.BOT\Copy of Config\HammerdinSequence.txt
c:\program files\mm.BOT\Copy of Config\mm.BOT.ini
c:\program files\mm.BOT\Copy of Config\mm.BOT.Sequences.ini
c:\program files\mm.BOT\Copy of Config\mm.BotState.ini
c:\program files\mm.BOT\Copy of Config\mm.LifeCheck.ini
c:\program files\mm.BOT\Copy of Config\mm.MultiKeys.ini
c:\program files\mm.BOT\Copy of Config\mm.PKID.ini
c:\program files\mm.BOT\Copy of Config\mm.PlayKeys.ini
c:\program files\mm.BOT\Copy of Config\mmcl.PKID.Compiler.exe
c:\program files\mm.BOT\Copy of Config\NecroSequence.txt
c:\program files\mm.BOT\Copy of Config\SorcSequence.txt
c:\program files\mm.BOT\Copy of Config\System\d2-cdkey.exe
c:\program files\mm.BOT\Copy of Config\System\listfile.dat
c:\program files\mm.BOT\Copy of Config\System\LMPQAPI.DLL
c:\program files\mm.BOT\Copy of Config\System\mm.Boxes.Ref.ini
c:\program files\mm.BOT\Copy of Config\System\mm.PKID.Ref
c:\program files\mm.BOT\Copy of Config\System\mm.PKID.Usr.CH
c:\program files\mm.BOT\Copy of Config\System\mm.PKID.Usr.ID
c:\program files\mm.BOT\Copy of Config\System\mm.PKID.Usr.PK
c:\program files\mm.BOT\Copy of Config\System\MPQ2K.exe
c:\program files\mm.BOT\Copy of Config\System\OrbReference.ini
c:\program files\mm.BOT\Copy of Config\System\Process.exe
c:\program files\mm.BOT\Copy of Config\System\SFmpq.dll
c:\program files\mm.BOT\Copy of Config\System\staredit.exe
c:\program files\mm.BOT\Copy of Config\System\Storm.dll
c:\program files\mm.BOT\Copy of Config\WindDruidSequence.txt
c:\program files\mm.BOT\Logs\Compiler.txt
c:\program files\mm.BOT\Logs\Good_Items.txt
c:\program files\mm.BOT\Logs\LifeCheck.txt
c:\program files\mm.BOT\Logs\Picked_Items.txt
c:\program files\mm.BOT\Logs\ScanDrop_Items.txt
c:\program files\mm.BOT\Logs\Sold_Items.txt
c:\program files\mm.BOT\Scripts\ACT1_5NEWEST.log
c:\program files\mm.BOT\Scripts\Andy\Andy.au3
c:\program files\mm.BOT\Scripts\Andy\Andy_WP.au3
c:\program files\mm.BOT\Scripts\Andy\AndyFocus.au3
c:\program files\mm.BOT\Scripts\Andy\KukBot.log
c:\program files\mm.BOT\Scripts\Andy\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\Bot.log
c:\program files\mm.BOT\Scripts\Config.ini
c:\program files\mm.BOT\Scripts\CTA.au3
c:\program files\mm.BOT\Scripts\Meph\KukBot.log
c:\program files\mm.BOT\Scripts\Meph\Meph.au3
c:\program files\mm.BOT\Scripts\Meph\Meph_WP.au3
c:\program files\mm.BOT\Scripts\Meph\MephFocus.au3
c:\program files\mm.BOT\Scripts\Meph\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\PotBot.exe
c:\program files\mm.BOT\Scripts\PotThread.exe
c:\program files\mm.BOT\Scripts\RECOVER_NEWST_SCR.exe
c:\program files\mm.BOT\Scripts\safe_seq.ini
c:\program files\mm.BOT\Scripts\SafeMainSeq.ini
c:\program files\mm.BOT\Scripts\safestarter.au3
c:\program files\mm.BOT\Scripts\safestarter.ini
c:\program files\mm.BOT\Scripts\Shenk\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\Shenk\ShenkFocus.au3
c:\program files\mm.BOT\Scripts\StartPotthread.exe
c:\program files\mm.BOT\Scripts\Trav\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\Trav\TravFocus.au3
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UACD.SYS
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))))
.
2009-02-28 20:02 . 2009-02-28 20:02 <DIR> d-------- c:\documents and settings\mike\Application Data\Malwarebytes
2009-02-28 20:02 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-28 20:01 . 2009-02-28 20:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 20:01 . 2009-02-28 20:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-28 20:01 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-28 19:30 . 2009-02-28 19:30 <DIR> d-------- C:\VundoFix Backups
2009-02-28 19:09 . 2009-02-28 19:09 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 19:01 . 2009-02-28 19:01 <DIR> d-------- c:\program files\CCleaner
2009-02-28 18:55 . 2009-02-28 18:55 <DIR> d-------- c:\program files\CleanUp!
2009-02-28 18:48 . 2009-02-28 18:48 <DIR> d-------- c:\program files\MSConfig CleanUp
2009-02-27 19:23 . 2009-02-27 19:35 <DIR> d-------- c:\program files\Diablo II 3
2009-02-27 11:07 . 2009-02-27 11:07 <DIR> d-------- c:\program files\Alwil Software
2009-02-24 21:49 . 2009-02-24 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-24 21:27 . 2009-02-24 21:27 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-02-17 00:33 . 2009-02-17 00:33 268 --ah----- C:\sqmdata07.sqm
2009-02-17 00:33 . 2009-02-17 00:33 244 --ah----- C:\sqmnoopt07.sqm
2009-02-16 22:15 . 2008-11-02 01:06 847,360 --a------ c:\windows\system32\JS32.dll
2009-02-16 22:07 . 2009-02-16 22:10 <DIR> d-------- c:\program files\Diablo II bot
2009-02-13 23:42 . 2009-02-13 23:42 <DIR> d-------- C:\Sandbox
2009-02-13 23:41 . 2009-02-13 23:41 <DIR> d-------- c:\program files\Sandboxie
2009-02-13 23:41 . 2009-02-27 20:13 1,374 --a------ c:\windows\Sandboxie.ini
2009-02-13 23:27 . 2009-02-27 21:12 <DIR> d-------- c:\program files\Diablo II 2
2009-02-13 20:58 . 2009-02-13 20:58 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-13 20:26 . 2009-02-27 20:43 <DIR> d-------- c:\program files\mIRC
2009-02-13 20:26 . 2009-02-27 23:38 <DIR> d-------- c:\documents and settings\mike\Application Data\mIRC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 23:51 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-28 23:51 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-28 23:19 --------- d-----w c:\program files\Sierra On-Line
2009-02-28 23:06 --------- d-----w c:\documents and settings\mike\Application Data\OpenOffice.org2
2009-02-28 04:38 --------- d-----w c:\program files\Diablo II
2009-02-27 16:02 --------- d-----w c:\program files\a-squared Anti-Malware
2009-02-23 00:32 --------- d-----w c:\program files\MediaCoder
2009-02-21 17:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-21 03:10 --------- d-----w c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-02-21 03:10 --------- d-----w c:\program files\Digital Guitar Tuner 2.3
2009-02-19 16:02 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-16 19:17 --------- d-----w c:\documents and settings\Yosley\Application Data\Apple Computer
2009-02-14 01:57 --------- d-----w c:\program files\Java
2009-02-09 02:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-09 02:32 --------- d-----w c:\program files\EA GAMES
2009-02-08 19:33 --------- d-----w c:\documents and settings\mike\Application Data\uTorrent
2009-01-25 03:37 --------- d-----w c:\program files\Paradox Interactive
2009-01-24 04:30 --------- d-----w c:\documents and settings\mike\Application Data\U3
2009-01-20 00:44 --------- d-----w c:\program files\Common Files\3DO Shared
2009-01-20 00:44 --------- d-----w c:\program files\3DO
2009-01-19 06:22 --------- d-----w c:\program files\uTorrent
2009-01-11 02:14 --------- d-----w c:\documents and settings\mike\Application Data\Gearbox Software
2008-09-15 22:38 0 ----a-w c:\documents and settings\mike\ck-purge.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\Bf2_w32ded.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"c:\\Program Files\\Strategy First\\Europa Universalis 2\\EU2.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\mike\\Desktop\\New Folder (2)\\System\\EiB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-27 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-27 20560]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2008-01-23 41025]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2009-01-05 103936]
.
Contents of the 'Scheduled Tasks' folder
2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\mike\Application Data\Mozilla\Firefox\Profiles\en8u1vpy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 21:26:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-28 21:30:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-01 02:30:09
Pre-Run: 68,662,644,736 bytes free
Post-Run: 68,545,720,320 bytes free
Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
223 --- E O F --- 2008-06-11 02:39:17