Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:13 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Internet Download Manager\IDMan .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Documents and Settings\Alan\My Documents\Downloads\Programs\HiJackThis_2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddcca.exe
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2803275e-2319-48ce-8dd8-8c8bb683e071} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B7911934-3BA1-4AB3-AD73-EA426C804D85} - C:\WINDOWS\system32\ddcca.dll (file missing)
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\khffddb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan .exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: khffddb - khffddb.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
--
End of file - 6094 bytes
COMBOFIX LOG
ComboFix 08-01-29.3 - Alan 2008-01-28 22:31:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.149 [GMT -6:00]
Running from: C:\Documents and Settings\Alan\My Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
C:\WINDOWS\system32\iyuemdei.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\spaxtmng.ini
C:\WINDOWS\system32\wnkqgkgn.ini
C:\WINDOWS\win32t4.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.
2008-01-28 22:34 . 2008-01-28 22:34 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-28 17:10 . 2008-01-28 17:10 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-01-28 17:10 . 2007-12-06 18:12 110,592 --a------ C:\WINDOWS\system32\SynTPCo4.dll
2008-01-27 23:36 . 2008-01-27 23:36 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-01-27 23:36 . 2007-11-20 19:09 104,320 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-01-27 23:35 . 2008-01-27 23:35 <DIR> d-------- C:\Program Files\ATI Technologies
2008-01-27 23:32 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-01-27 20:08 . 2008-01-27 23:30 <DIR> d-------- C:\Program Files\Driver Magician
2008-01-27 20:08 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-01-27 20:08 . 2005-01-12 11:19 456,536 --a------ C:\WINDOWS\system32\XCEEDZIP.DLL
2008-01-27 20:08 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-01-27 20:08 . 2004-03-09 00:00 152,848 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-01-27 20:08 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\system32\Msinet.ocx
2008-01-27 20:08 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-01-27 19:10 . 2008-01-27 19:10 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-01-27 18:45 . 2008-01-28 22:20 <DIR> d-------- C:\VundoFix Backups
2008-01-27 16:30 . 2008-01-27 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-27 14:59 . 2008-01-27 14:59 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-27 14:59 . 2008-01-27 15:01 <DIR> d-------- C:\Program Files\CCleaner
2008-01-27 12:50 . 2008-01-27 12:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-27 12:50 . 2008-01-28 16:53 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\AVG7
2008-01-27 12:50 . 2008-01-27 12:50 86,144 --a------ C:\WINDOWS\system32\drivers\isapnpp.sys
2008-01-27 12:49 . 2008-01-27 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-27 12:49 . 2008-01-27 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-27 02:35 . 2008-01-27 16:25 336 --a------ C:\WINDOWS\wininit.ini
2008-01-27 00:42 . 2008-01-27 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 17:32 . 2008-01-26 17:32 <DIR> d-------- C:\Program Files\zAlternator
2008-01-22 22:14 . 2008-01-27 20:05 67 --a------ C:\WINDOWS\IDMan .INI
2008-01-20 22:00 . 2008-01-27 12:41 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-20 21:58 . 2008-01-20 21:58 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-01-20 21:58 . 2008-01-20 21:58 <DIR> d-------- C:\WINDOWS\srchasst
2008-01-20 21:58 . 2008-01-20 21:58 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-01-18 01:33 . 2008-01-18 01:33 <DIR> d-------- C:\Documents and Settings\Alan\Incomplete
2008-01-18 01:26 . 2008-01-18 01:35 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\FrostWire
2008-01-18 01:25 . 2008-01-18 01:26 <DIR> d-------- C:\Program Files\FrostWire
2008-01-17 20:08 . 2008-01-17 20:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-17 20:03 . 2008-01-17 20:03 <DIR> d-------- C:\Program Files\MediaMonkey
2008-01-14 21:00 . 2008-01-26 12:05 <DIR> d-------- C:\Program Files\PartyGaming
2008-01-13 13:24 . 2008-01-13 13:24 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-13 13:24 . 2008-01-13 13:24 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2008-01-13 13:22 . 2008-01-27 14:31 <DIR> d-------- C:\Program Files\Zune
2008-01-10 23:45 . 2008-01-10 23:45 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\Apple Computer
2008-01-08 17:38 . 2007-11-07 03:50 727,040 --a------ C:\WINDOWS\system32\dllcache\lsasrv.dll
2008-01-08 17:38 . 2007-10-30 11:20 360,064 --a------ C:\WINDOWS\system32\dllcache\tcpip.sys
2008-01-06 17:39 . 2008-01-06 17:39 <DIR> d-------- C:\Program Files\Veoh Networks
2007-12-30 23:39 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2007-12-30 23:38 . 2007-12-30 23:45 <DIR> d-------- C:\Program Files\Total Video Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 22:53 --------- d-----w C:\Documents and Settings\Alan\Application Data\DMCache
2008-01-28 21:17 --------- d-----w C:\Documents and Settings\Alan\Application Data\uTorrent
2008-01-28 05:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 05:36 --------- d-----w C:\Program Files\Realtek
2008-01-28 05:27 --------- d-----w C:\Documents and Settings\Alan\Application Data\IDM
2008-01-27 20:52 --------- d-----w C:\Documents and Settings\Alan\Application Data\mIRC
2008-01-27 20:50 --------- d-----w C:\Program Files\AIM
2008-01-27 20:31 --------- d-----w C:\Program Files\QuickTime
2008-01-27 20:31 --------- d-----w C:\Program Files\Internet Download Manager
2008-01-27 20:31 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-22 05:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-24 19:34 --------- d-----w C:\Documents and Settings\Alan\Application Data\Wootalyzer
2007-12-08 05:30 --------- d-----w C:\Program Files\Symbian OS Tools
2007-12-08 05:30 --------- d-----w C:\Program Files\Common Files\Symbian
2007-12-08 05:29 --------- d-----w C:\Documents and Settings\Alan\Application Data\InstallShield
2007-12-06 23:41 220,032 ----a-w C:\WINDOWS\system32\drivers\SynTP.sys
2007-08-22 04:23 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-08-22 04:23 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-08-22 04:23 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007082120070822\index.dat
2007-08-22 04:23 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
[code]
----a-w 67,112 2008-01-27 18:41:19 C:\Program Files\AIM\aim .exe
----a-w 167,368 2008-01-27 18:41:16 C:\Program Files\DAEMON Tools\daemon .exe
----a-w 878,848 2008-01-27 18:41:17 C:\Program Files\Internet Download Manager\IDMan .exe
----a-w 132,496 2008-01-27 18:41:13 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 286,720 2008-01-27 18:41:13 C:\Program Files\QuickTime\QTTask .exe
----a-w 1,460,560 2008-01-27 18:41:25 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 774,233 2008-01-27 18:41:14 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 3,481,600 2008-01-27 18:41:23 C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
----a-w 166,304 2008-01-27 18:41:14 C:\Program Files\Zune\ZuneLauncher .exe
----a-w 15,360 2008-01-27 18:41:17 C:\WINDOWS\system32\ctfmon .exe
[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7911934-3BA1-4AB3-AD73-EA426C804D85}]
C:\WINDOWS\system32\ddcca.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [ ]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan .exe" [2008-01-27 12:41 878848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-27 12:41 286720]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-27 12:49 579072]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 15:52 16841216 C:\WINDOWS\RTHDCPL.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 17:20 1024000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-27 12:49 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-10-10 17:47 124928 C:\WINDOWS\system32\advpack.dll]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffddb]
khffddb.dll
R1 isapnpp;isapnpp;C:\WINDOWS\system32\drivers\isapnpp.sys [2008-01-27 12:50]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 21:51]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6b21553-5067-11dc-a332-0016d4f9717c}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6b21554-5067-11dc-a332-0016d4f9717c}]
\Shell\AutoRun\command - G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-27 14:07:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 22:35:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
r Running Proce
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Download Manager\IDMan .exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\WINDOWS\system32\ZuneBusEnum.exe
.
**************************************************************************
.
Completion time: 2008-01-28 22:36:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-29 04:36:55
.
2008-01-14 21:30:44 --- E O F ---
