Thread: IE opens several windows at computer startup
View Single Post
Join Date: Feb 2008
Posts: 14
Reputation: capt Gary is an unknown quantity at this point 
Solved Threads: 0
capt Gary capt Gary is offline Offline
Newbie Poster

Re: IE opens several windows at computer startup

 
0
  #6
Feb 4th, 2008
log from combo


ComboFix 08-02.03.1 - Administrator 2008-02-04 10:09:53.1 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\gimmygames1.dat
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\winsysupd51.dat

.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-03 18:09 . 2008-02-03 18:25 <DIR> d-------- C:\Documents and Settings\Private\.housecall6.6
2008-02-03 16:27 . 2008-02-04 09:56 <DIR> d-------- C:\Documents and Settings\Private\Application Data\AVG7
2008-02-03 16:27 . 2008-02-03 16:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-03 16:26 . 2008-02-03 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-03 16:26 . 2008-02-03 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-23 14:00 . 2008-01-23 14:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-23 13:29 . 2008-01-23 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-01-23 13:19 . 2008-01-23 13:21 <DIR> d-------- C:\WINDOWS\nview
2008-01-23 13:19 . 2008-02-04 09:54 81,191 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-16 16:40 . 2008-01-16 16:46 104,996 --a------ C:\WINDOWS\HPFins09.dat
2008-01-16 16:40 . 2005-11-01 06:29 3,732 --------- C:\WINDOWS\hpfmdl09.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 09:34 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-04 09:34 60,800 -c--a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-04 09:34 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-04 09:34 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-04 09:34 --------- d-----w C:\Program Files\Symantec
2008-02-04 09:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-04 09:28 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-27 19:09 --------- d-----w C:\Program Files\Common Files\cdrdao
2008-01-21 17:46 67,720 -c--a-w C:\Documents and Settings\Private\Application Data\GDIPFONTCACHEV1.DAT
2008-01-16 19:45 --------- d-----w C:\Program Files\HP
2007-12-24 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2006-07-28 04:16 356,352 -c----w C:\Documents and Settings\Private\cwshredder.dll
2005-09-24 03:49 12,288 -c----w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-03 18:48 219136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser MOUSE\mouse32a.exe" [2004-03-26 16:55 360448]
"VTPreset"="VTPreset.exe" [2004-02-24 20:17 45056 C:\WINDOWS\system32\VTPreset.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-12 11:30 53408]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-01-27 14:17 1381376]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-12 01:43 7630848]
"nwiz"="nwiz.exe" [2006-08-12 01:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-12 01:43 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-03 18:48 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-03 18:48 219136]

C:\Documents and Settings\Private\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-12-25 11:46:03 155648]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2004-03-27 00:21:05 45056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AudioDeck.lnk - C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2004-10-19 13:21:22 581632]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\WINDOWS\Installer\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}\A94AAB13.exe [2006-01-21 11:59:48 30720]
PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe [2007-05-05 15:35:10 552960]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2006-10-23 11:02:00 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
WgaLogon.dll

S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-04 04:56]
S3 EraserUtilDrv10733;EraserUtilDrv10733;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys []
S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys []
S3 FLASHSYS;FLASHSYS;C:\WINDOWS\system32\DRIVERS\FLASHSYS.sys []
S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys [2006-12-26 14:08]
S3 SetupNTGLM7X;SetupNTGLM7X;C:\PROGRA~1\MSI\LIVEUP~1\NTGLM7X.sys [2006-06-23 17:02]
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 16:45]
S3 WEBNTACCESS;WEBNTACCESS;C:\WINDOWS\system32\NTACCESS.SYS []
S3 WLAN; Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\wlanNDS.sys [2001-12-11 22:06]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-31 17:01:31 C:\WINDOWS\Tasks\cleanmgr.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-01-30 16:00:16 C:\WINDOWS\Tasks\dfrg.job"
- C:\WINDOWS\system32\dfrg.msc
"2008-02-01 12:30:00 C:\WINDOWS\Tasks\LiveUpdate - Norton AntiVirus.job"
- C:\PROGRA~1\Symantec\LIVEUP~1\LUALL.EXE
"2008-01-29 14:11:04 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Private.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 10:13:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-02-04 10:15:02
ComboFix-quarantined-files.txt 2008-02-04 13:14:10
.
2008-01-09 19:51:37 --- E O F ---