Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hi..I'm newbie

Started by KIZzz , Dec 02 2008 02:28 PM

  • Please log in to reply

#1
KIZzz
Posted 02 December 2008 - 02:28 PM

KIZzz

    New Member

  • Member
  • Pip
  • 1 posts
ComboFix 08-12-01.03 - Apple 2008-12-03 2:43:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.656 [GMT 7:00]
Running from: d:\mozilla`s file\ComboFix.exe
Command switches used :: d:\mozilla`s file\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-03 02:31 . 2008-12-03 02:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\LightScribe
2008-12-03 01:34 . 2008-12-03 01:34 <DIR> d-------- c:\program files\Nero
2008-12-03 01:34 . 2008-12-03 01:37 <DIR> d-------- c:\program files\Common Files\Nero
2008-12-03 00:22 . 2008-12-03 01:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-12-02 15:29 . 2008-12-02 16:04 33 --a------ c:\windows\Ya.com
2008-12-02 11:41 . 2008-12-02 11:41 152,920 --a------ c:\windows\system32\vghd.scr
2008-12-02 10:49 . 2008-12-02 12:21 <DIR> d-------- c:\documents and settings\Apple\Application Data\vghd
2008-11-30 20:46 . 2008-12-03 00:38 <DIR> d-------- c:\documents and settings\Apple\Application Data\Nero
2008-11-30 17:26 . 2008-11-30 17:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2008-11-30 17:07 . 2008-11-30 17:11 <DIR> d-------- c:\program files\ASUS
2008-11-30 16:11 . 2008-05-07 07:38 90,624 --a------ c:\windows\system32\nmwcdcls.dll
2008-11-30 16:10 . 2008-11-30 16:10 <DIR> d-------- c:\program files\ODEON
2008-11-30 13:10 . 2008-11-30 13:10 <DIR> d-------- C:\ATI
2008-11-30 02:29 . 2008-11-30 17:23 <DIR> d-------- c:\program files\ATI Technologies
2008-11-30 01:56 . 2008-11-30 01:56 <DIR> d-------- c:\documents and settings\Apple\Bluetooth Software
2008-11-29 22:35 . 2008-10-28 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe
2008-11-29 22:18 . 2008-08-08 16:12 3,107,788 --a------ c:\windows\system32\ativvaxx.dat
2008-11-29 22:18 . 2008-08-08 16:12 887,724 --a------ c:\windows\system32\ativva6x.dat
2008-11-29 22:18 . 2008-10-29 09:11 147,456 --a------ c:\windows\system32\Oemdspif.dll
2008-11-29 22:18 . 2008-12-03 02:34 60,452 --a------ c:\windows\system32\ativvaxx.cap
2008-11-29 21:59 . 2008-11-29 21:59 10 --a------ c:\windows\WININIT.INI
2008-11-29 19:51 . 2008-11-29 19:51 <DIR> d-------- c:\program files\Ares
2008-11-29 02:45 . 2008-11-29 02:45 8,059 --a------ c:\windows\gdrv.sys
2008-11-28 18:34 . 2008-11-28 18:34 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2008-11-28 18:34 . 2008-11-28 18:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-11-28 18:19 . 2008-11-28 20:06 <DIR> d-------- c:\documents and settings\Apple\Application Data\Uniblue
2008-11-28 12:27 . 2008-11-28 12:27 <DIR> d-------- c:\program files\WIDCOMM
2008-11-28 00:39 . 2008-11-28 00:39 <DIR> d-------- c:\documents and settings\Apple\Application Data\ATI
2008-11-27 19:52 . 2008-11-27 19:52 <DIR> d--h----- c:\windows\PIF
2008-11-27 19:06 . 2008-11-27 19:06 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-27 19:06 . 2008-11-27 19:07 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-27 17:16 . 2008-11-27 17:16 <DIR> d-------- c:\documents and settings\Apple\Application Data\Sony Setup
2008-11-27 04:21 . 2008-11-27 04:21 <DIR> d-------- c:\documents and settings\Apple\Application Data\Media Player Classic
2008-11-26 21:06 . 2008-11-26 21:06 4,096 --a------ c:\windows\d3dx.dat
2008-11-26 21:01 . 2008-11-21 17:15 27,874,282 --a------ c:\documents and settings\registry fix it portable.exe
2008-11-26 19:57 . 2008-11-26 19:57 <DIR> dr------- c:\windows\AsDmiHtm
2008-11-26 19:57 . 2007-08-01 10:39 12,536 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS
2008-11-26 19:57 . 2008-11-27 20:50 6,019 --a------ c:\windows\Ascd_tmp.ini
2008-11-24 19:16 . 2008-11-24 19:16 <DIR> d-------- c:\program files\uTorrent
2008-11-24 19:16 . 2008-12-03 02:44 <DIR> d-------- c:\documents and settings\Apple\Application Data\uTorrent
2008-11-24 18:32 . 2008-11-24 19:06 <DIR> d-------- C:\Wintesla
2008-11-24 18:32 . 2008-12-01 01:44 <DIR> d-------- c:\program files\Nokia
2008-11-24 18:29 . 2008-12-01 01:44 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-24 18:29 . 2008-11-24 18:29 <DIR> d-------- c:\program files\SarasSoft
2008-11-24 18:29 . 2008-11-24 18:29 <DIR> d-------- c:\documents and settings\Apple\Application Data\InstallShield
2008-11-24 18:29 . 2007-06-27 07:10 202,048 --a------ c:\windows\system32\UFS2XX.dll
2008-11-24 18:29 . 2007-06-27 07:05 53,184 --a------ c:\windows\system32\drivers\UFS2XX.sys
2008-11-24 16:23 . 2008-11-24 16:23 0 --a------ c:\windows\nsreg.dat
2008-11-24 16:22 . 2008-11-24 16:22 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-24 16:21 . 2008-11-24 16:21 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-24 16:16 . 2008-11-24 16:16 <DIR> d-------- c:\documents and settings\Apple\Application Data\Yahoo!
2008-11-24 16:16 . 2008-11-24 16:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-24 16:14 . 2008-11-24 16:14 <DIR> d-------- c:\program files\Yahoo!
2008-11-24 16:14 . 2008-11-24 16:14 <DIR> d-------- c:\program files\Common Files\ACD Systems
2008-11-24 16:14 . 2008-11-24 16:14 <DIR> d-------- c:\program files\ACD Systems
2008-11-24 16:14 . 2008-11-24 16:14 <DIR> d-------- c:\documents and settings\Apple\Application Data\ACD Systems
2008-11-24 16:14 . 2008-11-24 16:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-11-24 15:41 . 2008-11-24 15:40 512,096 --a------ c:\windows\system32\drivers\amon.sys
2008-11-24 15:41 . 2008-11-24 15:40 298,104 --a------ c:\windows\system32\imon.dll
2008-11-24 15:41 . 2008-11-24 15:40 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys
2008-11-24 15:40 . 2008-11-24 16:20 <DIR> d-------- c:\program files\ESET
2008-11-24 15:37 . 2008-11-24 15:39 <DIR> d-------- c:\program files\RegistryFix7
2008-11-24 15:36 . 2008-11-24 15:39 <DIR> d-------- c:\program files\RegCure
2008-11-24 15:35 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-11-24 15:35 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-24 15:35 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-24 15:35 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-24 15:35 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-24 15:31 . 2008-11-24 15:31 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-24 15:19 . 2008-11-04 09:35 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-11-24 15:18 . 2008-11-24 15:19 <DIR> d-------- c:\windows\system32\Adobe
2008-11-24 15:18 . 2008-11-24 15:19 <DIR> d-------- c:\program files\Google
2008-11-24 15:16 . 2008-11-24 15:16 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-24 15:15 . 2008-11-24 15:19 <DIR> d-------- c:\program files\Winamp
2008-11-24 15:15 . 2008-11-28 09:34 <DIR> d-------- c:\documents and settings\Apple\Application Data\Winamp
2008-11-24 15:15 . 2007-03-08 06:51 129,784 --------- c:\windows\system32\pxafs.dll
2008-11-24 15:15 . 2007-03-08 06:51 43,528 --------- c:\windows\system32\drivers\PxHelp20.sys
2008-11-24 15:15 . 2007-03-08 06:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-11-24 15:15 . 2007-03-08 06:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-11-24 15:07 . 2008-11-24 15:07 0 --a------ c:\windows\ativpsrm.bin
2008-11-24 14:57 . 2008-11-30 17:11 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-11-24 14:57 . 2008-11-24 14:57 <DIR> d-------- c:\program files\Analog Devices
2008-11-24 14:57 . 2001-09-11 15:20 1,285,632 --------- c:\windows\system32\SMMedia.dll
2008-11-24 14:57 . 2005-05-04 09:20 53,248 --------- c:\windows\system32\wdmioctl.dll
2008-11-24 14:57 . 2005-09-26 16:20 49,152 --a------ c:\windows\system32\DSndUp.exe
2008-11-24 14:57 . 2002-04-17 15:05 45,056 --------- c:\windows\system32\CleanUp.exe
2008-11-24 14:55 . 2008-11-24 15:01 <DIR> d-------- c:\program files\Common Files\InstallShield
2008-11-24 12:53 . 2004-08-03 22:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-24 12:53 . 2004-08-03 22:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-11-24 12:53 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-24 12:53 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-11-24 12:53 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-24 12:53 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-11-24 12:10 . 2008-11-24 05:15 <DIR> dr------- c:\documents and settings\All Users\Documents
2008-11-24 12:10 . 2004-08-04 06:58 31,281 --a--c--- c:\windows\system32\dllcache\FP4.CAT
2008-11-24 12:09 . 2008-11-24 05:16 <DIR> d--h----- c:\documents and settings\Default User
2008-11-24 12:09 . 2008-11-24 05:15 <DIR> d-------- c:\documents and settings\All Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 22:23 --------- d-----w c:\program files\Intel
2008-11-23 22:05 --------- d-----w c:\program files\microsoft frontpage
2008-11-02 14:02 7,680 ----a-w c:\windows\system32\ff_vfw.dll
2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-10-29 02:23 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-10-29 02:22 314,880 ----a-w c:\windows\system32\ati2dvag.dll
2008-10-29 02:11 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-10-29 02:11 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-10-29 02:11 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-10-29 02:10 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-10-29 02:10 10,973,184 ----a-w c:\windows\system32\atioglxx.dll
2008-10-29 02:09 585,728 ----a-w c:\windows\system32\ati2evxx.exe
2008-10-29 02:07 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-10-29 01:57 4,041,472 ----a-w c:\windows\system32\ati3duag.dll
2008-10-29 01:49 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-10-29 01:41 2,472,832 ----a-w c:\windows\system32\ativvaxx.dll
2008-10-29 01:25 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-10-29 01:21 389,120 ----a-w c:\windows\system32\atikvmag.dll
2008-10-29 01:19 44,032 ----a-w c:\windows\system32\atiadlxx.dll
2008-10-29 01:19 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-10-29 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-10-29 01:12 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-21 17:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-16 07:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 07:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 07:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 07:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 07:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 07:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 07:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-24 171448]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-11-24 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-11-24 949376]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-10-15 10:40 1077032 c:\program files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-10-15 10:40 2045224 c:\program files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-29 16:11 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2008-11-24 19:16 270128 c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 00:56 110592 c:\windows\system32\bthprops.cpl

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Ares\\chatServer.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-11-24 15424]
R3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\drivers\UFS2XX.sys [2008-11-24 53184]
.
Contents of the 'Scheduled Tasks' folder

2008-12-02 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

2008-11-26 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

2008-11-28 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-himem - c:\windows\himem.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-Device Detector - DevDetect.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Apple\Application Data\Mozilla\Firefox\Profiles\jjhqeqxr.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 02:44:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\imon.dll
.
Completion time: 2008-12-03 2:45:44
ComboFix-quarantined-files.txt 2008-12-02 19:45:09

Pre-Run: 97,487,974,400 bytes free
Post-Run: 97,578,754,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

234
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP