Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Help Please.

Started by xestrox , Mar 18 2009 03:59 PM

  • Please log in to reply

#1
xestrox
Posted 18 March 2009 - 03:59 PM

xestrox

    New Member

  • Member
  • Pip
  • 1 posts
i was infected with alot of different things including trojans, i managed to delete several of them with malwarebytes and spybot s&d.

when i go to my cmd prompt and use it to check my system file it contains files that when i searched them on google it said they where viruses, as well as when i scanned previously i couldn't manage to delete a large amount of the virus's, some because it said permission denied, i dont know why.

Below im pasting my combofix log.

ComboFix 09-03-15.01 - Compaq_Administrator 2009-03-18 17:22:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.114 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Messenger\msgmr.dll
c:\windows\AppPatch\AcXtrnel.sdb
c:\windows\Downloaded Program Files\ThunderAdvise.dll
c:\windows\Fonts\Framdee.ttf
c:\windows\Fonts\gzjh01.dat
c:\windows\Fonts\gzwmgj01.dat
c:\windows\IE4 Error Log.txt
c:\windows\MKMKrnl.dll
c:\windows\Readme.txt
c:\windows\system32\oleadp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NVMINI


((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-18 17:19 . 2009-03-18 17:19 <DIR> d-------- C:\32788R22FWJFW.1.tmp
2009-03-18 17:19 . 2009-03-18 17:20 <DIR> d-------- C:\32788R22FWJFW
2009-03-18 17:15 . 2009-03-18 17:19 <DIR> d-------- C:\32788R22FWJFW.0.tmp
2009-03-18 16:41 . 2009-03-18 16:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 16:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 16:41 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-17 23:02 . 2009-03-17 23:02 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-03-17 23:01 . 2009-03-17 23:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-17 22:03 . 2009-03-17 22:03 <DIR> d-------- c:\program files\IRCplus 2000
2009-03-17 22:03 . 2001-10-31 05:11 129,160 --a------ c:\windows\system32\ipport50.ocx
2009-03-17 22:03 . 2001-10-31 05:11 129,160 --a------ c:\windows\system32\ipdaem50.ocx
2009-03-17 22:03 . 2001-10-31 05:11 112,776 --a------ c:\windows\system32\ipinfo50.ocx
2009-03-17 20:10 . 2009-03-17 20:10 <DIR> d-------- c:\program files\Microsoft Visual Studio .NET 2003
2009-03-17 20:10 . 2009-03-17 20:14 <DIR> d-------- c:\program files\Microsoft Platform SDK
2009-03-17 20:06 . 2009-03-17 20:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-17 15:40 . 2009-03-17 15:40 15,440 --a------ c:\windows\system32\3VzPhrhFET.dll
2009-03-15 23:59 . 2009-03-15 23:59 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Subversion
2009-03-15 23:43 . 2009-03-15 23:43 <DIR> d-------- c:\program files\TortoiseSVN
2009-03-15 23:43 . 2009-03-15 23:43 <DIR> d-------- c:\program files\Common Files\TortoiseOverlays
2009-03-15 23:37 . 2009-03-15 23:37 <DIR> d-------- c:\program files\SCAR 3.15
2009-03-15 22:25 . 2009-03-15 22:25 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\ProxyCap
2009-03-15 22:01 . 2009-03-15 22:15 <DIR> d-------- c:\program files\Jap
2009-03-15 21:49 . 2009-03-15 21:49 <DIR> d-------- C:\Adobe Media Player
2009-03-12 18:39 . 2009-03-12 18:39 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-12 16:56 . 2009-03-12 16:58 <DIR> d-------- c:\documents and settings\Compaq_Administrator\.unlimitedftp
2009-03-12 15:55 . 2009-03-12 15:54 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-12 15:55 . 2009-03-12 15:54 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-12 07:51 . 2009-03-12 07:51 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Security
2009-03-12 07:51 . 2009-03-12 07:51 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\log
2009-03-12 03:06 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-03-12 03:06 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-03-12 03:04 . 2008-10-24 06:10 453,632 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-11 22:30 . 2009-03-11 22:30 <DIR> d-------- c:\program files\Common Files\Bcgsoft
2009-03-11 22:30 . 2009-03-11 22:30 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Deva xFTP
2009-03-11 22:29 . 2009-03-11 22:29 <DIR> d-------- c:\program files\Deva xFTP
2009-03-11 22:29 . 2009-02-03 23:47 4,186,112 --a------ c:\windows\system32\BCGCBPRO100.dll
2009-03-11 22:29 . 2009-02-06 15:43 1,069,056 --a------ c:\windows\system32\libeay32.dll
2009-03-11 22:29 . 2008-05-05 13:59 479,232 --a------ c:\windows\system32\BCGPStyle2007Aqua100.dll
2009-03-11 22:29 . 2008-05-05 13:59 380,928 --a------ c:\windows\system32\BCGPStyle2007Silver100.dll
2009-03-11 22:29 . 2008-05-05 13:59 376,832 --a------ c:\windows\system32\BCGPStyle2007Obsidian100.dll
2009-03-11 22:29 . 2008-05-05 13:59 368,640 --a------ c:\windows\system32\BCGPStyle2007Luna100.dll
2009-03-11 22:29 . 2009-02-06 15:44 212,992 --a------ c:\windows\system32\ssleay32.dll
2009-03-11 22:29 . 2005-07-20 11:48 59,904 --a------ c:\windows\system32\zlib1.dll
2009-03-11 22:29 . 2009-01-23 22:51 40,960 --a------ c:\windows\system32\DevaInst.dll
2009-03-11 19:54 . 2004-08-04 03:56 21,504 --a------ c:\windows\system32\hidserv.dll
2009-03-11 19:54 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-03-11 19:53 . 2004-08-04 02:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-03-11 19:53 . 2004-08-04 02:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-11 19:53 . 2001-08-17 17:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-11 18:16 . 2009-03-18 17:18 <DIR> dr-hs---- c:\windows\system32\dllcache
2009-03-11 16:07 . 2009-03-11 16:08 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo
2009-03-11 16:06 . 2009-03-11 16:06 1,692 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_RF800AA-ABA SR2011WM NA680_YC_0Pres_QCN5636_E64NAemREA5_48_IAlhena_SECS_V1.1_B3.23_T061130_WXP2_L409_M448_J80_7Intel_8Cel
eron D_93.2_#070710_N10EC8139_Z14F12F20_G10025A61_OLITE-ON COMBO SOHC-4836K.MRK
2009-03-11 16:04 . 2007-01-10 17:15 <DIR> d-------- c:\documents and settings\Compaq_Administrator\WINDOWS
2009-03-11 16:04 . 2009-03-11 16:11 <DIR> d---s---- c:\documents and settings\Compaq_Administrator\UserData
2009-03-11 16:04 . 2007-01-10 17:16 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Intuit
2009-03-11 16:04 . 2009-03-15 22:31 <DIR> d-------- c:\documents and settings\Compaq_Administrator
2009-03-11 16:02 . 2007-01-10 17:15 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2009-03-11 16:02 . 2007-07-10 14:44 <DIR> d--hs---- c:\windows\system32\config\systemprofile\UserData
2009-03-11 16:02 . 2007-01-10 17:43 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-03-11 16:02 . 2007-01-10 17:16 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-03-08 20:05 . 2009-03-08 20:17 <DIR> d-------- c:\program files\ArtMoney
2009-03-08 02:04 . 2009-03-08 02:04 <DIR> d-------- C:\Application Data
2009-03-07 11:31 . 2009-03-07 19:52 <DIR> d-------- c:\program files\Key Transformation
2009-03-07 11:31 . 2009-03-07 11:31 22 --a------ c:\windows\mskthml.skt
2009-02-25 17:15 . 2009-02-25 17:20 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{773E7240-B347-4DFF-A6EF-6E829EDD59DF}
2009-02-24 23:29 . 2009-03-10 10:11 <DIR> d--h----- c:\documents and settings\All Users\Application Data\~0
2009-02-24 23:28 . 2009-02-24 23:28 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Anonymizer
2009-02-24 23:28 . 2009-02-24 23:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Anonymizer
2009-02-24 23:15 . 2009-02-24 23:15 <DIR> d-------- c:\program files\Anonymizer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 22:33 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\UpdatePatrol
2009-03-18 20:58 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-18 20:58 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-18 20:56 --------- d-----w c:\program files\Symantec
2009-03-18 20:52 51 ----a-w c:\windows\Fonts\z0114.dat
2009-03-18 20:52 51 ----a-w c:\windows\Fonts\d0916.dat
2009-03-18 20:52 51 ----a-w c:\windows\Fonts\d091015.dat
2009-03-18 20:52 42 ----a-w c:\windows\Fonts\winowsm.dat
2009-03-18 20:52 42 ----a-w c:\windows\Fonts\gzzx01.dat
2009-03-18 20:52 42 ----a-w c:\windows\Fonts\gzjxsj01.dat
2009-03-18 20:52 --------- d-----w c:\program files\mIRC
2009-03-18 20:52 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\mIRC
2009-03-18 20:51 93 ----a-w c:\windows\Fonts\ywindowsa.dat
2009-03-18 20:51 51 ----a-w c:\windows\Fonts\w0114.dat
2009-03-18 20:51 51 ----a-w c:\windows\Fonts\JR09124.dat
2009-03-18 20:51 42 ----a-w c:\windows\Fonts\gzwl01.dat
2009-03-18 20:51 42 ----a-w c:\windows\Fonts\gzqqhx01.dat
2009-03-18 20:51 42 ----a-w c:\windows\Fonts\gzkdxy01.dat
2009-03-18 20:51 42 ----a-w c:\windows\Fonts\gzdnf01.dat
2009-03-18 20:51 42 ----a-w c:\windows\Fonts\GB00026.nls
2009-03-18 20:50 42 ----a-w c:\windows\Fonts\gzxy201.dat
2009-03-18 20:50 42 ----a-w c:\windows\Fonts\gztlbb01.dat
2009-03-18 20:50 42 ----a-w c:\windows\Fonts\gzqqxx01.dat
2009-03-18 20:50 42 ----a-w c:\windows\Fonts\gzmy01.dat
2009-03-18 20:50 42 ----a-w c:\windows\Fonts\GB00029.nls
2009-03-18 00:32 34 ----a-w c:\documents and settings\Compaq_Administrator\jagex_runescape_preferences.dat
2009-03-17 20:56 51 ----a-w c:\windows\Fonts\JR27.nls
2009-03-17 20:56 42 ----a-w c:\windows\Fonts\w0114.nls
2009-03-17 20:56 42 ----a-w c:\windows\Fonts\JWWINDOWS.dat
2009-03-17 20:56 42 ----a-w c:\windows\Fonts\gzqqsg01.dat
2009-03-17 20:56 42 ----a-w c:\windows\Fonts\gbkx01.nls
2009-03-17 20:56 42 ----a-w c:\windows\Fonts\GB00017.nls
2009-03-17 20:55 42 ----a-w c:\windows\Fonts\gbmy01.nls
2009-03-17 20:55 42 ----a-w c:\windows\Fonts\gbdnf01.nls
2009-03-17 20:55 42 ----a-w c:\windows\Fonts\CWINDOWS31.dat
2009-03-17 20:40 308 --sha-w c:\windows\Fonts\ukbdZgAKGr9KFysb.ttf
2009-03-17 13:00 --------- d-----w c:\program files\SwiftKit
2009-03-16 21:44 --------- d-----w c:\program files\Soulseek
2009-03-16 04:02 42 ----a-w c:\windows\Fonts\CMWINDOWSZ.dat
2009-03-16 03:44 148 --sha-w c:\windows\Fonts\PrZWDcWgjaE3SQyr.ttf
2009-03-14 22:28 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Sony Setup
2009-03-14 22:27 --------- d-----w c:\program files\Sony Setup
2009-03-12 23:39 --------- d-----w c:\program files\Common Files\Real
2009-03-12 23:36 --------- d-----w c:\program files\Google
2009-03-11 21:53 --------- d-----w c:\program files\UpdatePatrol
2009-03-11 19:42 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-10 01:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-09 01:20 --------- d-----w c:\program files\HTV
2009-03-09 00:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-09 00:17 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-08 18:41 --------- d-----w c:\program files\Common Files\AOL
2009-03-07 12:52 --------- d-----w c:\program files\HTV_2
2009-01-23 02:26 --------- d-----w c:\program files\NCP
2009-01-22 20:51 --------- d-----w c:\program files\Cisco
2009-01-22 20:51 --------- d-----w c:\documents and settings\All Users\Application Data\Cisco
2009-01-21 00:27 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\MSNInstaller
2009-01-19 09:27 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-19 09:18 --------- d-----w c:\program files\Adobe Media Player
2009-01-19 09:10 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-01-19 09:07 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-16 22:40 502 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2007-07-10 21:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

------- Sigcheck -------

2005-03-01 19:36 2056832 d8aba3eab509627e707a3b14f00fbb6b c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2008-08-14 04:18 2062976 63ec865dff6ccfc7bef94b5c50297cad c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
2008-08-14 04:33 2066048 4ac58f03eb94a72809949d757fc39d80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
2008-08-14 15:39 2066048 a25e9b86effb2af33bf51e676b68bfb0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
2005-03-01 19:34 2015232 3cd941e472ddf3534e53038535719771 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 03:38 2015744 a58ac1c6199ef34228abee7fc057ae09 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
2008-08-14 04:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\Driver Cache\i386\ntkrnlpa.exe
2008-04-13 13:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ntkrnlpa.exe
2008-08-14 04:22 2057728 ba002228743b6824d87f0551dbc86d45 c:\windows\system32\ntkrnlpa.exe

2005-03-01 20:04 2179456 28187802b7c368c0d3aef7d4c382aabb c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2008-08-14 04:57 2185984 ce69dbd54221f2d40e49ff6db77c6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
2008-08-14 05:11 2189184 eeaf32f8e15a24f62becb1bd403bb5c5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
2008-08-14 16:11 2189184 31914172342bff330063f343ac6958fe c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
2005-03-01 19:57 2135552 48b3e89af7074cee0314a3e0c7faffdb c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 04:08 2136064 1220faf071dea8653ee21de7dcda8bfd c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
2008-08-14 05:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\Driver Cache\i386\ntoskrnl.exe
2008-04-13 14:27 2188928 0c89243c7c3ee199b96fcc16990e0679 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ntoskrnl.exe
2008-08-14 05:00 2180352 21c91da9cb53aa8a37041ba9684a8458 c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"UpdatePatrol"="c:\program files\UpdatePatrol\upatrol.exe" [2008-07-22 7306392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"UpdatePatrol"="c:\program files\UpdatePatrol\upatrol.exe" [2008-07-22 7306392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-12 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-12 198160]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2007-01-10 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{7E94C114-C874-4112-9922-054D8E5546E2}"= "c:\windows\fonts\ggqxvhmy.dll" [2009-03-18 53248]
"{F01CD512-AE66-45BD-B182-EED2D68E9FA2}"= "c:\windows\fonts\apirpbdj.dll" [2009-03-18 53248]
"{3CA7A137-35F8-46CD-B83B-534CD13D5A67}"= "c:\windows\Fonts\lyosjziw.dll" [2009-03-18 32768]
"{DF12F8AB-9A00-469C-B9D4-425C1BE3E1E6}"= "c:\windows\Fonts\vzqvqglf.dll" [2009-03-18 36864]
"{47D449D6-BD89-4E68-AE37-1E8A9A03D5B6}"= "c:\windows\fonts\flnyphqw.dll" [2009-03-17 61440]
"{42B244BB-E8F8-4878-B4BC-BFC602FC1D3A}"= "c:\windows\system32\3VzPhrhFET.dll" [2009-03-17 15440]
"{93F48290-F2A6-4A5D-A020-746BA6D4FF2B}"= "c:\windows\fonts\gvtdqfeo.dll" [2009-03-18 49152]
"{E58B05EE-6CA5-42E1-A0CE-82169DDEE42C}"= "c:\windows\fonts\nlpptasx.dll" [2009-03-18 49152]
"{94602C15-9A4E-4C25-842A-FDF422B4556A}"= "c:\windows\fonts\ntbwvybn.dll" [2009-03-18 53248]
"{815EDE81-767D-4636-80F5-141578667A98}"= "c:\windows\fonts\eszlxrze.dll" [2009-03-18 53248]
"{C85CB78B-8D31-4C27-8533-149683423BF7}"= "c:\windows\fonts\urxiytxw.dll" [2009-03-18 53248]
"{DFEAF1AB-1B26-4ACF-A97A-BEF452ACBB4F}"= "c:\windows\fonts\lyzduked.dll" [2009-03-18 53248]
"{EDA2536C-2DDA-4626-9615-EF8EEC81572A}"= "c:\windows\Fonts\hdifehwi.dll" [2009-03-18 32768]
"{4EAA8F86-4217-48D0-A976-389247780A14}"= "c:\windows\fonts\eargomvf.dll" [2009-03-18 45056]
"{42CC4CC3-854C-437C-94EC-3E629F656F3F}"= "c:\windows\fonts\sehwsdkc.dll" [2009-03-18 73728]
"{526403AC-FEDD-4350-946A-BC0B8114C65A}"= "c:\windows\fonts\lfzzmxse.dll" [2009-03-18 77824]
"{5AF04671-190D-4D5C-97AF-D8054F831E27}"= "c:\windows\fonts\otqcknng.dll" [2009-03-18 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"c:\windows\fonts\vkwgblcc.dll"= {7E94C114-C874-4112-9922-054D8E5546E2} - c:\windows\fonts\ggqxvhmy.dll [2009-03-18 53248]
"c:\windows\fonts\zdllpqen.dll"= {F01CD512-AE66-45BD-B182-EED2D68E9FA2} - c:\windows\fonts\apirpbdj.dll [2009-03-18 53248]
"c:\windows\Fonts\swroggkp.dll"= {3CA7A137-35F8-46CD-B83B-534CD13D5A67} - c:\windows\Fonts\lyosjziw.dll [2009-03-18 32768]
"c:\windows\Fonts\sluujeuf.dll"= {DF12F8AB-9A00-469C-B9D4-425C1BE3E1E6} - c:\windows\Fonts\vzqvqglf.dll [2009-03-18 36864]
"c:\windows\fonts\flnyphqw.dll"= {47D449D6-BD89-4E68-AE37-1E8A9A03D5B6} - c:\windows\fonts\flnyphqw.dll [2009-03-17 61440]
"c:\windows\fonts\rfwkglek.dll"= {7E94C114-C874-4112-9922-054D8E5546E2} - c:\windows\fonts\ggqxvhmy.dll [2009-03-18 53248]
"c:\windows\fonts\uizpzlxv.dll"= {93F48290-F2A6-4A5D-A020-746BA6D4FF2B} - c:\windows\fonts\gvtdqfeo.dll [2009-03-18 49152]
"c:\windows\fonts\ystujmpg.dll"= {F01CD512-AE66-45BD-B182-EED2D68E9FA2} - c:\windows\fonts\apirpbdj.dll [2009-03-18 53248]
"c:\windows\fonts\enpnufaj.dll"= {E58B05EE-6CA5-42E1-A0CE-82169DDEE42C} - c:\windows\fonts\nlpptasx.dll [2009-03-18 49152]
"c:\windows\fonts\hprsfgtu.dll"= {94602C15-9A4E-4C25-842A-FDF422B4556A} - c:\windows\fonts\ntbwvybn.dll [2009-03-18 53248]
"c:\windows\fonts\lalyxhlf.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\eszlxrze.dll [2009-03-18 53248]
"c:\windows\fonts\euatpdkr.dll"= {C85CB78B-8D31-4C27-8533-149683423BF7} - c:\windows\fonts\urxiytxw.dll [2009-03-18 53248]
"c:\windows\fonts\orrrlgnf.dll"= {DFEAF1AB-1B26-4ACF-A97A-BEF452ACBB4F} - c:\windows\fonts\lyzduked.dll [2009-03-18 53248]
"c:\windows\Fonts\rctxdggq.dll"= {EDA2536C-2DDA-4626-9615-EF8EEC81572A} - c:\windows\Fonts\hdifehwi.dll [2009-03-18 32768]
"c:\windows\fonts\vencwhyb.dll"= {4EAA8F86-4217-48D0-A976-389247780A14} - c:\windows\fonts\eargomvf.dll [2009-03-18 45056]
"c:\windows\Fonts\bzkvzabw.dll"= {DF12F8AB-9A00-469C-B9D4-425C1BE3E1E6} - c:\windows\Fonts\vzqvqglf.dll [2009-03-18 36864]
"c:\windows\fonts\ebearbth.dll"= {42CC4CC3-854C-437C-94EC-3E629F656F3F} - c:\windows\fonts\sehwsdkc.dll [2009-03-18 73728]
"c:\windows\Fonts\imgfccms.dll"= {3CA7A137-35F8-46CD-B83B-534CD13D5A67} - c:\windows\Fonts\lyosjziw.dll [2009-03-18 32768]
"c:\windows\fonts\lwalvdec.dll"= {526403AC-FEDD-4350-946A-BC0B8114C65A} - c:\windows\fonts\lfzzmxse.dll [2009-03-18 77824]
"c:\windows\fonts\ggqxvhmy.dll"= {7E94C114-C874-4112-9922-054D8E5546E2} - c:\windows\fonts\ggqxvhmy.dll [2009-03-18 53248]
"c:\windows\fonts\gvtdqfeo.dll"= {93F48290-F2A6-4A5D-A020-746BA6D4FF2B} - c:\windows\fonts\gvtdqfeo.dll [2009-03-18 49152]
"c:\windows\fonts\apirpbdj.dll"= {F01CD512-AE66-45BD-B182-EED2D68E9FA2} - c:\windows\fonts\apirpbdj.dll [2009-03-18 53248]
"c:\windows\fonts\nlpptasx.dll"= {E58B05EE-6CA5-42E1-A0CE-82169DDEE42C} - c:\windows\fonts\nlpptasx.dll [2009-03-18 49152]
"c:\windows\fonts\ntbwvybn.dll"= {94602C15-9A4E-4C25-842A-FDF422B4556A} - c:\windows\fonts\ntbwvybn.dll [2009-03-18 53248]
"c:\windows\fonts\eszlxrze.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\eszlxrze.dll [2009-03-18 53248]
"c:\windows\fonts\urxiytxw.dll"= {C85CB78B-8D31-4C27-8533-149683423BF7} - c:\windows\fonts\urxiytxw.dll [2009-03-18 53248]
"c:\windows\Fonts\uzbotrgm.dll"= {3CA7A137-35F8-46CD-B83B-534CD13D5A67} - c:\windows\Fonts\lyosjziw.dll [2009-03-18 32768]
"c:\windows\fonts\otqcknng.dll"= {5AF04671-190D-4D5C-97AF-D8054F831E27} - c:\windows\fonts\otqcknng.dll [2009-03-18 53248]
"c:\windows\fonts\lyzduked.dll"= {DFEAF1AB-1B26-4ACF-A97A-BEF452ACBB4F} - c:\windows\fonts\lyzduked.dll [2009-03-18 53248]
"c:\windows\Fonts\hdifehwi.dll"= {EDA2536C-2DDA-4626-9615-EF8EEC81572A} - c:\windows\Fonts\hdifehwi.dll [2009-03-18 32768]
"c:\windows\fonts\eargomvf.dll"= {4EAA8F86-4217-48D0-A976-389247780A14} - c:\windows\fonts\eargomvf.dll [2009-03-18 45056]
"c:\windows\Fonts\yugcgjtz.dll"= {B8F4C7B3-74C8-4380-80B6-B66E5486B904} - c:\windows\Fonts\yugcgjtz.dll [2009-03-18 32768]
"c:\windows\Fonts\vzqvqglf.dll"= {DF12F8AB-9A00-469C-B9D4-425C1BE3E1E6} - c:\windows\Fonts\vzqvqglf.dll [2009-03-18 36864]
"c:\windows\fonts\sehwsdkc.dll"= {42CC4CC3-854C-437C-94EC-3E629F656F3F} - c:\windows\fonts\sehwsdkc.dll [2009-03-18 73728]
"c:\windows\Fonts\lyosjziw.dll"= {3CA7A137-35F8-46CD-B83B-534CD13D5A67} - c:\windows\Fonts\lyosjziw.dll [2009-03-18 32768]
"c:\windows\fonts\lfzzmxse.dll"= {526403AC-FEDD-4350-946A-BC0B8114C65A} - c:\windows\fonts\lfzzmxse.dll [2009-03-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HelpSvc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UIHost.kxp]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - NVMINI
*Deregistered* - nvmini
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-ProxyCap - c:\progra~1\PROXYL~1\ProxyCap\ProxyCap.exe
HKLM-Run-PCDrProfiler - (no file)
HKLM-Explorer_Run-MPMKrnl - c:\windows\MKMKrnl.dll
ShellExecuteHooks-{9E32A24D-BEFC-4BF9-A25D-91C37CEDE61B} - (no file)
SSODL-c:\windows\fonts\bcvacfir.dll-{77AC4257-6781-430B-80C1-BCA6D20C950F} - (no file)
SSODL-c:\windows\Fonts\bkyoedrg.dll-{A272F097-E24C-4A6E-8BCD-8C42839CE8DE} - (no file)
SSODL-c:\windows\fonts\tkxnhgbv.dll-{77AC4257-6781-430B-80C1-BCA6D20C950F} - (no file)
SSODL-c:\windows\fonts\qhgordaa.dll-{DCBC4DF7-09A8-42D0-BCF4-299F72F40EAD} - (no file)
SSODL-c:\windows\Fonts\hniknuih.dll-{9E32A24D-BEFC-4BF9-A25D-91C37CEDE61B} - (no file)
SSODL-c:\windows\Fonts\aximzoqj.dll-{A272F097-E24C-4A6E-8BCD-8C42839CE8DE} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Download All with &Deva xFTP - c:\program files\Deva xFTP\GetAllUrl.htm
IE: Download with &Deva xFTP - c:\program files\Deva xFTP\GetUrl.htm
Trusted Zone: trymedia.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 17:32:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\linkinfo.dll 46592 bytes executable
c:\windows\system32\drivers\nvmini.sys 17152 bytes executable
c:\windows\system32\linkinfo.dll 18944 bytes executable
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\flash
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\flash\promotions
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\flash\promotions\us
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\flash\promotions\us\general_motors
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\flash\promotions\us\general_motors\081113
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\flash\promotions\us\general_motors\081113\container.swf
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\flash\promotions\us\general_motors\081113\container.swf\swfCounter.sol 52 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\java
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\java\promotions
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\java\promotions\hyundai
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\java\promotions\hyundai\090312
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\java\promotions\hyundai\090312\a
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\java\promotions\hyundai\090312\a\m
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\java\promotions\hyundai\090312\a\m\e1.swf
c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\HBVREZML\l.yimg.com\a\a\1-\java\promotions\hyundai\090312\a\m\e1.swf\__yFPT_time.sol 140 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\arm33n_pk3r\l
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\l
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\l\Javan.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\99 def 00.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\Abyss.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\Anc1entz Jr.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\Arrowupuras.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\asif338.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\ChAnT1887.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\Davidroxr18.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\dgkallday730.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\DONZI I.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\Draggin pure.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\fr00b ur d3d.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\GlobalChat.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\h311archer.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\im_otloko.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\Jethr0x.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\Klut.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\liljunior jr.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\limey.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\nymob666.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\purefisher4u.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\rangepurez33.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\Rangerswrath.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\road kill317.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\tank3r 5.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\trump l run-b4-i-kil.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\unlumby bro.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\vphilvphil.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\Watch_Th3_Hp.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\xl1ghtsoutx.log 0 bytes
c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo\chatlogs\demi-fiend\NV\Zulkowski.log 0 bytes

scan completed successfully
hidden files: 55

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvmini]
"ImagePath"="system32\DRIVERS\nvmini.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-03-18 17:41:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-18 22:40:42

Pre-Run: 9,287,757,824 bytes free
Post-Run: 10,491,379,712 bytes free

438 --- E O F --- 2009-03-14 07:02:05
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP