I did the combo fix here is the report now what?
ComboFix 09-11-29.02 - Nick Rovenko 11/29/2009 17:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.561 [GMT -6:00]
Running from: c:\documents and settings\Nick Rovenko\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\010112010146116101.xxe
c:\windows\0101120101465250.xxe
c:\windows\0101120101465355.xxe
c:\windows\bk23567.dat
c:\windows\freddy75.exe
c:\windows\ld15.exe
c:\windows\rdr_1259533669.exe
c:\windows\system32\drivers\fio32.sys
c:\windows\system32\fio32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FIOO32
-------\Service_fioo32
-------\Service_SfX
-------\Legacy_fio32
-------\Service_fio32
((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-29 )))))))))))))))))))))))))))))))
.
2009-11-29 22:26 . 2009-11-29 22:26 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-29 22:00 . 2009-11-29 22:33 4152 ----a-w- c:\windows\fs1235.dat
2009-11-29 21:54 . 2009-11-29 21:54 -------- d-----w- c:\documents and settings\Nick Rovenko\IECompatCache
2009-11-28 09:16 . 2009-11-28 09:16 1 ---h--w- c:\windows\mmsmark3.dat
2009-11-25 15:57 . 2009-11-25 15:57 -------- d-----w- c:\documents and settings\Nick Rovenko\Application Data\TeamViewer
2009-11-25 15:56 . 2009-11-25 15:56 -------- d-----w- c:\program files\TeamViewer
2009-11-20 02:33 . 2009-11-20 02:33 31 ----a-w- c:\windows\bk20856.dat
2009-11-12 19:58 . 2009-11-12 19:58 -------- d-----w- c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 23:36 . 2009-10-12 21:20 -------- d-----w- c:\documents and settings\Nick Rovenko\Application Data\LimeWire
2009-11-29 22:25 . 2009-10-18 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-29 22:16 . 2009-10-12 19:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-19 20:58 . 2009-10-19 20:58 -------- d-----w- c:\documents and settings\Nick Rovenko\Application Data\Office Genuine Advantage
2009-10-17 08:12 . 2009-10-09 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-17 08:01 . 2009-10-17 08:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-15 20:07 . 2009-10-15 19:52 79379 ----a-w- c:\windows\hpfins05.dat
2009-10-15 20:06 . 2009-10-15 20:06 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-15 20:06 . 2009-10-15 19:52 -------- d-----w- c:\program files\HP
2009-10-15 20:06 . 2009-10-15 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-10-15 19:58 . 2009-10-09 20:50 -------- d-----w- c:\documents and settings\Nick Rovenko\Application Data\AdobeUM
2009-10-15 19:48 . 2009-10-15 19:48 -------- d-----w- c:\documents and settings\Nick Rovenko\Application Data\HP
2009-10-14 03:51 . 2009-10-14 03:51 18088 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-12 23:42 . 2009-10-12 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-10-12 23:41 . 2009-10-12 23:41 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-10-12 21:49 . 2009-10-09 20:43 18240 ----a-w- c:\documents and settings\Nick Rovenko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 21:46 . 2009-10-12 21:46 -------- d-----w- c:\program files\Addition
2009-10-12 21:40 . 2009-10-12 21:40 -------- d-----w- c:\program files\MSBuild
2009-10-12 21:40 . 2009-10-12 21:40 -------- d-----w- c:\program files\Reference Assemblies
2009-10-12 21:20 . 2009-10-12 21:20 8192 ----a-w- c:\documents and settings\Nick Rovenko\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-10-12 21:20 . 2009-10-12 21:20 20480 ----a-w- c:\documents and settings\Nick Rovenko\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-10-12 21:20 . 2009-10-12 21:20 20480 ----a-w- c:\documents and settings\Nick Rovenko\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-10-12 21:20 . 2009-10-12 21:20 18944 ----a-w- c:\documents and settings\Nick Rovenko\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-10-12 21:20 . 2009-10-12 21:20 17408 ----a-w- c:\documents and settings\Nick Rovenko\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-10-12 21:19 . 2009-10-12 19:16 -------- d-----w- c:\documents and settings\Nick Rovenko\Application Data\Apple Computer
2009-10-12 21:17 . 2009-10-12 21:16 -------- d-----w- c:\program files\LimeWire
2009-10-12 21:17 . 2009-10-12 21:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-12 21:17 . 2009-10-12 21:17 -------- d-----w- c:\program files\Java
2009-10-12 21:17 . 2009-10-12 21:17 152576 ----a-w- c:\documents and settings\Nick Rovenko\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-12 21:15 . 2009-10-12 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-12 19:15 . 2009-10-12 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-12 19:15 . 2009-10-12 19:15 -------- d-----w- c:\program files\iPod
2009-10-12 19:15 . 2009-10-12 19:14 -------- d-----w- c:\program files\Common Files\Apple
2009-10-12 19:15 . 2009-10-12 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-12 19:15 . 2009-10-12 19:15 -------- d-----w- c:\program files\Bonjour
2009-10-12 19:15 . 2009-10-12 19:14 -------- d-----w- c:\program files\QuickTime
2009-10-12 19:14 . 2009-10-12 19:14 -------- d-----w- c:\program files\Apple Software Update
2009-10-12 18:31 . 2009-10-12 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-09 21:27 . 2009-10-09 21:27 -------- d-----w- c:\program files\Analog Devices
2009-10-09 21:27 . 2009-10-09 20:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-09 21:27 . 2009-10-09 20:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-09 21:27 . 2009-10-09 21:27 -------- d-----w- c:\program files\Broadcom
2009-10-09 20:53 . 2009-10-09 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-10-09 20:53 . 2009-10-09 20:53 -------- d-----w- c:\program files\CyberLink
2009-10-09 20:52 . 2009-10-09 20:51 -------- d-----w- c:\program files\Ahead
2009-10-09 20:50 . 2009-10-09 20:50 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-09 20:46 . 2009-10-09 20:45 -------- d-----w- c:\program files\Linksys Wireless-G PCI Adapter with SRX400
2009-10-09 20:46 . 2009-10-09 20:46 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-09 20:39 . 2009-10-09 20:39 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-09 20:23 . 2009-10-09 20:23 -------- d-----w- c:\program files\microsoft frontpage
2009-10-09 20:19 . 2009-10-09 20:19 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-09 20:05 . 2009-10-09 20:21 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-09 19:37 . 2009-10-09 19:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 19:36 . 2009-10-09 19:36 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-09-21 22:09 . 2009-09-21 22:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="f:\music\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-12 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
c:\documents and settings\Nick Rovenko\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Music\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R3 Linksys3P;Wireless-G PCI Adapter with SRX400 Driver;c:\windows\system32\drivers\TMIMO31P.sys [10/9/2009 2:46 PM 780800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
fioo32 REG_MULTI_SZ fioo32
.
Contents of the 'Scheduled Tasks' folder
2009-11-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 17:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2812)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-11-29 17:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-29 23:38
Pre-Run: 23,853,928,448 bytes free
Post-Run: 24,124,039,168 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 11E1E0B29E723EF1AE383E0297DA885C
Edited by nickr660, 29 November 2009 - 05:49 PM.
Sign In
Create Account
