Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Is this computer clean

Started by roscho , Mar 05 2010 01:27 AM

  • Please log in to reply

#1
roscho
Posted 05 March 2010 - 01:27 AM

roscho

    Member

  • Member
  • PipPip
  • 28 posts
ComboFix 10-03-04.02 - Tomo 03.01.2002 8:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.1023.625 [GMT 1:00]
Running from: c:\documents and settings\Tomo\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\Dvbpws.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\prnqctl.vbs
c:\windows\system32\ssprs.dll

c:\windows\system32\msgsvc.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2001-12-03 to 2002-01-03 )))))))))))))))))))))))))))))))
.

2010-02-28 20:20 . 2009-03-27 00:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-02-28 20:20 . 2010-02-28 20:20 -------- d-----w- c:\program files\CPUID
2010-02-27 21:06 . 2010-02-27 21:06 -------- d-----w- c:\documents and settings\Tomo\Application Data\Malwarebytes
2010-02-27 21:06 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-27 21:06 . 2010-02-27 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-27 21:06 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-27 21:06 . 2010-02-27 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 20:12 . 2010-02-27 20:12 -------- d-----w- c:\documents and settings\Tomo\Application Data\PTC
2010-02-27 19:56 . 2010-02-27 19:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-27 19:45 . 2010-02-27 19:51 -------- d-----w- c:\program files\proeWildfire 4.0
2010-02-25 01:19 . 2010-02-25 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-02-25 01:19 . 2010-02-25 01:19 -------- d-----w- c:\documents and settings\Tomo\Local Settings\Application Data\ATI
2010-02-25 01:19 . 2010-02-25 01:19 -------- d-----w- c:\documents and settings\Tomo\Application Data\ATI
2010-02-25 01:18 . 2010-02-25 01:18 0 ----a-w- c:\windows\ativpsrm.bin
2010-02-25 01:14 . 2009-05-15 20:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-02-25 01:13 . 2010-02-25 01:15 -------- d-----w- c:\program files\ATI Technologies
2010-02-25 01:13 . 2010-02-25 01:13 -------- d-----w- C:\ATI
2010-02-24 18:28 . 2010-02-24 18:28 -------- d-----w- c:\documents and settings\Tomo\Application Data\DivX
2010-02-24 18:26 . 2010-02-28 17:15 -------- d-----w- c:\program files\DivX
2010-02-24 18:26 . 2010-02-24 18:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-23 22:12 . 2010-02-23 22:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-21 22:43 . 2010-02-21 22:43 -------- d-----w- c:\windows\Sun
2010-02-15 22:25 . 2010-02-15 22:25 -------- d-----w- c:\documents and settings\Tomo\Local Settings\Application Data\ArcSoft
2010-02-15 22:24 . 2010-02-15 22:42 -------- d-----w- c:\documents and settings\Tomo\Application Data\ArcSoft
2010-02-15 22:24 . 2010-02-15 22:42 -------- d--h--w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-02-15 22:24 . 2010-02-15 22:24 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-02-15 22:24 . 2005-04-27 15:36 245408 ----a-w- c:\windows\system32\unicows.dll
2010-02-15 22:24 . 2010-02-15 22:24 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-02-15 22:24 . 2009-03-11 09:53 350 ----a-w- c:\windows\system32\AF15IRTBL.bin
2010-02-15 22:24 . 2010-02-15 22:24 -------- d-----w- c:\program files\Windows Sidebar
2010-02-15 22:23 . 2010-02-15 22:24 -------- d-----w- c:\program files\WinFast
2010-02-15 22:18 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-02-15 22:18 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-02-15 22:18 . 2008-04-13 23:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-02-15 22:18 . 2008-04-13 23:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-02-15 22:18 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-02-15 22:18 . 2008-04-13 23:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-02-15 22:18 . 2008-04-13 23:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-02-15 22:18 . 2008-04-13 23:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-02-15 22:18 . 2008-04-13 23:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-02-15 22:18 . 2008-04-13 23:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-02-15 22:18 . 2008-04-13 23:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-02-15 22:18 . 2008-04-13 23:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-02-11 18:29 . 2010-02-11 18:29 -------- d-----w- c:\documents and settings\Tomo\Local Settings\Application Data\Womble
2010-02-11 18:29 . 2010-02-11 18:29 -------- d-----w- c:\program files\Womble Multimedia
2010-02-11 18:23 . 2010-02-11 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-11 18:23 . 2010-02-11 18:23 -------- d-----w- c:\program files\DVD Shrink
2010-02-04 20:17 . 2010-02-04 20:17 -------- d-----w- c:\documents and settings\Tomo\Application Data\Cuttermaran
2010-02-04 19:07 . 2002-06-17 19:36 482816 ----a-w- c:\windows\system32\VFCodec.dll
2010-01-28 22:49 . 2010-01-28 22:49 -------- d-----w- c:\documents and settings\Tomo\Application Data\dvdcss
2010-01-27 22:43 . 2010-01-27 22:43 -------- d-----w- c:\documents and settings\Tomo\Application Data\Download Manager
2009-12-30 22:09 . 2010-01-06 19:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-30 22:09 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-30 22:09 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-30 22:09 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-30 22:09 . 2009-12-30 22:09 -------- d-----w- c:\program files\Avira
2009-12-30 22:09 . 2009-12-30 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-28 23:03 . 2002-01-02 22:11 -------- d-----w- c:\documents and settings\Tomo\Application Data\vlc
2009-12-25 11:15 . 2009-12-17 16:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-10 01:53 . 2010-02-23 22:19 -------- d-----w- c:\program files\Java
2009-12-10 01:51 . 2009-12-25 11:14 152576 ----a-w- c:\documents and settings\Tomo\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-10 01:51 . 2009-12-25 11:12 79488 ----a-w- c:\documents and settings\Tomo\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-09 01:00 . 2009-12-09 01:00 -------- d-----w- c:\program files\URSA
2009-12-01 21:54 . 2009-12-01 22:07 -------- d-----w- c:\documents and settings\Tomo\Application Data\Profis
2009-12-01 21:54 . 2004-09-10 10:08 474112 ----a-w- c:\windows\system32\PDFCreatorPilot2.DLL
2009-12-01 21:54 . 2009-12-01 21:54 -------- d-----w- c:\program files\HILTI
2009-11-19 01:48 . 2009-11-19 01:48 -------- d-----w- c:\documents and settings\Administrator.REZERVA\Application Data\Media Player Classic
2009-11-19 01:38 . 2009-11-19 01:38 -------- d-----w- c:\documents and settings\Administrator.REZERVA\Local Settings\Application Data\Adobe
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-11 22:39 . 2010-01-28 00:36 167288 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-29 23:06 . 2009-10-29 23:06 -------- d-----w- c:\documents and settings\Tomo\Application Data\DAEMON Tools Pro
2009-10-28 00:27 . 2009-10-28 00:28 -------- d-----w- c:\program files\Real Alternative
2009-10-23 19:33 . 2009-10-23 19:39 -------- d-----w- c:\documents and settings\Tomo\Application Data\DAEMON Tools Lite
2009-08-25 20:58 . 2009-08-25 20:58 0 ----a-w- c:\windows\nsreg.dat
2009-08-25 20:58 . 2009-08-25 20:58 -------- d-----w- c:\documents and settings\Tomo\Local Settings\Application Data\Mozilla
2009-08-03 20:14 . 2009-08-03 20:14 -------- d-----w- c:\program files\URUSoft
2009-07-28 21:19 . 2009-07-28 21:28 -------- d-----w- c:\windows\system32\NtmsData
2009-07-28 17:50 . 2009-07-28 17:50 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-28 15:16 . 2009-07-28 15:16 -------- d-----w- c:\program files\VideoLAN
2009-07-27 21:37 . 2009-07-27 21:37 -------- d-----w- c:\program files\Lavalys
2009-07-18 12:34 . 2009-07-18 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-07-18 12:34 . 2009-07-18 12:34 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-07-18 12:34 . 2009-07-18 12:34 -------- d-----w- c:\program files\ACD Systems
2009-07-18 12:25 . 2009-07-18 12:25 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-07-15 12:10 . 2009-07-15 12:10 -------- d-sh--w- c:\documents and settings\Tomo\PrivacIE
2009-07-14 21:40 . 2002-01-02 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-14 21:40 . 2002-01-02 00:22 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-09 10:52 . 2009-07-09 10:52 -------- d--h--w- c:\windows\PIF
2009-07-09 10:43 . 2009-07-09 10:43 -------- d-----w- c:\program files\uTorrent
2009-06-30 20:05 . 2009-06-30 20:05 -------- d-sh--w- c:\documents and settings\Tomo\IETldCache
2009-06-29 16:12 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-29 16:12 . 2008-04-14 03:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-24 15:30 . 2009-06-24 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-06-24 15:27 . 2009-06-24 15:56 -------- d-----w- c:\program files\Autodesk
2009-06-24 14:10 . 2004-05-20 08:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2009-06-24 14:00 . 2009-06-24 14:00 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-24 13:59 . 2009-06-24 13:59 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-24 13:59 . 2009-06-24 13:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-24 13:54 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-24 13:54 . 2009-06-24 13:54 -------- d-----w- c:\windows\ie8updates
2009-06-24 13:54 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-24 13:54 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-24 13:51 . 2009-06-24 13:54 -------- dc-h--w- c:\windows\ie8
2009-05-16 03:58 . 2009-05-16 03:58 4069888 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-05-16 03:39 . 2009-05-16 03:39 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:38 . 2009-05-16 03:38 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-05-16 03:18 . 2009-05-16 03:18 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:17 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-05-16 03:17 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:17 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-05-16 03:15 . 2009-05-16 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-05-16 03:14 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-05-16 03:07 . 2009-05-16 03:07 2987136 ----a-w- c:\windows\system32\ati3duag.dll
2009-05-16 02:55 . 2009-05-16 02:55 11423744 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 2122624 ----a-w- c:\windows\system32\ativvaxx.dll
2009-05-16 02:54 . 2009-05-16 02:54 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-05-16 02:54 . 2009-05-16 02:54 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-05-16 02:51 . 2009-05-16 02:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 22:17 . 2010-02-15 22:17 -------- d-----w- c:\documents and settings\Tomo\Application Data\InstallShield
2009-12-30 13:35 . 2008-11-21 14:44 81984 ----a-w- c:\windows\system32\bdod.bin
2009-11-12 12:48 . 2002-01-02 00:42 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2008-04-14 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:15 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2008-04-14 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-08 02:34 . 2008-04-14 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2008-04-14 12:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2008-04-14 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2008-04-14 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2008-04-14 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2008-04-14 12:00 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2008-04-14 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10 . 2008-04-14 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-11-21 13:38 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10 . 2008-11-21 13:38 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10 . 2008-04-14 12:00 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 12:00 401408 ----a-w- c:\windows\system32\rpcss.dll
2009-02-07 17:02 . 2008-04-14 00:01 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2008-04-14 12:00 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-04-14 12:00 2189056 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 12:00 35328 ----a-w- c:\windows\system32\sc.exe
2009-02-06 10:10 . 2008-11-21 13:38 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-02-03 19:59 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-01-07 16:20 . 2006-06-28 16:59 24576 ----a-w- c:\windows\system32\nlsdl.dll
2009-01-07 16:20 . 2006-06-29 07:05 26112 ----a-w- c:\windows\system32\idndl.dll
2009-01-07 16:20 . 2006-06-29 07:05 23552 ----a-w- c:\windows\system32\normaliz.dll
2008-12-25 07:56 . 2010-02-15 22:17 433792 ----a-w- c:\windows\system32\drivers\wfeaglxt.sys
2008-12-16 12:30 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\winhttp.dll
2008-12-11 10:57 . 2008-04-14 12:00 333952 ----a-w- c:\windows\system32\drivers\srv.sys
2008-12-05 06:54 . 2008-04-14 12:00 144896 ----a-w- c:\windows\system32\schannel.dll
2008-11-26 17:46 . 2008-11-21 14:02 -------- d-----w- c:\program files\Common Files\InstallShield
2008-11-26 17:11 . 2008-11-21 13:42 86327 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2008-11-21 14:23 . 2008-11-21 14:23 -------- d-----w- c:\program files\Common Files\BitDefender
2008-11-21 14:23 . 2008-11-21 14:23 -------- d-----w- c:\program files\BitDefender
2008-11-21 13:43 . 2008-11-21 13:43 -------- d-----w- c:\program files\microsoft frontpage
2008-11-21 13:39 . 2008-11-21 13:39 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2008-10-24 11:21 . 2008-04-14 12:00 455296 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 . 2008-04-14 12:00 286720 ----a-w- c:\windows\system32\gdi32.dll
2008-10-16 13:13 . 2008-11-21 13:40 202776 ----a-w- c:\windows\system32\wuweb.dll
2008-10-16 13:13 . 2008-11-21 13:40 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2008-10-16 13:12 . 2008-11-21 13:40 323608 ----a-w- c:\windows\system32\wucltui.dll
2008-10-16 13:12 . 2008-11-21 13:40 561688 ----a-w- c:\windows\system32\wuapi.dll
2008-10-16 13:09 . 2008-11-21 13:40 51224 ----a-w- c:\windows\system32\wuauclt.exe
2008-10-16 13:09 . 2008-10-16 13:09 43544 ----a-w- c:\windows\system32\wups2.dll
2008-10-16 13:09 . 2008-04-14 12:00 92696 ----a-w- c:\windows\system32\cdm.dll
2008-10-16 13:08 . 2008-11-21 13:40 34328 ----a-w- c:\windows\system32\wups.dll
2008-10-03 10:02 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-09-30 15:43 . 2008-09-30 15:43 1286152 ----a-w- c:\windows\system32\msxml4.dll
2008-09-10 01:14 . 2008-04-14 12:00 1307648 ----a-w- c:\windows\system32\msxml6.dll
2008-09-04 17:15 . 2008-04-14 12:00 1106944 ----a-w- c:\windows\system32\msxml3.dll
2008-09-04 00:11 . 2008-09-04 00:11 54600 ----a-w- C:\npbittorrent.dll
2008-08-14 10:04 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-07-29 19:10 . 2008-07-29 19:10 73720 ----a-w- c:\windows\system32\dxva2.dll
2008-07-29 19:10 . 2008-07-29 19:10 493048 ----a-w- c:\windows\system32\evr.dll
2008-07-29 19:10 . 2008-07-29 19:10 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-29 18:35 . 2008-07-29 18:35 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2008-07-29 17:59 . 2008-07-29 17:59 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-29 17:59 . 2008-07-29 17:59 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2008-07-29 17:59 . 2008-07-29 17:59 161296 ----a-w- c:\windows\system32\UIAutomationCore.dll
2008-07-29 17:59 . 2008-07-29 17:59 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24 . 2008-07-29 17:24 97800 ----a-w- c:\windows\system32\infocardapi.dll
2008-07-29 17:24 . 2008-07-29 17:24 622080 ----a-w- c:\windows\system32\icardagt.exe
2008-07-29 17:24 . 2008-07-29 17:24 11264 ----a-w- c:\windows\system32\icardres.dll
2008-07-25 09:16 . 2008-07-25 09:16 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 09:16 . 2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll
2008-07-25 09:16 . 2008-07-25 09:16 158720 ----a-w- c:\windows\system32\mscorier.dll
2008-07-25 09:16 . 2008-07-25 09:16 96760 ----a-w- c:\windows\system32\dfshim.dll
2008-07-07 20:26 . 2008-04-14 12:00 253952 ----a-w- c:\windows\system32\es.dll
2008-07-06 12:06 . 2006-10-14 19:22 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2008-07-06 12:06 . 2006-10-14 19:21 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2008-07-06 12:06 . 2006-10-14 15:43 117760 ----a-w- c:\windows\system32\prntvpt.dll
2008-06-24 16:43 . 2008-04-14 12:00 74240 ----a-w- c:\windows\system32\mscms.dll
2008-06-20 17:46 . 2008-04-14 12:00 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 11:51 . 2008-04-14 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08 . 2008-04-14 12:00 225856 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-12 14:23 . 2008-11-21 13:38 91648 ----a-w- c:\windows\system32\mtxoci.dll
2008-06-12 14:23 . 2008-11-21 13:38 428032 ----a-w- c:\windows\system32\msdtcprx.dll
2008-06-12 14:23 . 2008-11-21 13:38 161792 ----a-w- c:\windows\system32\msdtcuiu.dll
2008-06-12 14:23 . 2008-11-21 13:38 956928 ----a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:23 . 2008-11-21 13:38 58880 ----a-w- c:\windows\system32\msdtclog.dll
2008-06-12 14:23 . 2008-04-14 12:00 66560 ----a-w- c:\windows\system32\mtxclu.dll
2008-06-11 22:43 . 2008-06-11 22:43 111992 ----a-w- c:\windows\system32\acaptuser32.dll
2008-06-10 05:11 . 2008-04-14 12:00 1053696 ----a-w- c:\windows\system32\WMNetmgr.dll
2008-06-10 02:11 . 2008-04-14 12:00 103936 ----a-w- c:\windows\system32\logagent.exe
2008-05-09 10:53 . 2008-04-14 12:00 90112 ----a-w- c:\windows\system32\wshext.dll
2008-05-09 10:53 . 2008-04-14 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll
2008-05-09 10:53 . 2008-04-14 12:00 180224 ----a-w- c:\windows\system32\scrobj.dll
2008-05-08 14:02 . 2008-04-14 12:00 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys
2008-05-08 11:24 . 2008-04-14 12:00 155648 ----a-w- c:\windows\system32\wscript.exe
2008-05-07 09:07 . 2008-04-14 12:00 135168 ----a-w- c:\windows\system32\cscript.exe
2008-04-14 05:42 . 2008-11-21 14:20 74240 ----a-w- c:\windows\system32\usbui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-21 323392]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-03-11 2912256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-26 8523776]
"nwiz"="nwiz.exe" [2008-05-26 1630208]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"hmonitor"="c:\program files\Hmonitor\hmonitor.exe" [2006-11-14 860160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"CnwiDeviceAgent"="c:\program files\Canon\GAROStatusMonitor\cnwida.exe" [2006-03-05 65536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-26 81920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-10-02 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GARO Status Monitor.lnk - c:\program files\Canon\GAROStatusMonitor\cnwism.exe [2009-1-12 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.12.2008 15:39 691696]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [23.4.2007 21:00 16688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.12.2009 23:09 108289]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [28.2.2010 21:20 12672]
R3 WFLR6654;WinFast TV2000 XP Global/Global TV (XC2028);c:\windows\system32\drivers\wfeaglxt.sys [15.2.2010 23:17 433792]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [27.7.2009 22:37 27248]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.si/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Tomo\Application Data\Mozilla\Firefox\Profiles\sxgboszk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2002-01-03 08:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spsj.sys >>UNKNOWN [0x86F8D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74f3f28
\Driver\ACPI -> ACPI.sys @ 0xf735bcb8
\Driver\atapi -> atapi.sys @ 0xf72f0b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8
ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6
NDIS: NVIDIA nForce MCP Networking Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf71f9bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7206a21
SendHandler -> NDIS.sys @ 0xf71e487b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(740)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2002-01-03 08:25:01 - machine was rebooted
ComboFix-quarantined-files.txt 2002-01-03 07:24

Pre-Run: 13.114.982.400 bytes free
Post-Run: 13.212.078.080 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A943B2639F54370DAC7347503FD0C93B
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP