Marked Solved Views: 6311
Offline 
Offline Offline Offline ComboFix 09-08-10.06 - Phil 13/08/2009 19:47.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1588 [GMT 1:00]
Running from: c:\documents and settings\Phil\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Phil\Application Data\.#
c:\documents and settings\Phil\Application Data\wiaserva.log
c:\documents and settings\Phil\Start Menu\Programs\Startup\ikowin32.exe
c:\windows\kb913800.exe
c:\windows\system32\1.tmp
c:\windows\system32\braviax.exe
c:\windows\system32\tmp.reg
c:\windows\system32\wisdstr.exe
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MEMSWEEP2
-------\Service_MEMSWEEP2
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.
2009-08-13 17:45 . 2009-08-13 17:45 -------- d-----w- c:\windows\system32\LogFiles
2009-08-12 19:12 . 2009-08-12 19:12 619584 -c--a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-12 17:59 . 2009-08-12 17:59 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-12 14:02 . 2009-08-12 14:02 -------- d-----w- c:\program files\Trend Micro
2009-08-12 11:34 . 2009-08-12 11:34 -------- d-----w- c:\documents and settings\Phil\Application Data\Malwarebytes
2009-08-12 11:34 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 11:34 . 2009-08-12 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-12 11:34 . 2009-08-12 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 11:34 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 11:32 . 2009-08-12 11:33 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-12 11:26 . 2009-08-12 11:26 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_BF69C629A0D9405408006C3D4A3A11E8.dll
2009-08-12 11:26 . 2009-08-12 11:26 302 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_E5D9D200AB92D6E3B94CD3D7D6CB37C5.dll
2009-08-12 11:26 . 2009-08-12 11:26 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3.dll
2009-08-12 11:26 . 2009-08-12 11:26 1251 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D20352A90C039D93DBF6126ECE614057.dll
2009-08-12 11:26 . 2009-08-12 11:26 265 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D169751270508A44CB2FE12E4D938EFD.dll
2009-08-12 11:26 . 2009-08-12 11:26 82 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_7A43E36E255EB214E904DFF65C22A7AB.dll
2009-08-12 11:26 . 2009-08-12 11:26 125 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_71008F6089F849C48B8625535896CF23.dll
2009-08-12 11:26 . 2009-08-12 11:26 27 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4F4A3A23297B6D117AA8000B0D611004.dll
2009-08-12 11:26 . 2009-08-12 11:26 103 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_342C9E3FE221B6D4CA1C1EEF0CF2C61A.dll
2009-08-12 11:26 . 2009-08-12 11:26 3568 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_26DDC2EC4210AC63483DF9D4FCC5B59D.dll
2009-08-12 11:26 . 2009-08-12 11:26 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
2009-08-12 11:26 . 2009-08-12 11:26 10 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll
2009-08-12 11:14 . 2008-04-13 19:20 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2009-08-12 10:51 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-11 14:22 . 2009-08-11 14:22 -------- d-----w- c:\documents and settings\Phil\Local Settings\Application Data\Identities
2009-08-10 19:11 . 2009-08-10 19:11 -------- d-----w- c:\documents and settings\Phil\Local Settings\Application Data\Help
2009-08-08 23:04 . 2009-03-04 09:31 4202496 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2009-08-08 23:04 . 2008-06-20 09:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2009-08-08 23:04 . 2008-06-20 09:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2009-08-08 18:58 . 2009-08-08 18:58 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-05 15:50 . 2009-06-30 16:40 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-05 15:12 . 2009-08-12 19:50 -------- d-----w- c:\documents and settings\Phil\Application Data\vlc
2009-08-05 11:47 . 2009-08-05 11:47 152576 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-07-29 07:18 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 07:18 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-27 19:44 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-07-27 12:54 . 2009-07-27 12:54 -------- d-----w- c:\documents and settings\Phil\.netbeans-derby
2009-07-27 12:29 . 2009-07-27 12:52 -------- d-----w- c:\documents and settings\Phil\.netbeans
2009-07-27 12:29 . 2009-07-27 12:29 -------- d-----w- c:\documents and settings\Phil\.netbeans-registration
2009-07-27 12:29 . 2009-07-27 12:29 -------- d-----w- c:\program files\Apache Software Foundation
2009-07-27 12:28 . 2009-07-27 21:30 -------- d-----w- c:\program files\sges-v3-prelude
2009-07-27 12:26 . 2009-07-27 12:26 -------- d-----w- C:\Sun
2009-07-27 12:21 . 2009-07-30 16:49 -------- d-----w- c:\program files\NetBeans 6.7
2009-07-25 23:01 . 2009-07-27 12:32 -------- d-----w- c:\documents and settings\Phil\.nbi
2009-07-24 16:59 . 2009-07-24 16:59 -------- d-----w- c:\program files\Firaxis Games
2009-07-23 19:50 . 2009-07-23 19:54 -------- d-----w- c:\documents and settings\Phil\Local Settings\Application Data\Eraser
2009-07-23 17:00 . 2009-07-23 17:00 -------- d-----w- c:\program files\Recuva
2009-07-23 12:56 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-07-23 12:56 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-07-22 16:14 . 2009-07-22 16:14 -------- d-----w- c:\documents and settings\Phil\Local Settings\Application Data\Apple
2009-07-21 15:17 . 2009-07-21 15:17 -------- d-----w- c:\documents and settings\Phil\bluej
2009-07-21 15:15 . 2009-07-21 15:15 -------- d-----w- c:\program files\Sun
2009-07-21 14:56 . 2009-07-21 15:10 -------- d-----w- c:\documents and settings\Phil\.SunDownloadManager
2009-07-21 14:55 . 2009-07-21 14:55 -------- d-----w- C:\BlueJ
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-07-16 15:07 . 2009-07-16 15:07 -------- d-----w- c:\program files\CCleaner
2009-07-16 13:37 . 2009-07-16 13:37 -------- d-----w- c:\program files\Sophos
2009-07-15 17:26 . 2009-07-15 17:26 -------- d-----w- C:\Restoration
2009-07-15 15:56 . 2009-07-15 15:56 -------- d-----w- c:\program files\LSoft Technologies
2009-07-15 15:18 . 2009-08-13 12:18 -------- d-----w- c:\program files\iStar
2009-07-14 20:39 . 2009-07-26 14:52 -------- d-----w- c:\documents and settings\Phil\.fontconfig
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 18:54 . 2009-07-11 14:29 -------- d-----w- c:\program files\PeerGuardian2
2009-08-13 18:04 . 2009-05-03 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-13 14:16 . 2009-05-09 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-08-12 13:31 . 2009-05-04 21:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-12 12:18 . 2009-06-30 18:36 -------- d-----w- c:\program files\Security Task Manager
2009-08-12 00:29 . 2009-05-14 15:00 1 ----a-w- c:\documents and settings\Phil\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-11 23:17 . 2009-07-12 16:35 -------- d-----w- c:\program files\Diablo II
2009-08-05 11:47 . 2006-03-17 10:58 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2006-03-17 09:20 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:15 . 2009-05-07 07:56 6388 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-01 11:15 . 2009-05-15 19:40 -------- d-----w- c:\documents and settings\Phil\Application Data\gtk-2.0
2009-07-29 20:46 . 2009-05-03 18:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-27 19:45 . 2009-07-27 19:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-27 19:44 . 2009-07-27 19:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-25 11:38 . 2006-03-17 12:26 38576 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 04:23 . 2009-05-15 12:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 17:18 . 2006-03-17 11:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 15:10 . 2009-05-12 12:58 -------- d-----w- c:\program files\Doom Builder
2009-07-20 12:03 . 2009-05-31 01:04 -------- d-----w- c:\program files\LaunchTool
2009-07-17 19:01 . 2006-03-17 09:19 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:16 . 2009-05-13 14:14 -------- d-----w- c:\program files\Project64 1.6
2009-07-13 14:40 . 2009-07-13 14:27 1004 ----a-w- c:\windows\eReg.dat
2009-07-13 14:34 . 2009-07-13 14:17 -------- d-----w- c:\program files\EA Games
2009-07-13 09:08 . 2006-03-17 09:20 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 22:34 . 2009-07-12 16:45 35165 ----a-w- c:\windows\DIIUnin.dat
2009-07-12 16:45 . 2009-07-12 16:45 2829 ----a-w- c:\windows\DIIUnin.pif
2009-07-12 16:45 . 2009-07-12 16:45 94208 ----a-w- c:\windows\DIIUnin.exe
2009-07-11 23:05 . 2009-07-11 21:44 -------- d-----w- c:\documents and settings\Phil\Application Data\dvdcss
2009-07-03 17:09 . 2006-03-17 09:20 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 23:29 . 2009-07-02 23:29 -------- d-----w- c:\documents and settings\Phil\Application Data\InterVideo
2009-07-01 17:12 . 2009-07-01 17:12 -------- d-----w- c:\program files\Alwil Software
2009-07-01 13:43 . 2009-07-01 13:43 -------- dc----w- c:\documents and settings\All Users\Application Data\{8AE45C14-3559-45A6-AF34-03CE304FA276}
2009-07-01 13:20 . 2009-07-01 13:20 -------- d-----w- c:\program files\MSBuild
2009-07-01 13:20 . 2009-07-01 13:20 -------- d-----w- c:\program files\Reference Assemblies
2009-07-01 13:08 . 2009-07-01 13:08 -------- d-----w- c:\documents and settings\Phil\Application Data\Uniblue
2009-07-01 13:06 . 2009-07-01 13:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-07-01 13:06 . 2009-07-01 13:06 -------- d-----w- c:\program files\Uniblue
2009-06-30 18:36 . 2009-06-30 18:36 295 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_C9D2F2ED2E35EE04289047AD36BC60E0.dll
2009-06-30 18:36 . 2009-06-30 18:36 26 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_D139E7FE48CDB174D86B8A3385904547.dll
2009-06-30 18:36 . 2009-06-30 18:36 133 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8C585A7BE4EC0514486C1AC3C31B73F9.dll
2009-06-30 18:36 . 2009-06-30 18:36 258 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0558D69260BC4E84A9B85E30F46B7451.dll
2009-06-28 20:45 . 2009-06-28 20:45 -------- d-----w- c:\program files\Bullfrog
2009-06-28 18:10 . 2009-05-12 17:16 -------- d-----w- c:\program files\id Software
2009-06-28 15:40 . 2009-06-28 15:40 -------- d-----w- c:\documents and settings\Phil\Application Data\Stellarium
2009-06-25 10:11 . 2009-06-25 10:11 -------- d-----w- c:\documents and settings\Phil\Application Data\Echo Software
2009-06-25 10:10 . 2009-06-25 10:10 -------- d-----w- c:\program files\Programmers Notepad
2009-06-25 09:52 . 2009-06-25 09:52 98304 ----a-r- c:\documents and settings\Phil\Application Data\Microsoft\Installer\{DE2F2D9C-53E2-40EE-8209-74DA63CB060E}\python_icon.exe
2009-06-16 14:36 . 2006-03-17 09:20 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-03-17 09:19 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 09:01 . 2009-06-16 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-15 20:24 . 2009-06-15 20:24 -------- d-----w- c:\program files\CDisplay
2009-06-15 18:47 . 2009-06-15 18:47 2989 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2009-06-15 18:46 . 2009-06-15 18:46 -------- d-----w- c:\documents and settings\Phil\Application Data\AccurateRip
2009-06-15 18:46 . 2009-06-15 18:46 -------- d-----w- c:\program files\Illustrate
2009-06-15 18:44 . 2009-06-15 18:46 515760 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-06-15 16:58 . 2009-06-15 16:58 -------- d-----w- c:\documents and settings\Phil\Application Data\Red Alert 3
2009-06-15 16:58 . 2009-06-15 16:58 -------- d--h--r- c:\documents and settings\Phil\Application Data\SecuROM
2009-06-15 16:58 . 2009-06-15 16:58 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-15 16:57 . 2009-06-15 16:30 -------- d-----w- c:\program files\Electronic Arts
2009-06-15 16:57 . 2009-06-15 16:57 3624 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-06-15 15:38 . 2009-06-15 15:38 3710 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_F6CAE87C37A7E2541843BD2B61C5A586.dll
2009-06-15 15:38 . 2009-06-15 15:38 2429 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_556106D545D648345BC271CE3558BFDB.dll
2009-06-15 15:38 . 2009-06-15 15:38 1260 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_079F5538D106D2447AB9D1D74B2FC4DA.dll
2009-06-14 21:42 . 2009-06-14 21:42 -------- d-----w- c:\program files\Common Files\DirectX
2009-06-12 12:31 . 2006-03-17 09:20 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-03-17 09:20 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-11 14:49 . 2009-06-11 14:49 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-10 14:13 . 2006-03-17 09:19 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 09:08 . 2009-06-10 09:08 152576 ----a-w- c:\documents and settings\Phil\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 08:19 . 2006-03-17 10:31 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2006-03-17 09:20 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 10:42 . 2009-05-03 20:41 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 10:42 . 2009-05-03 18:05 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2006-03-17 09:20 1291264 ----a-w- c:\windows\system32\quartz.dll
.
------- Sigcheck -------
[7] 2004-08-10 13:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-16 7557120]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-03-15 1769472]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-02-16 1519616]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-04-17 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DOOM Collector's Edition\\prboom-2.5.0-win32\\prboom-2.5.0-win32\\prboom_server.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_14\\jre\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_14\\bin\\java.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/07/2009 18:12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/07/2009 18:12 20560]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [17/03/2006 13:04 7040]
S4 SecureLockWare_EncryptFilterDriver;SecureLockWare Encryption Filter driver;c:\windows\system32\DRIVERS\ENCRFIL.SYS --> c:\windows\system32\DRIVERS\ENCRFIL.SYS [?]
S4 SecureLockWare_EncryptFilterDriver2;SecureLockWare Encryption Filter driver Ver.2;c:\windows\system32\DRIVERS\SLWFIL.SYS --> c:\windows\system32\DRIVERS\SLWFIL.SYS [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Phil\Application Data\Mozilla\Firefox\Profiles\nhirqmwn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 19:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-736535237-3451093729-2193730098-1005\Software\SecuROM\License information*]
"datasecu"=hex:78,6d,b1,42,29,9e,a5,fe,2f,6b,f2,6a,bc,0e,e3,2d,58,c7,dd,9c,b8,
da,93,35,2c,33,f3,bd,8a,17,d8,72,d1,ae,95,50,f0,c4,b8,a8,ed,59,ce,79,60,48,\
"rkeysecu"=hex:7a,3b,2b,b7,2b,f5,d7,62,5e,01,02,2f,46,97,95,b7
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1188)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSENG.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-13 19:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 18:57
Pre-Run: 26,369,249,280 bytes free
Post-Run: 26,243,436,544 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
351 --- E O F --- 2009-08-12 16:48
Offline Offline Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:53, on 13/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 6905 bytes
Offline Offline Offline Offline | DaniWeb Message | |
| Cancel Changes | |
