|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
10-21-2009, 12:59 AM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2009
Posts: 5
OS: vista
|
Virus Identified Hidden.Packed
Previous thread got shut down
Virus Identified Hidden.Packed ComboFix crashed my computer so had to run it in safe mode ComboFix 09-10-15.04 - Admin 21-10-2009 17:47.2.2 - NTFSx86 NETWORK Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.91.1033.18.955.458 [GMT 11:00] Running from: c:\users\Admin\Desktop\Combo.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 ))))))))))))))))))))))))))))))) . 2009-10-21 06:48 . 2009-10-21 06:48 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-10-21 06:48 . 2009-10-21 06:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-21 06:48 . 2009-10-21 06:48 -------- d-----w- c:\users\Adi\AppData\Local\temp 2009-09-26 11:27 . 2009-09-26 11:27 -------- d-----w- c:\programdata\Downloaded Installations 2009-09-26 11:26 . 2009-09-26 11:26 -------- d-----w- c:\program files\AVG 2009-09-23 11:28 . 2009-09-23 11:28 -------- d-----w- c:\users\Adi\AppData\Local\Apple Computer 2009-09-23 11:28 . 2009-09-23 11:28 -------- d-----w- c:\users\Adi\AppData\Roaming\Apple Computer 2009-09-23 11:27 . 2009-09-23 11:27 99864 ----a-w- c:\users\Adi\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-23 11:27 . 2009-09-23 11:28 -------- d-----w- c:\users\Adi\AppData\Local\VirtualStore 2009-09-23 10:48 . 2009-09-26 11:06 -------- d-----w- c:\programdata\16540024 2009-09-23 06:40 . 2009-09-23 06:40 4 ----a-w- c:\windows\info147.sys 2009-09-23 06:24 . 2009-09-23 06:24 -------- d-----w- c:\program files\Common Files\Totem Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-21 06:38 . 2009-09-17 11:12 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype 2009-10-21 06:37 . 2009-09-17 11:14 -------- d-----w- c:\users\Admin\AppData\Roaming\skypePM 2009-10-21 06:36 . 2009-04-22 08:58 1356 ----a-w- c:\users\Admin\AppData\Local\d3d9caps.dat 2009-10-16 08:17 . 2009-10-16 08:17 12800 ----a-w- c:\windows\system32\lofd32.dll 2009-10-08 09:21 . 2009-08-02 01:05 -------- d-----w- c:\users\Admin\AppData\Roaming\uTorrent 2009-10-04 09:26 . 2009-06-16 06:53 -------- d-----w- c:\program files\Java 2009-09-26 11:27 . 2009-09-26 11:27 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys.install_backup 2009-09-26 11:27 . 2009-09-26 11:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys.install_backup 2009-09-26 11:27 . 2009-09-26 11:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys.install_backup 2009-09-26 11:27 . 2009-09-26 11:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys.install_backup 2009-09-23 11:27 . 2009-09-23 11:26 680 ----a-w- c:\users\Adi\AppData\Local\d3d9caps.dat 2009-09-17 11:14 . 2009-09-17 11:14 56 ---ha-w- c:\programdata\ezsidmv.dat 2009-09-17 11:11 . 2009-09-17 11:11 -------- d-----r- c:\program files\Skype 2009-09-17 11:11 . 2009-09-17 11:11 -------- d-----w- c:\program files\Common Files\Skype 2009-09-17 11:11 . 2009-09-17 11:11 -------- d-----w- c:\programdata\Skype 2009-09-12 16:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-09-12 16:06 . 2009-04-22 06:51 -------- d-----w- c:\programdata\Microsoft Help 2009-08-28 12:39 . 2009-09-03 07:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-28 10:15 . 2009-09-03 07:38 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-14 17:07 . 2009-09-12 00:37 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 16:29 . 2009-09-12 00:37 104960 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-14 16:29 . 2009-09-12 00:37 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 14:16 . 2009-09-12 00:37 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 14:16 . 2009-09-12 00:37 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 14:16 . 2009-09-12 00:37 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 14:16 . 2009-09-12 00:37 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 14:16 . 2009-09-12 00:37 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 14:16 . 2009-09-12 00:37 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 14:16 . 2009-09-12 00:37 10240 ----a-w- c:\windows\system32\finger.exe 2009-07-24 18:23 . 2009-06-16 06:53 411368 ----a-w- c:\windows\system32\deploytk.dll . ------- Sigcheck ------- [-] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\browser.dll [-] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll [-] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.0.6001.18000_none_78e926b99dfe756d\browser.dll [7] 2009-04-11 . 0C2236FB7195A1CF2A632D530349E673 . 1686016 . . [5.82] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll [-] 2008-01-21 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll [-] 2008-01-21 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll [-] 2008-01-21 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18000_none_399c1f00d7f7837a\comctl32.dll [-] 2008-01-21 . 58D3C1519096F3D9E07EEC5F5FC64885 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll [-] 2008-01-21 . A5BB4537004C8DCC096A952EF1E20FE9 . 1684480 . . [6.10] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll [7] 2006-11-02 . B28A9B2300A250B703D44C1759AF2605 . 1648128 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll [7] 2006-11-02 . 4A05089F43041903A3C523A3C16E3350 . 537088 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll [7] 2009-04-11 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll [-] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\cryptsvc.dll [-] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll [-] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll [-] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\asyncmac.sys [-] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys [-] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.0.6001.18000_none_2457cee334d93e6f\asyncmac.sys [-] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\beep.sys [-] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\System32\drivers\beep.sys [-] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [-] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\null.sys [-] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys [-] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\null.sys [7] 2009-04-11 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_5e419722778cc84e\imm32.dll [-] 2008-01-21 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\imm32.dll [-] 2008-01-21 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\System32\imm32.dll [-] 2008-01-21 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll [7] 2009-04-11 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll [-] 2008-01-21 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\mswsock.dll [-] 2008-01-21 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll [-] 2008-01-21 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll [7] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [-] 2008-01-21 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\netlogon.dll [-] 2008-01-21 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll [-] 2008-01-21 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [-] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\netman.dll [-] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll [-] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll [7] 2009-04-11 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6002.18005_none_a505176cf9fa2abd\powrprof.dll [-] 2008-01-21 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\powrprof.dll [-] 2008-01-21 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll [-] 2008-01-21 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\powrprof.dll [7] 2009-04-11 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll [-] 2008-01-21 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\ERDNT\cache\qmgr.dll [-] 2008-01-21 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll [-] 2008-01-21 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll [7] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [-] 2008-01-21 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\scecli.dll [-] 2008-01-21 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll [-] 2008-01-21 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe [-] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\services.exe [-] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\System32\services.exe [-] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe [7] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe [-] 2008-01-21 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\spoolsv.exe [-] 2008-01-21 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe [-] 2008-01-21 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe [-] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\svchost.exe [-] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe [-] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe [7] 2009-04-11 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6002.18005_none_e52851e7e21463cb\tapisrv.dll [-] 2008-01-21 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\tapisrv.dll [-] 2008-01-21 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6000.16386] . . c:\windows\System32\tapisrv.dll [-] 2008-01-21 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6001.18000_none_e33cd8dbe4f2987f\tapisrv.dll [7] 2009-04-11 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [-] 2008-01-21 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\user32.dll [-] 2008-01-21 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll [-] 2008-01-21 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [-] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\userinit.exe [-] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe [-] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [7] 2009-04-11 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [-] 2008-01-21 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\winlogon.exe [-] 2008-01-21 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe [-] 2008-01-21 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [-] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\ws2_32.dll [-] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll [-] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll [7] 2009-04-11 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll [-] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\ERDNT\cache\msvcrt.dll [-] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\System32\msvcrt.dll [-] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll [7] 2009-04-11 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6002.18005_none_8b517ec580991c4d\regsvc.dll [-] 2008-01-21 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\regsvc.dll [-] 2008-01-21 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll [-] 2008-01-21 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6001.18000_none_896605b983775101\regsvc.dll [7] 2009-04-11 . 323AE0BDFD2EB15B668DDA50CC597329 . 595456 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18005_none_30ec979d94244404\schedsvc.dll [-] 2008-01-21 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\schedsvc.dll [-] 2008-01-21 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll [-] 2008-01-21 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8\schedsvc.dll [7] 2008-01-21 . 886CEC884B5BE29AB9828B8AB46B11F7 . 595456 . . [6.0.6000.16609] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll [7] 2008-01-21 . BF17DA9F25A4F84C2577AC13EE126CB7 . 595968 . . [6.0.6000.20734] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll [7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll [-] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\shsvcs.dll [-] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll [-] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll [-] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\ssdpsrv.dll [-] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll [-] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6001.18000_none_7fc972ebd13849b5\ssdpsrv.dll [7] 2009-04-11 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6002.18005] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll [-] 2008-01-21 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\termsrv.dll [-] 2008-01-21 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll [-] 2008-01-21 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll [-] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6001.18000] . . c:\windows\ERDNT\cache\upnphost.dll [-] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll [-] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.0.6001.18000_none_c1e834753483fdcf\upnphost.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5768708-806B-4ced-9AE8-7C855EB782F7}] 2009-10-16 08:17 12800 ----a-w- c:\windows\System32\lofd32.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280] "Xzafedoxirakip"="c:\windows\system32\config\systemprofile\AppData\Local\wigenCO.dll" [2008-01-21 49152] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-05-26 6144000] "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-22 106560] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AC3E0C80-9B76-43E4-B5BF-B0F93076ACBC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{893D3AE2-E467-4A55-BB16-4CF02D44D49D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{FBDC76B0-3D78-41F4-97B7-28FF63F5A606}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{93542A1F-EE71-428E-A8CF-2D62967E2B34}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{AE6F7915-2697-4364-850D-3BAC625E659A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{13FE064C-9261-499C-B22E-E6990FB7FC69}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{58A04BFC-4A58-42D8-B789-5289AB121E45}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{5B9891FC-A028-4952-887D-22EE5178AD63}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{6695B6C3-DA23-4063-9549-CBFA767DC9D0}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{D05D10ED-FB3A-44EF-8D4B-00F795ED9982}"= c:\program files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28-03-2008 10:14 210432] R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [21-05-2008 05:36 3663360] S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [22-04-2009 17:44 93968] --- Other Services/Drivers In Memory --- *NewlyCreated* - ECACHE [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . Contents of the 'Scheduled Tasks' folder 2009-10-21 c:\windows\Tasks\User_Feed_Synchronization-{D83C0BEA-CE66-4CD7-A696-10417B84277F}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.liverpoolfc.tv/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://wireless.net.uts.edu.au/dana-cached/sc/JuniperSetupClient.cab . - - - - ORPHANS REMOVED - - - - HKLM-RunOnce-<NO NAME> - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-21 17:48 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . Completion time: 2009-10-21 17:51 ComboFix-quarantined-files.txt 2009-10-21 06:51 ComboFix2.txt 2009-10-21 06:34 Pre-Run: 54,075,166,720 bytes free Post-Run: 53,953,298,432 bytes free 260 --- E O F --- 2009-09-30 10:40 |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
| Thread Tools | |
|
|
