| ok, sorry for the late reply
ComboFix 07-07-30.2 - "«©ں¤" 2007-07-31 10:51:34.1 [GMT 3:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.True
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\4C9C~1\Desktop\internet.lnk
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))
2007-07-31 10:50 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-30 16:12 <DIR> d-------- C:\stdtsa
2007-07-29 23:23 <DIR> d-------- C:\DOCUME~1\8CF5~1\APPLIC~1\BSplayer
2007-07-28 16:26 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-07-28 16:23 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-28 15:01 <DIR> d-------- C:\DOCUME~1\4C9C~1\APPLIC~1\Media Player Classic
2007-07-28 14:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-28 12:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-27 14:16 <DIR> d-------- C:\Program Files\Google
2007-07-27 14:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-27 14:16 <DIR> d-------- C:\DOCUME~1\4C9C~1\APPLIC~1\Google
2007-07-26 14:58 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-26 14:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-26 13:40 <DIR> d-------- C:\DOCUME~1\4C9C~1\Phone Browser
2007-07-26 12:33 <DIR> d---s---- C:\DOCUME~1\4C9C~1\UserData
2007-07-25 12:09 <DIR> d-------- C:\Program Files\Project64 1.6
2007-07-25 12:06 <DIR> d-------- C:\WINDOWS\system32\VirtualExpander
2007-07-25 12:00 <DIR> d-------- C:\Program Files\APO Usb Autorun
2007-07-25 11:11 1,572,864 --ah----- C:\DOCUME~1\4C9C~1\NTUSER.DAT
2007-07-25 11:11 <DIR> d-------- C:\DOCUME~1\4C9C~1\APPLIC~1\PC Suite
2007-06-22 18:18 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-20 15:03 <DIR> d-------- C:\DOCUME~1\FORZAM~1\WINDOWS
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-30 23:13 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 10:51 --------- d-------- C:\Program Files\Realtek AC97
2007-07-26 15:51 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-05-16 18:32 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-26 00:01]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
VTtrayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
R0 uagp35;Microsoft AGPv3.5 Filter;C:\WINDOWS\system32\DRIVERS\uagp35.sys
R1 BIOS;BIOS;\??\C:\WINDOWS\system32\drivers\BIOS.sys
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b918140-3bc9-11dc-8a40-00e04cfe5b2d}]
AutoRun\command- RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb7b6e6f-3a8c-11dc-8a35-00e04cfe5b2d}]
AutoRun\command- \runzip
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-07-31 10:54:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths]
"3\0061\6'\6,\6"="C:\Documents and Settings\\x633\x631\x627\x62c\My Documents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Hints\3\0061\6'\6,\6]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Hints\9\6(\6/\6'\6D\6E\6$\6E\6F\6 ]
"PictureSource"="C:\Documents and Settings\\x639\x628\x62f\x627\x644\x645\x624\x645\x646 \x627\x644\x639\x645\x631\x64a\My Documents\My Pictures\\x631\x633\x648\x645\x627\x62a + \x62d\x64a\x648\x646\x627\x62a\7146BRD.JPG"
@="731694"
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ImagePath"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00"
"ServiceDll"="hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,55,00,44,00,46,00,53,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00"
Completion time: 2007-07-31 10:55:13
C:\ComboFix-quarantined-files.txt ... 2007-07-31 10:54
--- E O F ---
i forgot to save it to desktop i just pressed run accidently is that alright? Post Edited (close) : 31-07-2007 09:04:51 GMT |
|