Jump to content

My System Clean? Log combofix.


Recommended Posts

Hello friends , please see if my computer is clean :

ComboFix 09-12-21.04 - Games 22/12/2009 9:37.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.355 [GMT 0:00]

Running from: c:\documents and settings\Games\Desktop\Combo-Fix.exe

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

ADS - system32: deleted 6542 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\system32\logs

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BHDRVX86

-------\Service_BHDrvx86

((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))

.

2009-12-22 08:48 . 2009-12-22 08:48 -------- d-----w- c:\program files\CheckPoint

2009-12-22 07:13 . 2009-11-22 15:42 69000 ----a-w- c:\windows\system32\zlcomm.dll

2009-12-22 07:13 . 2009-11-22 15:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll

2009-12-22 07:12 . 2009-11-22 15:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll

2009-12-22 07:12 . 2009-12-22 07:12 -------- d-----w- c:\program files\Zone Labs

2009-12-22 06:33 . 2009-12-22 06:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2009-12-22 06:33 . 2009-12-22 06:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-12-22 06:33 . 2009-12-22 06:33 -------- d-----w- c:\program files\Symantec

2009-12-22 06:31 . 2009-12-22 06:31 -------- d-----w- c:\program files\Norton AntiVirus

2009-12-22 06:19 . 2009-12-22 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings

2009-12-22 06:18 . 2009-12-22 06:36 -------- d-----w- c:\program files\NortonInstaller

2009-12-22 05:58 . 2009-12-22 05:58 -------- d-----w- c:\windows\system32\scripting

2009-12-22 05:58 . 2009-12-22 05:58 -------- d-----w- c:\windows\system32\en

2009-12-22 05:58 . 2009-12-22 05:58 -------- d-----w- c:\windows\system32\bits

2009-12-22 05:58 . 2009-12-22 05:58 -------- d-----w- c:\windows\l2schemas

2009-12-22 02:37 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll

2009-12-22 02:37 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll

2009-12-22 02:35 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll

2009-12-22 01:46 . 2009-12-22 05:56 -------- d-----w- c:\windows\ServicePackFiles

2009-12-22 01:31 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2009-12-22 01:17 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-12-22 01:15 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-12-22 01:15 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-12-22 01:15 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-12-22 01:15 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-12-22 01:15 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2009-12-22 01:15 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-12-22 01:15 . 2009-08-04 20:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-12-22 01:15 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-12-22 01:15 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2009-12-22 01:15 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-12-22 01:15 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-12-22 01:15 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-12-22 01:14 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

2009-12-22 01:14 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-12-22 01:13 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys

2009-12-22 01:13 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-12-22 01:13 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2009-12-22 01:12 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2009-12-22 01:12 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-12-22 01:12 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys

2009-12-22 01:12 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2009-12-22 00:46 . 2009-12-22 00:46 -------- d-----w- c:\windows\system32\wbem\Repository

2009-12-22 00:46 . 2009-12-22 00:46 -------- d-----w- c:\program files\AVG

2009-12-22 00:45 . 2009-12-22 00:45 -------- d--h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-12-22 00:45 . 2009-12-22 00:45 -------- d-----w- C:\$AVG

2009-12-21 22:37 . 2009-12-22 00:43 -------- d-----w- c:\program files\NortonInstaller(2)

2009-12-21 20:55 . 2009-12-22 06:33 -------- d-----w- c:\windows\system32\drivers\NAV

2009-12-21 20:28 . 2009-12-21 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-12-19 19:17 . 2009-12-22 00:45 -------- d-----w- c:\program files\SoulseekNS

2009-12-19 07:32 . 2009-12-19 08:40 69206016 --sha-w- C:\NRTPage.sys

2009-12-19 03:29 . 2009-12-19 03:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-12-19 02:36 . 2001-08-17 22:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll

2009-12-19 02:35 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdinpun.dll

2009-12-19 02:34 . 2004-08-04 12:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll

2009-12-19 01:51 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2009-12-19 01:51 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2009-12-19 01:51 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2009-12-19 01:51 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2009-12-17 00:00 . 2009-12-17 00:00 -------- d-----w- c:\documents and settings\Games\Application Data\AVG9

2009-12-16 17:15 . 2009-12-18 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-12-16 14:15 . 2009-12-16 14:15 -------- d-----w- c:\documents and settings\Games\Application Data\GrabPro

2009-12-16 12:17 . 2009-12-22 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-12-14 20:19 . 2009-12-14 20:19 -------- d-----w- c:\documents and settings\Games\Local Settings\Application Data\Help

2009-12-14 20:02 . 2009-12-14 20:02 -------- d-----w- c:\documents and settings\Games\Application Data\mIRC

2009-12-14 17:09 . 2009-12-14 17:09 -------- d-----w- C:\logs

2009-12-12 16:46 . 2009-12-12 16:46 132096 ----a-w- c:\windows\system32\d3dim700J.dll

2009-12-12 16:39 . 2009-12-12 16:40 -------- d-----w- c:\documents and settings\Games\Application Data\teamspeak2

2009-12-11 23:43 . 2009-12-11 23:43 -------- d-----w- c:\documents and settings\Games\Application Data\Malwarebytes

2009-12-11 23:43 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-11 23:43 . 2009-12-11 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-11 23:43 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-11 23:20 . 2009-12-11 23:20 -------- d-----w- c:\documents and settings\Games\Application Data\Lavasoft

2009-12-05 18:24 . 2009-12-05 18:24 -------- d-----w- c:\documents and settings\Games\Local Settings\Application Data\Mozilla

2009-12-05 18:19 . 2009-12-05 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ThumbnailCache4R

2009-12-05 17:45 . 2009-12-05 17:45 -------- d-----w- c:\documents and settings\Games\Application Data\FaxCtr

2009-12-03 20:19 . 2007-11-01 14:33 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL

2009-12-03 20:19 . 2007-11-01 14:29 45056 ----a-w- c:\windows\system32\LXF3PMON.DLL

2009-12-03 20:19 . 2007-11-01 14:28 32768 ----a-w- c:\windows\system32\LXF3FXPU.DLL

2009-12-03 20:19 . 2007-08-27 17:44 53248 ----a-w- c:\windows\system32\lxf3oem.dll

2009-12-03 20:19 . 2007-05-02 02:05 98345 ----a-w- c:\windows\system32\IMHOST32.DLL

2009-12-03 20:19 . 2007-05-02 02:05 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL

2009-12-03 20:18 . 2009-12-03 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FaxCtr

2009-12-03 20:18 . 2009-12-03 20:20 -------- d-----w- c:\program files\Lexmark Fax Solutions

2009-12-03 20:11 . 2009-12-03 20:11 -------- d-----w- c:\documents and settings\Games\Application Data\Lexmark Productivity Studio

2009-12-03 20:07 . 2009-12-03 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lexmark 2600 Series

2009-12-03 20:05 . 2009-12-22 07:25 -------- d-----w- c:\documents and settings\All Users\lx_cats

2009-12-03 20:04 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-12-03 20:03 . 2008-03-31 19:47 40960 ----a-w- c:\windows\system32\lxdnvs.dll

2009-12-03 20:03 . 2009-10-20 17:59 409600 ----a-w- c:\windows\system32\lxdncoin.dll

2009-12-03 20:03 . 2009-08-13 12:02 147968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll

2009-12-03 20:02 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll

2009-12-03 20:02 . 2007-11-20 23:44 81920 ----a-w- c:\windows\system32\lxdncaps.dll

2009-12-03 20:02 . 2007-11-21 00:02 782336 ----a-w- c:\windows\system32\lxdndrs.dll

2009-12-03 20:02 . 2007-10-02 22:51 69632 ----a-w- c:\windows\system32\lxdncnv4.dll

2009-12-03 20:02 . 2009-12-03 20:02 -------- d-----w- c:\program files\Lexmark Tools for Office

2009-12-03 19:58 . 2009-12-03 20:05 -------- d-----w- c:\program files\Lexmark 2600 Series

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-22 10:00 . 2009-12-22 09:59 904282 ----a-w- c:\windows\Internet Logs\tvDebug.Zip

2009-12-22 08:47 . 2005-06-08 14:37 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2009-12-22 06:46 . 2005-06-08 14:25 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-12-22 06:44 . 2009-12-22 08:41 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\NAVEX15.SYS

2009-12-22 06:44 . 2009-12-22 08:41 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\NAVENG.SYS

2009-12-22 06:44 . 2009-12-22 08:41 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\ERASER.SYS

2009-12-22 06:44 . 2009-12-22 08:41 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\NAVEX32A.DLL

2009-12-22 06:44 . 2009-12-22 08:41 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\NAVENG32.DLL

2009-12-22 06:44 . 2009-12-22 08:41 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\EECTRL.SYS

2009-12-22 06:44 . 2009-12-22 08:41 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\CCERASER.DLL

2009-12-22 06:44 . 2009-12-22 08:41 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20091221.050\ECMSVR32.DLL

2009-12-22 06:33 . 2009-12-22 06:33 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-12-22 06:33 . 2009-12-22 06:33 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-12-22 06:22 . 2005-06-08 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-12-22 06:01 . 2005-06-07 17:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-12-22 00:46 . 2009-01-23 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-12-22 00:45 . 2005-06-08 14:49 -------- d-----w- c:\program files\Lavasoft

2009-12-21 22:01 . 2008-12-31 21:53 -------- d-----w- c:\program files\Soulseek

2009-12-19 02:31 . 2005-06-07 17:42 23348 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-16 15:36 . 2009-04-04 14:24 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-16 14:19 . 2009-08-07 20:33 -------- d-----w- c:\documents and settings\Games\Application Data\Orbit

2009-12-11 23:27 . 2009-07-06 17:27 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe

2009-12-11 23:27 . 2009-07-06 17:26 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

2009-12-05 04:54 . 2009-12-05 04:54 529456 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys

2009-12-05 04:54 . 2009-12-05 04:54 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHRules.dll

2009-12-05 04:54 . 2009-12-05 04:54 1405840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHEngine.dll

2009-12-05 04:54 . 2009-12-05 04:54 668720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx64.sys

2009-12-05 04:54 . 2009-12-05 04:54 610704 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20091205.001\bbRGen.dll

2009-12-03 19:59 . 2009-12-03 19:59 -------- d-----w- c:\program files\Lexmark Toolbar

2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-16 10:32 . 2009-11-16 08:05 -------- d-----w- c:\documents and settings\Games\Application Data\DivX

2009-11-16 10:19 . 2009-11-16 10:19 33533 ----a-w- c:\windows\system32\CoreVorbis-uninstall.exe

2009-11-16 08:51 . 2009-11-16 06:10 -------- d-----w- c:\documents and settings\Games\Application Data\Azureus

2009-11-16 08:03 . 2009-11-16 08:02 -------- d-----w- c:\program files\Common Files\DivX Shared

2009-11-16 07:39 . 2009-11-16 07:27 -------- d-----w- c:\documents and settings\Games\Application Data\vlc

2009-11-16 05:01 . 2009-11-16 05:01 -------- d-----w- c:\documents and settings\Games\Application Data\Media Player Classic

2009-11-08 08:44 . 2009-11-16 11:43 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-11-07 02:35 . 2009-11-07 02:36 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-11-07 02:35 . 2009-11-07 02:35 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys

2009-11-07 02:35 . 2009-11-07 02:35 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll

2009-11-07 02:35 . 2009-05-29 17:25 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe

2009-11-07 02:35 . 2009-01-23 19:26 15880 ----a-w- c:\windows\system32\lsdelete.exe

2009-11-07 02:35 . 2009-11-07 02:35 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll

2009-11-07 02:35 . 2009-11-07 02:35 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll

2009-11-07 02:35 . 2009-11-07 02:35 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll

2009-11-07 02:35 . 2009-11-07 02:35 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll

2009-11-07 02:35 . 2009-07-13 17:28 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll

2009-11-05 16:30 . 2009-11-05 16:30 -------- d-----w- c:\documents and settings\Games\Application Data\AdobeUM

2009-10-29 20:18 . 2009-10-29 20:18 -------- d-----w- c:\program files\Microsoft

2009-10-29 20:18 . 2009-10-29 20:18 -------- d-----w- c:\program files\Windows Live

2009-10-29 20:18 . 2009-10-29 20:18 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-10-29 20:17 . 2009-10-29 20:17 -------- d-----w- c:\program files\Common Files\Windows Live

2009-10-29 20:16 . 2009-10-29 20:16 29216 ----a-w- c:\documents and settings\Games\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-29 05:38 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2009-10-28 22:37 . 2009-12-22 06:44 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys

2009-10-28 22:37 . 2009-12-22 06:44 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSvix86.sys

2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSvix86.sys

2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSXpx86.sys

2009-10-28 22:37 . 2009-12-22 06:44 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\Scxpx86.dll

2009-10-28 22:37 . 2009-12-22 06:44 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSxpx86.dll

2009-10-28 22:37 . 2009-12-22 06:44 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSviA64.sys

2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\Scxpx86.dll

2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSxpx86.dll

2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\BinHub\IDSviA64.sys

2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-05 17:34 . 2009-12-22 06:32 929648 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\OCS\hsplayer.dll

2009-10-03 08:15 . 2009-11-07 02:32 2924848 ----a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe

2009-10-01 09:19 . 2009-12-22 06:33 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll

2009-09-25 16:42 . 2009-11-16 08:03 9464 ----a-w- c:\windows\system32\drivers\cdralw2k.sys

2009-09-25 16:42 . 2009-11-16 08:03 9336 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys

2009-09-25 16:42 . 2009-11-16 08:03 129784 ----a-w- c:\windows\system32\pxafs.dll

2009-09-25 16:42 . 2005-06-19 10:51 43528 ----a-w- c:\windows\system32\drivers\PxHelp20.sys

2009-09-25 16:42 . 2005-06-19 10:51 120056 ----a-w- c:\windows\system32\pxcpyi64.exe

2009-09-25 16:42 . 2005-06-19 10:51 118520 ----a-w- c:\windows\system32\pxinsi64.exe

2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll

2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll

2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll

2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll

2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll

2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll

2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll

2009-09-25 05:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-09-23 12:55 . 2009-01-23 18:25 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2005-02-22 1611488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"nwiz"="nwiz.exe" [2005-12-10 1519616]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]

"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2007-04-27 282624]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]

"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2009-01-29 320168]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0smrgdf d:\program files\iolo\System Mechanic 5"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-12-10 03:06 7311360 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2005-12-10 03:06 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2002-04-11 03:19 69632 ----a-w- d:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2005-06-03 02:52 36975 ----a-w- c:\program files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2005-06-13 18:34 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"EventSystem"=3 (0x3)

"ERSvc"=2 (0x2)

"Spooler"=2 (0x2)

"helpsvc"=2 (0x2)

"FastUserSwitchingCompatibility"=3 (0x3)

"Dnscache"=2 (0x2)

"CryptSvc"=3 (0x3)

"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\BearShare\\BearShare.exe"=

"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

"d:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"d:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnamon.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\frun.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=

"c:\\WINDOWS\\system32\\lxdncoms.exe"=

"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=

"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/23/2009 6:25 PM 64288]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1101000.013\SymDS.sys [12/22/2009 6:33 AM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1101000.013\SymEFA.sys [12/22/2009 6:33 AM 171056]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1101000.013\cchpx86.sys [12/22/2009 6:33 AM 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1101000.013\Ironx86.sys [12/22/2009 6:33 AM 114736]

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [12/3/2009 8:03 PM 94208]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe [12/22/2009 6:33 AM 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/22/2009 6:44 AM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [12/22/2009 6:44 AM 329592]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 11:17 AM 1184912]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Games\Application Data\Mozilla\Firefox\Profiles\o1ws54p3.default\

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll

FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll

FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: d:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

.

- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{} - (no file)

AddRemove-CinemaForge - c:\windows\system32\xmforgert.exe D:program files\CinemaForge\UninstallCF.xmfg

AddRemove-GTAVC Admin Console - c:\docume~1\Family\Desktop\NEWFOL~1\UNWISE.EXE

AddRemove-Java 2 Platform, Enterprise Edition 1.4 SDK - d:\sun\AppServer\uninstall.exe

AddRemove-Xlviewer - d:\program files\Xlview\Setup\Setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-22 10:01

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3212)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\rundll32.exe

c:\windows\system32\lxdncoms.exe

c:\windows\RTHDCPL.EXE

c:\program files\Lexmark 2600 Series\lxdnMsdMon.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-12-22 10:07:00 - machine was rebooted

ComboFix-quarantined-files.txt 2009-12-22 10:06

Pre-Run: 1,196,163,072 bytes free

Post-Run: 1,198,399,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 21DFEF2EE2FDED57FCD0AE4125DA3D0A

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.