Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Here Are My Results From Combo Fix, Now What?


  • This topic is locked This topic is locked
1 reply to this topic

#1 asweetdiversion

asweetdiversion

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 14 July 2009 - 04:10 PM

ComboFix 09-07-13.01 - Teresa Gordon 07/13/2009 19:02.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.345 [GMT -5:00]
Running from: c:\documents and settings\Teresa Gordon\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-115180784-1704762704-1123934737-1005
c:\recycler\S-1-5-21-3342051944-3578618602-687055715-1005
c:\recycler\S-1-5-21-3342051944-3578618602-687055715-500
c:\windows\Installer\1112e77.msi
c:\windows\Installer\12d84be.msp
c:\windows\Installer\12d84c7.msp
c:\windows\Installer\13b1214.msp
c:\windows\Installer\1400036.msi
c:\windows\Installer\159aec.msi
c:\windows\Installer\160f4.msi
c:\windows\Installer\16b3b492.msp
c:\windows\Installer\16b3b4a4.msp
c:\windows\Installer\16b3b4ec.msp
c:\windows\Installer\16b3b505.msp
c:\windows\Installer\1bcac4.msi
c:\windows\Installer\1bcacb.msi
c:\windows\Installer\1bcad2.msp
c:\windows\Installer\1bcaeb.msp
c:\windows\Installer\1c26af.msi
c:\windows\Installer\1c26c7.msi
c:\windows\Installer\1c2764.msi
c:\windows\Installer\1e02add.msi
c:\windows\Installer\2011466.msi
c:\windows\Installer\255f6f30.msp
c:\windows\Installer\255f6f42.msp
c:\windows\Installer\25c5b42d.msi
c:\windows\Installer\2650e0e.msi
c:\windows\Installer\2915f0.msi
c:\windows\Installer\29160d.msi
c:\windows\Installer\2cb476.msp
c:\windows\Installer\2f2f2b.msi
c:\windows\Installer\34e258.msi
c:\windows\Installer\38273.msi
c:\windows\Installer\39297b.msp
c:\windows\Installer\397bd.msp
c:\windows\Installer\397c1.msp
c:\windows\Installer\397c5.msp
c:\windows\Installer\397c9.msp
c:\windows\Installer\3be09d.msp
c:\windows\Installer\3be0a1.msp
c:\windows\Installer\3be0a5.msp
c:\windows\Installer\412b6d.msi
c:\windows\Installer\418a74.msi
c:\windows\Installer\4210fe.msi
c:\windows\Installer\4a737a.msi
c:\windows\Installer\4e706.msi
c:\windows\Installer\4e70c.msi
c:\windows\Installer\4e718.msi
c:\windows\Installer\4e71e.msi
c:\windows\Installer\4e730.msi
c:\windows\Installer\4e73a.msi
c:\windows\Installer\4e740.msi
c:\windows\Installer\4e74a.msi
c:\windows\Installer\4e750.msi
c:\windows\Installer\4e756.msi
c:\windows\Installer\4e75c.msi
c:\windows\Installer\4e762.msi
c:\windows\Installer\4e768.msi
c:\windows\Installer\4e76e.msi
c:\windows\Installer\4e774.msi
c:\windows\Installer\4e77a.msi
c:\windows\Installer\4e780.msi
c:\windows\Installer\4e797.msi
c:\windows\Installer\4e79d.msi
c:\windows\Installer\5026fd.msp
c:\windows\Installer\581512.msi
c:\windows\Installer\5951ff.msi
c:\windows\Installer\65a7606.msp
c:\windows\Installer\65a7619.msp
c:\windows\Installer\65a762b.msp
c:\windows\Installer\65a763d.msp
c:\windows\Installer\65a7644.msi
c:\windows\Installer\65a7655.msp
c:\windows\Installer\6772fe1.msi
c:\windows\Installer\67e5b8.msp
c:\windows\Installer\67e5c1.msi
c:\windows\Installer\7374d.msi
c:\windows\Installer\838a5.msi
c:\windows\Installer\9515b.msi
c:\windows\Installer\95162.msi
c:\windows\Installer\9516b.msi
c:\windows\Installer\95171.msi
c:\windows\Installer\95177.msi
c:\windows\Installer\9517f.msi
c:\windows\Installer\9518c.msi
c:\windows\Installer\95192.msi
c:\windows\Installer\95198.msi
c:\windows\Installer\9519e.msi
c:\windows\Installer\95962b.msi
c:\windows\Installer\95963e.msi
c:\windows\Installer\959641.msp
c:\windows\Installer\959645.msp
c:\windows\Installer\959649.msp
c:\windows\Installer\9598a6.msi
c:\windows\Installer\977fe.msi
c:\windows\Installer\9955455.msi
c:\windows\Installer\99c10f.msp
c:\windows\Installer\a82d1df.msi
c:\windows\Installer\b1002.msi
c:\windows\Installer\b1008.msi
c:\windows\Installer\b100e.msi
c:\windows\Installer\b1014.msi
c:\windows\Installer\b101a.msi
c:\windows\Installer\b1024.msi
c:\windows\Installer\b1030.msi
c:\windows\Installer\b1040.msi
c:\windows\Installer\b1048.msi
c:\windows\Installer\b104e.msi
c:\windows\Installer\b1054.msi
c:\windows\Installer\b1194.msi
c:\windows\Installer\ba269.msi
c:\windows\Installer\ba274.msi
c:\windows\Installer\ba27a.msi
c:\windows\Installer\ba284.msi
c:\windows\Installer\c7ad8.msi
c:\windows\Installer\c7ae2.msi
c:\windows\Installer\c7aee.msi
c:\windows\Installer\c7af4.msi
c:\windows\Installer\c7afa.msi
c:\windows\Installer\c7b00.msi
c:\windows\Installer\c9a8a8.msi
c:\windows\Installer\d55ce0.msi
c:\windows\Installer\e1c87.msi
c:\windows\Installer\e1c8d.msi
c:\windows\Installer\f0f2b.msi
c:\windows\Installer\f7571ee.msi
c:\windows\Installer\fd949.msi
c:\windows\kb913800.exe
c:\windows\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-13 23:45 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\NAVENG.SYS
2009-07-13 23:45 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\NAVEX15.SYS
2009-07-13 23:45 . 2009-02-25 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\EECTRL.SYS
2009-07-13 23:45 . 2009-02-25 09:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\ERASER.SYS
2009-07-13 23:45 . 2009-02-24 13:09 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\ECMSVR32.DLL
2009-07-13 23:45 . 2009-02-24 13:09 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\NAVENG32.DLL
2009-07-13 23:45 . 2009-02-24 13:09 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\NAVEX32A.DLL
2009-07-13 23:44 . 2009-02-25 09:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\CCERASER.DLL
2009-07-12 02:14 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\Scxpx86.dll
2009-07-12 02:14 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSXpx86.sys
2009-07-12 02:14 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSxpx86.dll
2009-07-12 02:14 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSvix86.sys
2009-07-12 02:14 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSviA64.sys
2009-07-09 16:16 . 2009-07-09 16:16 44 ----a-w- c:\windows\system32\mhncache.dat
2009-07-09 01:42 . 2009-07-09 01:42 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-07-09 00:59 . 2009-07-09 00:59 -------- d-----w- c:\program files\Support Tools
2009-07-08 19:03 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-08 19:02 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-08 19:02 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-07-08 19:02 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-07-08 19:02 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-07-08 19:02 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2009-07-08 19:02 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-07-08 19:02 . 2004-08-04 03:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-07-08 19:01 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-07-08 19:01 . 2004-08-04 03:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-07-08 19:01 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2009-07-08 17:31 . 2004-08-04 03:29 29311 ----a-w- c:\windows\system32\dllcache\watv01nt.sys
2009-07-08 17:30 . 2001-08-17 18:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2009-07-08 17:30 . 2001-08-17 18:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2009-07-08 17:30 . 2001-08-17 18:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2009-07-08 17:30 . 2001-08-17 18:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2009-07-08 17:30 . 2001-08-17 18:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2009-07-08 17:30 . 2001-08-17 18:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-07-08 17:30 . 2001-08-17 18:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2009-07-08 17:30 . 2001-08-17 18:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2009-07-08 17:30 . 2008-04-13 18:45 20608 ----a-w- c:\windows\system32\dllcache\usbuhci.sys
2009-07-08 17:30 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-07-08 17:30 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-07-08 17:30 . 2004-08-04 03:31 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2009-07-08 17:30 . 2001-08-18 03:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2009-07-08 17:28 . 2001-08-17 17:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-07-08 17:27 . 2001-08-17 19:56 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-07-08 17:26 . 2001-08-17 18:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2009-07-08 17:25 . 2001-08-18 03:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-07-08 17:25 . 2001-08-17 18:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2009-07-08 17:25 . 2001-08-18 03:36 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2009-07-08 17:25 . 2001-08-17 19:07 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2009-07-08 17:25 . 2001-08-17 17:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2009-07-08 17:25 . 2001-08-18 03:36 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2009-07-08 17:25 . 2001-08-17 17:51 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2009-07-08 17:25 . 2001-08-17 18:53 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys
2009-07-08 17:25 . 2008-04-13 18:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys
2009-07-08 17:25 . 2004-08-10 07:00 143422 ----a-w- c:\windows\system32\dllcache\softkey.dll
2009-07-08 17:25 . 2001-08-17 18:53 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys
2009-07-08 17:25 . 2001-08-17 17:51 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2009-07-08 17:25 . 2001-08-17 19:56 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll
2009-07-08 17:23 . 2001-08-18 03:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2009-07-08 17:23 . 2001-08-17 17:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2009-07-08 17:23 . 2001-08-17 19:56 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2009-07-08 17:23 . 2001-08-17 17:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2009-07-08 17:23 . 2001-08-17 19:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2009-07-08 17:23 . 2001-08-17 17:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2009-07-08 17:23 . 2001-07-21 19:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-07-08 17:23 . 2001-07-21 19:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-07-08 17:23 . 2001-08-17 17:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-07-08 17:23 . 2001-08-18 03:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-07-08 17:23 . 2001-08-17 17:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-07-08 17:23 . 2001-08-17 18:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2009-07-08 17:21 . 2001-08-17 19:56 210496 ----a-w- c:\windows\system32\dllcache\s3mvirge.dll
2009-07-08 17:20 . 2008-04-13 18:40 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2009-07-08 17:20 . 2001-08-17 17:12 37563 ----a-w- c:\windows\system32\dllcache\rlnet5.sys
2009-07-08 17:20 . 2001-08-18 03:36 86097 ----a-w- c:\windows\system32\dllcache\reslog32.dll
2009-07-08 17:20 . 2004-08-10 07:00 14848 ----a-w- c:\windows\system32\dllcache\register.exe
2009-07-08 17:20 . 2001-08-17 18:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2009-07-08 17:20 . 2001-08-17 18:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2009-07-08 17:20 . 2001-08-17 18:28 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2009-07-08 17:20 . 2001-08-18 03:36 41472 ----a-w- c:\windows\system32\dllcache\qvusd.dll
2009-07-08 17:20 . 2001-08-17 18:53 3328 ----a-w- c:\windows\system32\dllcache\qv2kux.sys
2009-07-08 17:20 . 2004-08-10 07:00 16384 ----a-w- c:\windows\system32\dllcache\quser.exe
2009-07-08 17:20 . 2004-08-10 07:00 9728 ----a-w- c:\windows\system32\dllcache\query.exe
2009-07-08 17:20 . 2001-08-17 18:52 49024 ----a-w- c:\windows\system32\dllcache\ql1280.sys
2009-07-08 17:20 . 2001-08-17 18:52 40448 ----a-w- c:\windows\system32\dllcache\ql1240.sys
2009-07-08 17:18 . 2001-08-17 19:07 19840 ----a-w- c:\windows\system32\dllcache\philtune.sys
2009-07-08 17:17 . 2004-08-10 07:00 36927 ----a-w- c:\windows\system32\dllcache\padrs411.dll
2009-07-08 17:16 . 2001-08-17 17:50 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2009-07-08 17:16 . 2001-08-18 03:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2009-07-08 17:16 . 2001-08-17 17:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-07-08 17:16 . 2001-08-17 18:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2009-07-08 17:16 . 2001-08-17 18:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-07-08 17:16 . 2008-04-13 18:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2009-07-08 16:53 . 2001-08-17 17:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-07-08 16:53 . 2001-08-17 17:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-07-08 16:53 . 2001-08-17 17:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-07-08 16:53 . 2004-08-04 03:31 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-07-08 16:53 . 2001-08-17 17:11 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2009-07-08 16:53 . 2001-08-17 17:50 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2009-07-08 16:53 . 2001-08-18 03:36 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2009-07-08 16:51 . 2001-08-17 17:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2009-07-08 16:51 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2009-07-08 16:51 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2009-07-08 16:51 . 2001-08-17 18:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2009-07-08 16:51 . 2001-08-17 19:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-07-08 16:51 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2009-07-08 16:51 . 2004-08-10 07:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-07-08 16:51 . 2001-08-17 19:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2009-07-08 16:51 . 2001-08-17 18:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2009-07-08 16:51 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2009-07-08 16:50 . 2001-08-17 18:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-07-08 16:50 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2009-07-08 16:50 . 2001-08-17 18:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-07-08 16:50 . 2001-08-17 18:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2009-07-08 16:50 . 2004-08-10 07:00 34304 ----a-w- c:\windows\system32\dllcache\migisol.exe
2009-07-08 16:50 . 2001-08-17 17:50 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2009-07-08 16:50 . 2004-08-10 07:00 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2009-07-08 16:50 . 2001-08-17 19:56 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2009-07-08 16:50 . 2004-08-10 07:00 92032 ----a-w- c:\windows\system32\dllcache\mga.dll
2009-07-08 16:50 . 2008-04-13 18:41 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2009-07-08 16:50 . 2001-08-18 03:36 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2009-07-08 16:50 . 2001-08-17 18:58 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2009-07-08 16:48 . 2001-08-17 17:12 26442 ----a-w- c:\windows\system32\dllcache\lanepic5.sys
2009-07-08 16:47 . 2001-08-17 17:12 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
2009-07-08 16:46 . 2001-08-17 19:06 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2009-07-08 16:45 . 2001-08-17 18:28 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys
2009-07-08 16:44 . 2001-08-18 03:36 89088 ----a-w- c:\windows\system32\dllcache\hpgt33.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 13:18 . 2006-02-17 08:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 21:29 . 2004-08-10 15:00 14336 ----a-w- c:\windows\system32\svchost.exe
2009-07-07 20:17 . 2008-12-02 15:54 1726 -c--a-w- c:\windows\ndinst.exe
2009-07-07 19:37 . 2004-11-27 16:00 317872 ----a-w- c:\windows\netdi.dll
2009-07-07 00:26 . 2006-05-04 22:10 -------- d-----w- c:\program files\Web Publish
2009-06-23 12:38 . 2006-02-17 08:00 -------- d-----w- c:\program files\ATI Technologies
2009-06-10 12:13 . 2009-02-25 16:53 -------- d-----w- c:\program files\Java
2009-06-10 12:11 . 2009-06-10 12:11 152576 ----a-w- c:\documents and settings\Teresa Gordon\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-05-21 16:33 . 2009-04-01 13:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 05:15 . 2004-08-10 15:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 06:14 . 2006-11-02 14:09 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 06:14 . 2007-01-15 22:18 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:32 . 2004-08-10 15:00 345600 ------w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 15:00 1847168 ------w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 15:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2004-07-30 04:04 . 2004-07-30 04:04 1216 -csha-w- c:\windows\Twunk_16.dll
2004-07-30 04:04 . 2004-07-30 04:04 1216 -csha-w- c:\windows\Twunk_32.dll
2008-08-12 03:19 . 2008-08-12 03:19 22 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HWDN2 Wireless Utility.lnk - c:\program files\Hawking\Common\RaUI.exe [2009-7-6 1146880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=
backupExtension=CommonStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxLiveShare10"=3 (0x3)
"NetTcpPortSharing"=2 (0x2)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\windows\\system32\\sessmgr.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [7/31/2008 9:45 PM 20616]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [3/20/2009 2:04 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [3/20/2009 2:04 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [3/20/2009 2:03 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSXpx86.sys [7/11/2009 9:14 PM 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [3/20/2009 2:03 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/7/2009 2:06 PM 101936]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [7/7/2009 10:42 AM 564480]
S2 SessionLauncher;SessionLauncher; [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 1:44 PM 30088]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 4:06 AM 231424]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 3:58 PM 26248]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WinColorReminder - c:\program files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKLM-Run-HP Software Update - c:\program files\Hp\HP Software Update\HPWuSchd2.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Open image in PhotoME... - c:\program files\PhotoME\iemenuext.html
Trusted Zone: aim.com
Trusted Zone: aol.com\my.screenname
Trusted Zone: aol.com\my.screennames
Trusted Zone: aol.com\webmail
Trusted Zone: aol.com\www
Trusted Zone: fimserve.com\desb.opt
Trusted Zone: google.com
Trusted Zone: google.com\toolbar
Trusted Zone: google.com\www
Trusted Zone: java.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www.update
Trusted Zone: mircosoft.com\*.update
Trusted Zone: myspace.com
Trusted Zone: myspace.com\cf
Trusted Zone: myspace.com\comment
Trusted Zone: myspace.com\home
Trusted Zone: myspace.com\im.home
Trusted Zone: myspace.com\imhome
Trusted Zone: myspace.com\profile
Trusted Zone: myspace.com\searchservice
Trusted Zone: myspace.com\secure
Trusted Zone: myspace.com\viewmorepics
Trusted Zone: officelive.com\home
Trusted Zone: officelive.com\springcleaningservices.web
Trusted Zone: windowsupdate.com\download
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 19:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?p???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3844)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\windows\system32\netdde.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\vssvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-07-14 19:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-14 00:26

Pre-Run: 35,325,468,672 bytes free
Post-Run: 35,203,985,408 bytes free

446 --- E O F --- 2009-02-12 09:05

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,917 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:36 PM

Posted 14 July 2009 - 04:34 PM

Hello asweetdiversion,

ComboFix logs should not be posted outside the HijackThis forums adn then only when requested. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

I see that you have posted another topic without the log here: http://www.bleepingcomputer.com/forums/t/241436/please-help-me/ Please respond to that topic and describe as best as you can what you mean by this:

My computer started acting funny


If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.

The BC Staff
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users