Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix log


  • This topic is locked This topic is locked
2 replies to this topic

#1 DeathMachine

DeathMachine

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 14 January 2011 - 07:09 AM

Can som1 tell me if the virus on my computer is deleted

Here is the log from combofix



ComboFix 11-01-13.01 - Administrator 01/14/2011 21:51:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.630 [GMT 10:00]
Running from: d:\documents and settings\Administrator.84A97D22A519449\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-14 09:45 . 2011-01-14 09:45 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-01-14 09:39 . 2011-01-14 09:39 -------- d-----w- c:\program files\MSXML 4.0
2011-01-14 09:13 . 2011-01-14 09:13 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2011-01-14 09:06 . 2011-01-14 09:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-14 07:06 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-14 07:06 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-01-14 07:06 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-01-14 07:06 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-01-14 07:04 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-14 07:03 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-01-14 07:03 . 2010-08-13 12:53 5120 ------w- c:\windows\system32\xpsp4res.dll
2011-01-14 06:50 . 2011-01-14 09:49 -------- d--h--w- c:\windows\$hf_mig$
2011-01-14 06:46 . 2011-01-14 06:46 -------- d-----w- c:\program files\uTorrent
2011-01-14 06:46 . 2011-01-14 11:57 -------- d-----w- d:\documents and settings\Administrator.84A97D22A519449\Application Data\uTorrent
2011-01-14 06:38 . 2011-01-14 06:38 -------- d-----w- d:\documents and settings\Administrator.84A97D22A519449\Local Settings\Application Data\NTRU Cryptosystems
2011-01-14 06:38 . 2011-01-14 11:57 0 ----a-w- d:\documents and settings\Administrator.84A97D22A519449\Local Settings\Application Data\WavXMapDrive.bat
2011-01-14 06:38 . 2011-01-14 11:56 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\NTRU Cryptosystems
2011-01-14 06:34 . 2011-01-14 06:34 -------- d-----w- c:\program files\Digital Line Detect
2011-01-14 06:29 . 2011-01-14 06:29 -------- d-----w- C:\Intel
2011-01-14 06:28 . 2011-01-14 06:28 -------- d-----w- c:\program files\My Company Name
2011-01-14 06:27 . 2011-01-14 06:27 -------- d-----w- d:\documents and settings\Administrator.84A97D22A519449\Application Data\Dell
2011-01-14 06:27 . 2011-01-14 06:27 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\Dell
2011-01-14 06:27 . 2007-07-20 08:56 233472 ----a-w- c:\windows\system32\NicConfigSvc.cpl
2011-01-14 06:27 . 2005-12-05 02:54 61440 ----a-w- c:\windows\system32\KPower.dll
2011-01-14 06:27 . 2005-12-05 02:54 307200 ----a-w- c:\windows\system32\BMAPI.dll
2011-01-14 06:26 . 2005-08-12 09:50 16128 ----a-w- c:\windows\system32\drivers\APPDRV.SYS
2011-01-14 06:26 . 2007-07-27 13:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-01-14 06:26 . 2007-06-25 11:51 100418 ----a-w- c:\windows\system32\Vxdif.dll
2011-01-14 06:26 . 2007-06-25 10:53 155136 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2011-01-14 06:26 . 2006-11-02 00:09 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-01-14 06:24 . 2007-05-10 02:23 4952064 ----a-w- c:\windows\system32\stacgui.cpl
2011-01-14 06:24 . 2007-05-10 02:22 405504 ----a-w- c:\windows\stsystra.exe
2011-01-14 06:24 . 2007-04-10 09:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2011-01-14 06:24 . 2007-05-10 02:24 1222840 ----a-w- c:\windows\system32\drivers\sthda.sys
2011-01-14 06:24 . 2011-01-14 06:24 -------- d-----w- c:\program files\SigmaTel
2011-01-14 06:24 . 2007-08-21 01:58 146944 ----a-w- c:\windows\system32\st325602.dll
2011-01-14 06:24 . 2007-05-10 02:23 270336 ----a-w- c:\windows\system32\stacapi.dll
2011-01-14 06:22 . 2011-01-14 06:22 -------- d-----w- c:\program files\UPEK
2011-01-14 06:22 . 2005-11-02 03:24 36864 ----a-w- c:\windows\system32\tpmddl.dll
2011-01-14 06:16 . 2011-01-14 06:16 -------- d-----w- d:\documents and settings\Administrator.84A97D22A519449\Local Settings\Application Data\Wave Systems Corp
2011-01-14 06:16 . 2011-01-14 06:16 -------- d-----w- d:\documents and settings\Administrator.84A97D22A519449\Application Data\Wave Systems Corp
2011-01-14 06:16 . 2007-11-08 14:49 1769472 ----a-w- c:\windows\system32\Tsp1.dll
2011-01-14 06:14 . 2011-01-14 06:14 -------- d-----w- c:\program files\Fingerprint Sensor
2011-01-14 06:14 . 2011-01-14 06:14 -------- d-----w- c:\windows\system32\GTwinUSB
2011-01-14 06:14 . 2011-01-14 06:14 -------- d-----w- c:\windows\system32\GPinPad
2011-01-14 06:14 . 2011-01-14 06:14 -------- d-----w- c:\windows\system32\GemPCKey
2011-01-14 06:14 . 2011-01-14 06:14 -------- d-----w- c:\windows\system32\GemPCExp
2011-01-14 06:14 . 2011-01-14 06:14 -------- d-----w- c:\windows\system32\GemPCCard
2011-01-14 06:14 . 2011-01-14 06:14 -------- d-----w- c:\program files\Gemplus
2011-01-14 06:12 . 2007-09-07 01:57 80368 ----a-w- c:\windows\system32\pbadrvdll.dll
2011-01-14 06:12 . 2007-09-07 01:57 26608 ----a-w- c:\windows\system32\drivers\PBADRV.sys
2011-01-14 06:12 . 2011-01-14 06:12 -------- d-----w- c:\windows\system32\BioAPIFFDB
2011-01-14 06:12 . 2006-12-14 02:18 1258496 ----a-w- c:\windows\tfmessbsp.dll
2011-01-14 06:12 . 2006-12-14 02:18 1258496 ----a-w- c:\windows\system\tfmessbsp.dll
2011-01-14 06:12 . 2005-10-25 11:57 143360 ----a-w- c:\windows\system32\bioapi_mds300.dll
2011-01-14 06:12 . 2005-10-25 11:57 106496 ----a-w- c:\windows\system32\bioapi100.dll
2011-01-14 06:12 . 2011-01-14 06:18 -------- d-----w- c:\program files\Wave Systems Corp
2011-01-14 06:12 . 2011-01-14 06:12 -------- d-----w- c:\windows\system32\Test
2011-01-14 06:11 . 2011-01-14 06:18 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\Wave Systems Corp
2011-01-14 06:11 . 2011-01-14 06:11 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\UIB
2011-01-14 06:11 . 2011-01-14 06:11 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\NTRU Cryptosystems
2011-01-14 06:11 . 2011-01-14 06:11 -------- d-----w- c:\program files\NTRU Cryptosystems
2011-01-14 06:09 . 2011-01-14 06:09 -------- d-----w- c:\windows\nview
2011-01-14 06:09 . 2007-11-16 19:03 356352 ----a-w- c:\windows\system32\nvudisp.exe
2011-01-14 06:07 . 2011-01-14 06:27 -------- d-----w- c:\program files\Dell
2011-01-14 06:07 . 2005-07-08 06:19 666 ----a-w- c:\windows\speed.reg
2011-01-14 06:07 . 2011-01-14 06:07 -------- d-----w- d:\documents and settings\Administrator.84A97D22A519449\Application Data\InstallShield
2011-01-14 06:02 . 2010-11-09 10:33 6273872 ----a-w- d:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-14 06:02 . 2010-11-09 10:33 6273872 ----a-w- d:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7011597D-9FD2-43A6-A43A-3842D9303125}\mpengine.dll
2011-01-14 05:56 . 2011-01-14 05:56 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2011-01-14 05:54 . 2007-12-23 09:18 68696 ----a-w- c:\windows\system32\drivers\oz776.sys
2011-01-14 05:54 . 2011-01-14 05:54 -------- d-----w- c:\program files\O2Micro OZ776 SCR Driver
2011-01-14 05:52 . 2011-01-14 05:52 -------- d-s---w- d:\documents and settings\Administrator.84A97D22A519449\UserData
2011-01-14 05:52 . 2011-01-14 05:52 -------- d-s---w- d:\documents and settings\\Administrator.84A97D22A519449\UserData
2011-01-14 05:52 . 2011-01-14 05:52 -------- d-----w- d:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2011-01-14 05:52 . 2011-01-14 05:52 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-14 05:51 . 2011-01-14 05:51 -------- d-----w- d:\documents and settings\Administrator.84A97D22A519449\Local Settings\Application Data\Toshiba
2011-01-14 05:50 . 2010-10-19 00:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-14 05:49 . 2011-01-14 05:49 -------- d-----w- c:\program files\BlueTooth
2011-01-14 05:49 . 2008-04-13 16:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-01-14 05:49 . 2008-04-13 16:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-01-14 05:49 . 2008-04-13 16:15 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-01-14 05:49 . 2008-04-13 16:15 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-01-14 05:49 . 2008-04-13 14:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-01-14 05:49 . 2008-04-13 16:15 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-01-14 05:49 . 2008-04-13 16:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-01-14 05:49 . 2008-04-13 16:45 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-01-14 05:49 . 2008-04-13 16:09 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2011-01-14 05:49 . 2008-04-13 16:09 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2011-01-14 05:49 . 2008-04-13 16:09 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2011-01-14 05:48 . 2008-04-13 21:42 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-01-14 05:48 . 2008-04-13 21:41 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-01-14 05:48 . 2008-04-13 16:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-01-14 05:48 . 2008-04-13 16:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-01-14 05:48 . 2001-08-17 05:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-01-14 05:47 . 2011-01-14 05:47 -------- d-----w- c:\program files\Toshiba
2011-01-14 05:40 . 2005-10-03 04:57 86867 ----a-r- c:\windows\system32\drivers\BCOREUSB.sys
2011-01-14 05:39 . 2011-01-14 06:11 -------- d-----w- c:\windows\Downloaded Installations
2011-01-14 05:38 . 2011-01-14 06:25 -------- d-----w- c:\program files\Broadcom
2011-01-14 05:37 . 2011-01-14 05:37 -------- d-----w- c:\program files\CONEXANT
2011-01-14 05:37 . 2005-11-30 17:40 936960 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2011-01-14 05:37 . 2005-11-30 17:40 192512 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2011-01-14 05:37 . 2005-11-15 15:41 114688 ----a-w- c:\windows\system32\Uci32103.dll
2011-01-14 05:37 . 2005-10-04 15:57 12544 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2011-01-14 05:37 . 2005-10-04 15:56 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2011-01-14 05:37 . 2005-11-30 17:40 669696 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2011-01-14 05:35 . 2011-01-14 06:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-01-14 05:34 . 2011-01-14 06:12 -------- d-----w- c:\program files\Common Files\InstallShield
2011-01-14 05:34 . 2011-01-14 05:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2011-01-14 05:34 . 2011-01-14 05:34 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\Application Data\Intel
2011-01-14 05:34 . 2011-01-14 05:34 -------- d-----w- d:\documents and settings\LocalService.NT AUTHORITY\Application Data\Intel
2011-01-14 05:34 . 2011-01-14 05:34 -------- d-----w- d:\documents and settings\Administrator.84A97D22A519449\Application Data\Intel
2011-01-14 05:34 . 2011-01-14 06:26 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-14 05:34 . 2009-10-25 21:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2011-01-14 05:34 . 2008-06-20 01:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2011-01-14 05:34 . 2008-06-20 01:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2011-01-14 05:34 . 2011-01-14 05:34 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Application Data\Intel
2011-01-14 05:34 . 2011-01-14 05:34 -------- d-----w- c:\program files\Intel
2011-01-14 05:34 . 2011-01-14 05:34 -------- d-----w- c:\program files\Common Files\Intel
2011-01-14 05:28 . 2011-01-14 05:28 -------- d-----w- C:\dell
2011-01-14 05:27 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-14 05:26 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2011-01-14 05:26 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-14 05:26 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-14 05:26 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 10:09 . 2010-09-29 07:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 10:08 . 2010-09-29 07:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2010-09-29 04:36 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2008-04-14 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-05 05:05 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-05 05:05 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-11-03 12:59 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2008-04-14 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-24 13:25 . 2010-10-24 13:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-14 395640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-09 59392]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-16 8495104]
"nwiz"="nwiz.exe" [2007-11-16 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-16 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-16 81920]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2007-09-12 176128]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2007-09-14 75064]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

d:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-1-14 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 07:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 7:11 PM 61440]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [4/14/2008 10:00 PM 5120]
.
Contents of the 'Scheduled Tasks' folder

2011-01-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 04:26]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Administrator.84A97D22A519449\Application Data\Mozilla\Firefox\Profiles\n8o0roqy.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 21:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
.
**************************************************************************
.
Completion time: 2011-01-14 21:59:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-14 11:59

Pre-Run: 164,965,351,424 bytes free
Post-Run: 164,866,093,056 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 41FFB323F2567B2B8F64BF7128B34E48

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:47 AM

Posted 19 January 2011 - 04:09 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:47 AM

Posted 31 January 2011 - 07:31 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users