ComboFix 08-08-17.03 - mirza 2008-08-18 14:57:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.363 [GMT 2:00]
Running from: C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\mirza.BACCARA-GRAPHIC\UserData
C:\Documents and Settings\mirza.BACCARA-GRAPHIC\UserData\index.dat
.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.
2008-08-18 11:33 . 2008-08-18 11:33 <DIR> d-------- C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Application Data\Simply Super Software
2008-08-18 11:33 . 2008-08-18 11:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
2008-08-18 11:33 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-18 11:33 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-08-18 11:33 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-18 11:33 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-18 11:33 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-18 11:14 . 2008-08-18 11:14 <DIR> d-------- C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Application Data\AdobeUM
2008-08-13 15:32 . 2008-08-13 15:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-08-07 14:14 . 2008-08-07 14:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar
2008-08-07 14:14 . 2008-08-07 14:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
2008-08-07 13:35 . 2008-08-07 13:35 2,181,888 --a------ C:\WINDOWS\system32\KERNEL.TMP
2008-08-07 13:35 . 2004-08-03 23:20 2,180,992 --a------ C:\WINDOWS\system32\kernel1.exe
2008-08-07 12:56 . 2008-08-02 14:43 211 --a------ C:\BOOT.BKK
2008-08-04 15:10 . 2008-08-04 15:10 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-08-04 15:05 . 2008-08-04 15:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-04 14:17 . 2008-08-04 14:17 39,073 --a------ C:\WINDOWS\FontData.fdb
2008-08-04 14:15 . 2008-08-04 14:15 <DIR> d-------- C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Application Data\Corel
2008-08-04 14:14 . 2008-08-04 14:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-08-04 09:04 . 2008-08-04 09:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-04 09:04 . 2008-08-04 09:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-04 08:57 . 2008-08-04 08:57 <DIR> d-------- C:\Program Files\TGTSoft
2008-08-02 15:48 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-08-02 15:48 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-08-02 15:48 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-08-02 15:36 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-02 15:24 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-02 15:09 . 2008-08-02 15:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-02 15:08 . 2008-08-02 15:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-08-02 15:00 . 2008-08-02 15:00 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-08-02 14:40 . 2008-08-07 14:13 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-08-02 14:26 . 2004-08-04 00:56 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-08-02 14:15 . 2004-08-04 00:56 239,616 --------- C:\WINDOWS\system32\wstrenderer.ax
2008-08-02 14:15 . 2004-08-04 00:56 164,352 --------- C:\WINDOWS\system32\wstpager.ax
2008-08-02 14:15 . 2004-08-04 00:56 53,248 --------- C:\WINDOWS\system32\vbicodec.ax
2008-08-02 14:15 . 2004-08-03 23:08 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-08-02 14:15 . 2004-08-04 00:56 32,768 --------- C:\WINDOWS\system32\asr_pfu.exe
2008-08-02 14:15 . 2004-08-03 22:59 12,800 --------- C:\WINDOWS\system32\spiisupd.exe
2008-08-02 14:15 . 2004-08-03 22:59 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-08-02 14:12 . 2008-08-02 14:12 <DIR> d-------- C:\WINDOWS\provisioning
2008-08-02 14:00 . 2008-08-02 14:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-02 13:51 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-08-02 13:46 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002257_.tmp
2008-08-02 13:45 . 2004-08-03 22:42 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-02 13:36 . 2008-08-02 13:36 <DIR> d-------- C:\WINDOWS\EHome
2008-08-02 13:04 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-08-02 13:02 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-08-02 13:02 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-08-02 13:02 . 2004-08-04 00:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-08-02 13:02 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-08-02 13:02 . 2001-08-17 14:19 40,704 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys
2008-08-02 13:02 . 2001-08-17 14:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2008-08-02 13:02 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-08-01 15:50 . 2008-08-01 15:50 <DIR> d-------- C:\Program Files\AV9
2008-08-01 15:06 . 2008-08-02 11:27 <DIR> d-------- C:\Program Files\Common Files\AVP Shared Files
2008-08-01 10:36 . 2008-08-01 10:36 <DIR> d-------- C:\Program Files\Bonjour
2008-07-30 15:36 . 2008-07-30 15:36 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 12:15 --------- d-----w C:\Program Files\Winamp
2008-08-07 12:14 --------- d-----w C:\Program Files\Winamp Toolbar
2008-08-07 12:14 --------- d-----w C:\Program Files\Winamp Remote
2008-08-02 09:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 09:33 --------- d-----w C:\Program Files\Ahead
2008-08-01 13:06 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-01 10:37 --------- d-----w C:\Program Files\Common Files\Filseclab
2008-08-01 08:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-30 13:35 --------- d-----w C:\Program Files\BitComet
2008-07-15 11:48 --------- d-----w C:\Program Files\Tajima
2008-07-15 11:10 --------- d-----w C:\Program Files\Corel
2008-07-15 11:04 --------- d-----w C:\Documents and Settings\Guest\Application Data\Corel
2008-07-02 12:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-01 09:48 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-06-27 13:22 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-27 13:22 --------- d-----w C:\Program Files\ACD Systems
2008-06-26 13:22 --------- d-----w C:\Program Files\DIFX
2008-06-26 12:36 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-26 10:08 --------- d-----w C:\Program Files\PC Tools Firewall Plus
2008-06-21 07:25 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-06-21 06:48 --------- d-----w C:\Program Files\ThreatFire
2008-06-20 13:09 --------- d-----w C:\Program Files\Common Files\Corel
2008-06-20 13:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-20 11:25 --------- d-----w C:\Program Files\Microsoft Works
2008-06-20 11:24 --------- d-----w C:\Program Files\MSBuild
2008-06-19 13:15 --------- d-----w C:\Program Files\VIA
2008-06-19 13:11 --------- d-----w C:\Program Files\S3
2008-06-19 11:46 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 22:51 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-04-04 19:01 1368064]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVPCC"="C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe" [2000-10-10 11:31 352320]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"VTTimer"="VTTimer.exe" [2006-09-21 16:36 53248 C:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2007-02-06 07:30 176128 C:\WINDOWS\system32\S3Trayp.exe]
C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Microsoft Office Groove.lnk - C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 15:37:44 338216]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-06-26 14:33:48 106560]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
R2 AVPCC;AVP Control Centre Service;C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe [2000-10-10 11:31]
R2 F-SECURE AVP;F-SECURE AVP;C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\fsavp.sys [2000-09-04 13:47]
R3 F-SECURE Filter;F-SECURE Filter;C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\fsfilter.sys [2000-05-22 12:18]
R3 F-SECURE Gatekeeper;F-SECURE Gatekeeper;C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\fsgk.sys [2000-08-18 16:44]
R3 F-SECURE Recognizer;F-SECURE Recognizer;C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\fsrec.sys [2000-05-22 12:18]
R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-03-05 09:54]
S2 SSPORT;SSPORT;C:\WINDOWS\System32\Drivers\SSPORT.sys []
S3 s3chipid;s3chipid;C:\DOCUME~1\MIRZA~1.BAC\LOCALS~1\Temp\s3chipid.sys []
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\mirza.BACCARA-GRAPHIC\Application Data\Mozilla\Firefox\Profiles\1yx0id6d.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-18 15:01:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-18 15:03:06
ComboFix-quarantined-files.txt 2008-08-18 13:03:00
Pre-Run: 7,944,081,408 bytes free
Post-Run: 8,000,827,392 bytes free
169
|