ColStuart
2010-10-07, 19:39
Hello
I've carefully followed instructions shown on these forums to remove the google redirect junk and so far so good!
I just wished to post my logs here and perhaps hope that someone will be able to tell me if my system is, indeed, clean.
heres the combofix log :
ComboFix 10-10-06.03 - Carl S-D 2010-10-07 13:11:04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.771 [GMT -4:00]
Running from: c:\documents and settings\Carl S-D\Desktop\Combo-Fix.exe
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\windows\system32\winup.exe
c:\windows\system32\wmuppj.dll
G:\Autorun.inf
H:\Autorun.inf
Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
-------\Legacy_zyeosz
-------\Service_zyeosz
((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))
.
2010-09-26 04:58 . 2010-09-26 04:58 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-09-26 04:58 . 2010-09-26 05:02 -------- d-----w- c:\documents and settings\Carl S-D\Application Data\DAEMON Tools Pro
2010-09-26 04:58 . 2010-09-26 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-09-25 07:48 . 2010-09-25 07:48 -------- d-----w- c:\program files\Atari
2010-09-22 03:44 . 2010-09-22 03:44 -------- d-----w- c:\documents and settings\Carl S-D\Application Data\DivX
2010-09-21 21:39 . 2010-09-21 21:39 47876 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-09-21 16:38 . 2010-09-21 16:38 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-21 16:37 . 2010-09-21 16:37 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-21 16:37 . 2010-09-21 16:35 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-21 16:37 . 2010-09-21 07:45 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-21 16:37 . 2010-09-21 07:44 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-09-21 07:45 . 2010-09-21 07:45 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-21 07:44 . 2010-09-21 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 16:30 . 2008-05-18 06:53 73728 --sh--w- c:\windows\system32\memsys.dll
2010-09-26 04:58 . 2008-01-17 05:00 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-24 16:47 . 2008-04-14 19:27 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-21 16:37 . 2010-09-21 16:37 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-09-21 16:37 . 2010-09-21 16:36 -------- d-----w- c:\program files\DivX
2010-09-21 16:36 . 2010-09-21 16:36 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-21 16:36 . 2010-09-21 16:36 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-09-07 15:02 . 2008-03-17 20:17 -------- d-----w- c:\program files\AOM
2010-09-03 02:12 . 2010-09-03 02:12 -------- d-----w- c:\documents and settings\Carl S-D\Application Data\The Creative Assembly
2010-09-01 01:19 . 2007-12-23 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-27 00:11 . 2010-08-17 06:54 -------- d-----w- c:\documents and settings\Carl S-D\Application Data\vlc
2010-08-17 06:51 . 2008-01-27 20:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-17 06:49 . 2009-09-09 14:03 -------- d-----w- c:\program files\Symantec
2010-08-17 06:37 . 2008-01-27 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-14 16:52 . 2010-08-14 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-10 19:30 . 2008-07-26 21:41 -------- d-----w- c:\program files\Skype
2010-08-10 19:30 . 2008-07-26 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-09 23:38 . 2010-08-09 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-08-09 23:38 . 2010-08-09 23:38 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-08-09 23:38 . 2010-08-09 23:38 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-08-09 23:38 . 2010-08-09 23:38 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-08-09 23:38 . 2010-08-09 23:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-09 20:24 . 2010-07-09 20:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 20:24 . 2010-07-09 20:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 20:24 . 2010-07-09 20:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 20:24 . 2010-07-09 20:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 20:24 . 2010-07-09 20:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 20:24 . 2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2003-12-18 15:33 . 2008-08-30 14:23 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 11:46 . 2008-08-30 14:23 10960 ----a-w- c:\program files\EULA.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk.disabled [2008-2-29 1730]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SsAAD.exe"=c:\progra~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"h:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"h:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"h:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"h:\\Program Files\\StarCraft II\\Versions\\Base16561\\SC2.exe"=
"h:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"h:\\World of Warcraft\\BackgroundDownloader.exe"=
"h:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\legolas107@hotmail.com\\counter-strike source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21593:TCP"= 21593:TCP:BitComet 21593 TCP
"21593:UDP"= 21593:UDP:BitComet 21593 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
S2 yyeoszgw;yyeoszgw;\??\c:\windows\system32\drivers\wmuppj.sys --> c:\windows\system32\drivers\wmuppj.sys [?]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-01-17 697328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
zyeosz REG_MULTI_SZ zyeosz
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Carl S-D\Application Data\Mozilla\Firefox\Profiles\3agmuwnd.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
.
- - - - ORPHANS REMOVED - - - -
ActiveSetup-{990B770D-62AE-5421-DA6D-16033B76258C} - c:\windows\system32\winup.exe
AddRemove-Magic ISO Maker v5.4 (build 0239) - c:\progra~1\MagicISO\UNWISE.EXE
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-507921405-1303643608-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:64,82,de,45,33,cc,ee,44,96,40,fb,32,d1,02,95,6a,d6,13,e5,fe,c2,
c0,08,7e,23,d6,06,dd,37,9c,f7,9f,ea,56,0c,20,6b,cc,ed,03,f5,54,8f,07,20,aa,\
"rkeysecu"=hex:ec,d7,13,1a,c4,b6,7e,fc,f2,f1,bf,a3,01,f4,61,fb
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2010-10-07 13:23:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-07 17:23
Pre-Run: 3*061*858*304 bytes free
Post-Run: 3*654*148*096 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 4ADE83BB4CA0A2E4548D9B6738CC4F24
I've carefully followed instructions shown on these forums to remove the google redirect junk and so far so good!
I just wished to post my logs here and perhaps hope that someone will be able to tell me if my system is, indeed, clean.
heres the combofix log :
ComboFix 10-10-06.03 - Carl S-D 2010-10-07 13:11:04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.771 [GMT -4:00]
Running from: c:\documents and settings\Carl S-D\Desktop\Combo-Fix.exe
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\windows\system32\winup.exe
c:\windows\system32\wmuppj.dll
G:\Autorun.inf
H:\Autorun.inf
Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
-------\Legacy_zyeosz
-------\Service_zyeosz
((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))
.
2010-09-26 04:58 . 2010-09-26 04:58 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-09-26 04:58 . 2010-09-26 05:02 -------- d-----w- c:\documents and settings\Carl S-D\Application Data\DAEMON Tools Pro
2010-09-26 04:58 . 2010-09-26 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-09-25 07:48 . 2010-09-25 07:48 -------- d-----w- c:\program files\Atari
2010-09-22 03:44 . 2010-09-22 03:44 -------- d-----w- c:\documents and settings\Carl S-D\Application Data\DivX
2010-09-21 21:39 . 2010-09-21 21:39 47876 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-09-21 16:38 . 2010-09-21 16:38 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-21 16:37 . 2010-09-21 16:37 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-21 16:37 . 2010-09-21 16:35 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-21 16:37 . 2010-09-21 07:45 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-21 16:37 . 2010-09-21 07:44 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-09-21 07:45 . 2010-09-21 07:45 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-21 07:44 . 2010-09-21 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 16:30 . 2008-05-18 06:53 73728 --sh--w- c:\windows\system32\memsys.dll
2010-09-26 04:58 . 2008-01-17 05:00 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-24 16:47 . 2008-04-14 19:27 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-21 16:37 . 2010-09-21 16:37 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-09-21 16:37 . 2010-09-21 16:36 -------- d-----w- c:\program files\DivX
2010-09-21 16:36 . 2010-09-21 16:36 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-09-21 16:36 . 2010-09-21 16:36 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-21 16:36 . 2010-09-21 16:36 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-09-07 15:02 . 2008-03-17 20:17 -------- d-----w- c:\program files\AOM
2010-09-03 02:12 . 2010-09-03 02:12 -------- d-----w- c:\documents and settings\Carl S-D\Application Data\The Creative Assembly
2010-09-01 01:19 . 2007-12-23 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-27 00:11 . 2010-08-17 06:54 -------- d-----w- c:\documents and settings\Carl S-D\Application Data\vlc
2010-08-17 06:51 . 2008-01-27 20:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-17 06:49 . 2009-09-09 14:03 -------- d-----w- c:\program files\Symantec
2010-08-17 06:37 . 2008-01-27 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-14 16:52 . 2010-08-14 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-10 19:30 . 2008-07-26 21:41 -------- d-----w- c:\program files\Skype
2010-08-10 19:30 . 2008-07-26 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-09 23:38 . 2010-08-09 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-08-09 23:38 . 2010-08-09 23:38 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-08-09 23:38 . 2010-08-09 23:38 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-08-09 23:38 . 2010-08-09 23:38 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-08-09 23:38 . 2010-08-09 23:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-09 20:24 . 2010-07-09 20:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 20:24 . 2010-07-09 20:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 20:24 . 2010-07-09 20:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 20:24 . 2010-07-09 20:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 20:24 . 2010-07-09 20:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 20:24 . 2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2003-12-18 15:33 . 2008-08-30 14:23 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 11:46 . 2008-08-30 14:23 10960 ----a-w- c:\program files\EULA.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk.disabled [2008-2-29 1730]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SsAAD.exe"=c:\progra~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"h:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"h:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"h:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"h:\\Program Files\\StarCraft II\\Versions\\Base16561\\SC2.exe"=
"h:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"h:\\World of Warcraft\\BackgroundDownloader.exe"=
"h:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\legolas107@hotmail.com\\counter-strike source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21593:TCP"= 21593:TCP:BitComet 21593 TCP
"21593:UDP"= 21593:UDP:BitComet 21593 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
S2 yyeoszgw;yyeoszgw;\??\c:\windows\system32\drivers\wmuppj.sys --> c:\windows\system32\drivers\wmuppj.sys [?]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-01-17 697328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
zyeosz REG_MULTI_SZ zyeosz
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Carl S-D\Application Data\Mozilla\Firefox\Profiles\3agmuwnd.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
.
- - - - ORPHANS REMOVED - - - -
ActiveSetup-{990B770D-62AE-5421-DA6D-16033B76258C} - c:\windows\system32\winup.exe
AddRemove-Magic ISO Maker v5.4 (build 0239) - c:\progra~1\MagicISO\UNWISE.EXE
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-507921405-1303643608-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:64,82,de,45,33,cc,ee,44,96,40,fb,32,d1,02,95,6a,d6,13,e5,fe,c2,
c0,08,7e,23,d6,06,dd,37,9c,f7,9f,ea,56,0c,20,6b,cc,ed,03,f5,54,8f,07,20,aa,\
"rkeysecu"=hex:ec,d7,13,1a,c4,b6,7e,fc,f2,f1,bf,a3,01,f4,61,fb
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2010-10-07 13:23:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-07 17:23
Pre-Run: 3*061*858*304 bytes free
Post-Run: 3*654*148*096 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 4ADE83BB4CA0A2E4548D9B6738CC4F24