ComboFix 08-11-11.01 - petar 2008-11-13 0:02:23.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.1.1033.18.1184 [GMT 1:00]
Running from: c:\users\petar\Desktop\ComboFix.exe
Command switches used :: c:\users\petar\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_JNXXFU
((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.
2008-11-11 22:09 . 2008-11-11 22:09 <DIR> d-------- C:\rsit
2008-11-10 17:24 . 2008-11-10 17:24 <DIR> d-------- c:\users\petar\AppData\Roaming\Malwarebytes
2008-11-10 17:24 . 2008-11-10 17:24 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-10 17:24 . 2008-11-10 17:24 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-10 17:24 . 2008-11-10 17:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-10 17:24 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-10 17:24 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-08 21:05 . 2008-11-08 21:05 39 --a------ c:\windows\vbaddin.ini
2008-11-08 18:48 . 2008-11-10 16:23 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-11-08 18:48 . 2008-11-10 16:23 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-11-08 18:48 . 2008-11-11 06:09 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-08 18:22 . 2008-11-08 18:22 <DIR> d-------- c:\users\All Users\ESET
2008-11-08 18:22 . 2008-11-08 18:22 <DIR> d-------- c:\programdata\ESET
2008-11-08 18:22 . 2008-11-08 18:22 <DIR> d-------- c:\program files\ESET
2008-11-03 13:38 . 2008-11-03 13:38 <DIR> d-------- c:\program files\AltBinz
2008-10-30 20:35 . 2008-10-30 20:35 <DIR> d-------- c:\users\petar\AppData\Roaming\PeerNetworking
2008-10-30 11:17 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-30 11:17 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-30 11:17 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-23 18:42 . 2008-11-03 13:37 <DIR> d-------- c:\program files\RapidTyping
2008-10-20 10:45 . 2008-10-20 10:45 <DIR> d-------- c:\program files\MetaGeek
2008-10-20 10:18 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-20 10:18 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-19 13:43 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-19 13:40 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-19 13:39 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-19 13:39 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-13 20:32 . 2008-11-12 01:38 4,934 --a------ c:\windows\KernelMessage
2008-10-13 20:29 . 2008-10-13 20:29 <DIR> d-------- c:\windows\BisonCam
2008-10-13 20:29 . 2007-08-20 11:16 783,272 --a------ c:\windows\System32\drivers\BisonCam.sys
2008-10-13 20:29 . 2005-01-14 12:47 180,224 --a------ c:\windows\system\StillDrv.dll
2008-10-13 20:29 . 2006-11-10 19:59 176,128 --a------ c:\windows\System32\BisonRem.dll
2008-10-13 20:29 . 2007-07-30 20:43 172,032 --a------ c:\windows\system\BisonCam.dll
2008-10-13 20:29 . 2007-06-21 18:18 135,168 --a------ c:\windows\system\BisonVfw.dll
2008-10-13 20:29 . 2003-09-22 12:49 15,190 --a------ c:\windows\M2000Twn.ini
2008-10-13 20:29 . 2003-09-22 13:36 13,448 --a------ c:\windows\M2000Twn.src
2008-10-13 20:29 . 2005-12-05 11:08 2,264 --a------ c:\windows\system\S20H0220.csr
2008-10-13 20:29 . 2005-12-05 11:08 2,264 --a------ c:\windows\system\S20F0220.csr
2008-10-12 19:15 . 2008-10-12 19:17 <DIR> d-------- c:\program files\Vistumbler
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 08:49 --------- d-----w c:\programdata\Microsoft Help
2008-11-08 17:19 --------- d-----w c:\program files\Avira
2008-11-08 11:04 --------- d-----w c:\program files\SQLite Manager
2008-11-08 00:47 --------- d-----w c:\users\petar\AppData\Roaming\uTorrent
2008-10-26 11:01 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 16:02 --------- d-----w c:\users\petar\AppData\Roaming\Wireshark
2008-10-19 15:42 --------- d-----w c:\program files\Windows Mail
2008-10-13 19:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-11 16:33 --------- d-----w c:\program files\Wireshark
2008-10-11 16:32 --------- d-----w c:\program files\WinPcap
2008-10-10 15:39 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-01 07:58 --------- d-----w c:\program files\Universal Extractor
2008-10-01 07:57 --------- d-----w c:\program files\totalcmd
2008-09-27 17:49 --------- d-----w c:\program files\Microsoft
2008-09-27 16:27 --------- d-----w c:\users\uros\AppData\Roaming\GHISLER
2008-09-27 00:35 --------- d-----w c:\program files\HD Tune
2008-09-15 10:17 --------- d-----w c:\program files\The KMPlayer
2008-09-15 10:12 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-09-15 10:10 --------- d-----w c:\program files\Common Files\Adobe
2008-09-15 08:28 --------- d-----w c:\users\petar\AppData\Roaming\vlc
2008-09-14 13:07 --------- d-----w c:\program files\ProxyPlus
2008-09-14 12:30 --------- d-----w c:\program files\Cntlm
2008-09-14 10:50 --------- d-----w c:\users\sumadinac\AppData\Roaming\Subversion
2008-09-14 10:46 --------- d-----w c:\users\sumadinac\AppData\Roaming\ATI
2008-09-14 10:45 --------- d-----w c:\users\sumadinac\AppData\Roaming\Launchy
2008-09-12 13:08 --------- d-----w c:\users\petar\AppData\Roaming\Aptana
2008-09-12 12:26 --------- d-----w c:\programdata\PowerDesigner 12
2008-09-12 12:24 --------- d-----w c:\programdata\VMware
2008-09-05 21:17 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-07-17 22:50 174 --sha-w c:\program files\desktop.ini
2008-07-31 18:17 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008073120080801\index.dat
2008-01-18 21:33 397,312 --sha-w c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.
((((((((((((((((((((((((((((( snapshot@2008-11-12_ 9.27.03,74 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-11-11 05:10:23 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-12 23:07:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-12 23:07:33 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-11 05:10:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-12 23:07:33 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-11-12 08:20:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-12 08:32:47 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-12 08:20:21 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-12 08:32:47 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-12 08:20:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-12 08:32:47 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-05 4608]
"Google Update"="c:\users\petar\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-07 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2007-03-15 32768]
"BsMnt"="c:\windows\BisonCam\BsMnt.exe" [2007-03-15 172032]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
c:\users\petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RescueTime.lnk - c:\program files\RescueTime\RescueTime.exe [2008-07-23 311296]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2008-07-20 274432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{0B3E9105-CCFF-4288-A490-72CE09B9F2EA}d:\\installed games\\warcraft iii\\war3.exe"= UDP:d:\installed games\warcraft iii\war3.exe:Warcraft III
"UDP Query User{1C39BD48-FC9E-4632-AEBF-D852C7CED2C0}d:\\installed games\\warcraft iii\\war3.exe"= TCP:d:\installed games\warcraft iii\war3.exe:Warcraft III
"TCP Query User{4BFB51AD-9B9A-4C13-88E8-2581C13C0C98}d:\\installed games\\warcraft iii\\war3.exe"= UDP:d:\installed games\warcraft iii\war3.exe:Warcraft III
"UDP Query User{8B6AC6D0-50AA-4D7E-8BB6-34AB217D8CDD}d:\\installed games\\warcraft iii\\war3.exe"= TCP:d:\installed games\warcraft iii\war3.exe:Warcraft III
"TCP Query User{FD71EAF8-265D-4746-BCEA-FAECC691059B}c:\\program files\\totalcmd\\totalcmd.exe"= UDP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{AA3FCC48-55B6-4754-9694-081B2C0884F5}c:\\program files\\totalcmd\\totalcmd.exe"= TCP:c:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{873734C3-F61E-40FE-A937-CC314BC40156}c:\\dev\\eclipse\\eclipse za django\\eclipse.exe"= UDP:c:\dev\eclipse\eclipse za django\eclipse.exe:eclipse
"UDP Query User{738F3A48-4F3E-40AE-B1E8-47E234051BC7}c:\\dev\\eclipse\\eclipse za django\\eclipse.exe"= TCP:c:\dev\eclipse\eclipse za django\eclipse.exe:eclipse
"TCP Query User{4DD9E6E6-F772-4D7F-9693-7AD103ED5368}d:\\installed games\\half-life 2 deathmatch\\hl2.exe"= UDP:d:\installed games\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{57FA7DBD-2645-4FB9-A669-3B53201F5C0D}d:\\installed games\\half-life 2 deathmatch\\hl2.exe"= TCP:d:\installed games\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{D571B1B3-3BE9-45E4-B20A-DA51125EF6DD}c:\\program files\\real alternative\\media player classic\\mplayerc.exe"= UDP:c:\program files\real alternative\media player classic\mplayerc.exe:Media Player Classic
"UDP Query User{FEBE98F2-7C31-4852-A713-3632C9825109}c:\\program files\\real alternative\\media player classic\\mplayerc.exe"= TCP:c:\program files\real alternative\media player classic\mplayerc.exe:Media Player Classic
"TCP Query User{45486315-22E9-4C8E-AB2C-DE4FCDEC972F}c:\\program files\\aptana studio\\jre\\bin\\javaw.exe"= UDP:c:\program files\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{749BCF2D-B339-48D1-8208-17A414402CD2}c:\\program files\\aptana studio\\jre\\bin\\javaw.exe"= TCP:c:\program files\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{D45E4009-5D6F-42C2-BA7C-F30C8FB4A376}c:\\dev\\aptana studio\\jre\\bin\\javaw.exe"= UDP:c:\dev\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{9987AE68-F068-4270-9EFC-EAE3FA88D870}c:\\dev\\aptana studio\\jre\\bin\\javaw.exe"= TCP:c:\dev\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{9648B265-96E0-4DC7-A1F2-0E51706EF799}c:\\dev\\aptana studio\\jre\\bin\\javaw.exe"= UDP:c:\dev\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{4FEF5EFF-7FC8-4067-A892-7D173F442ED0}c:\\dev\\aptana studio\\jre\\bin\\javaw.exe"= TCP:c:\dev\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{1CE0C12A-34F1-463A-87D7-8877651D55D2}c:\\program files\\entensys\\usergate 4.2\\usergate.exe"= UDP:c:\program files\entensys\usergate 4.2\usergate.exe:UserGate Module
"UDP Query User{0ACFDE09-3ADE-40D7-BE0F-C2B75F03DE69}c:\\program files\\entensys\\usergate 4.2\\usergate.exe"= TCP:c:\program files\entensys\usergate 4.2\usergate.exe:UserGate Module
"TCP Query User{A8651596-08B3-482C-AA9F-2E2254C5E731}c:\\program files\\proxyplus\\proxyplus.exe"= UDP:c:\program files\proxyplus\proxyplus.exe:Proxy server & cache for Win/95/98/Me/NT4/NT2000/XP
"UDP Query User{D1DE02C6-B391-4A83-993A-89A196AD709B}c:\\program files\\proxyplus\\proxyplus.exe"= TCP:c:\program files\proxyplus\proxyplus.exe:Proxy server & cache for Win/95/98/Me/NT4/NT2000/XP
"TCP Query User{2FA5DFE4-85F2-4401-90A3-AE9411BCD8A0}c:\\dev\\aptana studio\\jre\\bin\\javaw.exe"= UDP:c:\dev\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{18E322BF-A810-4331-AA97-1CA7B48D084F}c:\\dev\\aptana studio\\jre\\bin\\javaw.exe"= TCP:c:\dev\aptana studio\jre\bin\javaw.exe:Java(TM) Platform SE binary
"{7FBB7EBF-5031-4022-BAE3-A41AE8347256}"= UDP:5370:LocalSubnet:LocalSubnet:Jaxer
"{2DF71CD0-61EA-4D49-9A8D-55F072E78360}"= UDP:5371:LocalSubnet:LocalSubnet:Jaxer
"{B75941D6-5800-4D82-9C87-D07512B567E7}"= UDP:5374:LocalSubnet:LocalSubnet:Jaxer
"{54E49439-B531-4FFA-908D-1FC913BA47B9}"= UDP:5375:LocalSubnet:LocalSubnet:Jaxer
"{0533FDFC-471A-4BB7-9606-F1978F332F64}"= UDP:5376:LocalSubnet:LocalSubnet:Jaxer
"{CBE44773-812F-4DE1-A71B-C5F248C1405F}"= UDP:5377:LocalSubnet:LocalSubnet:Jaxer
"{DEBBBB98-D4E4-40FA-B7B4-DF69C255A8B3}"= UDP:5378:LocalSubnet:LocalSubnet:Jaxer
"{3021EF9C-2B8F-4F82-808C-C178BC8E16AF}"= UDP:5379:LocalSubnet:LocalSubnet:Jaxer
"{39D3C3EF-9EDD-4E8F-8663-C686FC617628}"= UDP:5380:LocalSubnet:LocalSubnet:Jaxer
"{9E4F62C6-8158-414D-A994-C4AC8A083538}"= UDP:5381:LocalSubnet:LocalSubnet:Jaxer
"{A0E8CE1D-2481-409D-A3F0-95F4B97AF55E}"= UDP:5382:LocalSubnet:LocalSubnet:Jaxer
"{A25E5F66-0ED0-4259-984C-47030240A0FC}"= UDP:5383:LocalSubnet:LocalSubnet:Jaxer
"{F6FFA344-FD89-4163-8187-6759CA22B601}"= UDP:8081:LocalSubnet:LocalSubnet:Apache
R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 cntlm;Cntlm Authentication Proxy;c:\program files\Cntlm\cygrunsrv.exe [2007-11-23 43008]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R2 ProxyPlus;Fortech Proxy+;c:\program files\ProxyPlus\ProxyPlus.exe [2008-09-14 2589833]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ef4bc89-9e92-11dd-ba24-0019db3e575e}]
\shell\Auto\command - G:\Autorun.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf3f1923-5f28-11dd-8754-0019db3e575e}]
\shell\AutoRun\command - F:\SETUP.EXE
\shell\configure\command - F:\SETUP.EXE
\shell\install\command - F:\SETUP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {5EE7B1A3-BC56-25B9-D7BE-82BF7C75ACDB} /qb
.
Contents of the 'Scheduled Tasks' folder
2008-11-12 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\petar\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-07 13:33]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-13 00:07:39
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Cntlm\cntlm.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\conime.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-11-13 0:13:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 23:12:55
ComboFix2.txt 2008-11-12 08:28:21
Pre-Run: 11.864.813.568 bytes free
Post-Run: 11,604,897,792 bytes free
255 --- E O F --- 2008-11-11 08:49:04