hijackthis log and ComboFix log
-
hijackthis log and ComboFix log
i had some viruses and dont know if i have them still so here are some logs
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:04, on 7.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Wizard Software\Bandwidth Meter\BandMeter.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent Turbo Accelerator\BitTorrent Turbo Accelerator.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Bandwidth Meter.lnk = C:\Program Files\Wizard Software\Bandwidth Meter\BandMeter.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 5656 bytes
combofix log:
ComboFix 08-12-05.02 - Emir 2008-12-05 23:40:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1149 [GMT 1:00]
Running from: c:\documents and settings\Emir\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\eefbdefc.dll
c:\windows\system32\wingxpxsx.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FCI
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.
2008-12-05 23:24 . 2008-12-05 23:24 <DIR> d-------- C:\bintheredunthat
2008-12-05 23:10 . 2008-12-05 23:14 <DIR> d-------- C:\BFU
2008-12-05 23:08 . 2008-12-05 23:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 23:08 . 2008-12-05 23:08 <DIR> d-------- c:\documents and settings\Emir\Application Data\Malwarebytes
2008-12-05 23:08 . 2008-12-05 23:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-05 23:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 23:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-05 22:48 . 2008-12-05 22:52 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-05 20:52 . 2008-12-05 20:52 276,137 --a------ c:\windows\Internet Logs.rar
2008-12-05 20:21 . 2008-08-25 11:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-05 20:21 . 2008-08-25 11:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-05 20:21 . 2008-08-25 11:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-05 20:21 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-05 20:20 . 2008-12-05 20:34 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-05 20:20 . 2008-12-05 20:20 <DIR> d-------- c:\documents and settings\Emir\Application Data\PC Tools
2008-12-05 19:34 . 2008-12-05 21:39 4,212 --ah----- c:\windows\system32\zllictbl.dat
2008-12-05 19:34 . 2008-12-05 23:44 136 --a------ c:\program files\BMonitor.dll
2008-12-05 19:31 . 2008-12-05 21:39 335 --a------ c:\windows\system32\vsconfig.xml
2008-12-05 19:31 . 2008-12-05 23:44 0 --a------ c:\windows\system32\ativvaxx.cap
2008-12-05 19:11 . 2008-12-05 20:09 <DIR> d-------- c:\windows\system32\ZoneLabs
2008-12-05 19:11 . 2008-12-05 19:11 <DIR> d-------- c:\program files\Zone Labs
2008-12-05 19:11 . 2008-10-09 14:25 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2008-12-05 16:58 . 2008-12-05 17:11 <DIR> d-------- c:\program files\FileInnovations
2008-11-25 21:15 . 2008-11-25 21:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2008-11-25 21:08 . 2008-11-25 21:16 <DIR> d-------- c:\program files\ATI
2008-11-25 17:39 . 2008-11-25 17:39 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-25 17:39 . 2008-11-25 17:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-25 17:38 . 2008-12-02 21:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rosetta Stone
2008-11-25 11:44 . 2008-11-25 11:44 <DIR> d-------- c:\program files\MSBuild
2008-11-25 11:44 . 2008-11-25 11:44 <DIR> d-------- c:\program files\Microsoft Works
2008-11-25 11:42 . 2008-11-25 11:42 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-25 11:39 . 2008-11-25 11:39 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-11-25 11:38 . 2008-11-25 11:43 <DIR> d-------- c:\windows\SHELLNEW
2008-11-25 11:36 . 2008-11-25 11:36 <DIR> dr-h----- C:\MSOCache
2008-11-24 23:19 . 2008-12-05 22:52 <DIR> d-------- c:\program files\Orbitdownloader
2008-11-24 21:24 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-11-24 21:24 . 2008-11-25 01:56 376 --a------ c:\windows\ODBC.INI
2008-11-24 18:38 . 2008-11-24 18:38 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-11-24 18:35 . 2008-11-24 18:35 46,881 --a------ c:\windows\system32\PerfStringBackup.rar
2008-11-24 18:05 . 2008-11-24 18:05 <DIR> d-------- c:\program files\Lavasoft
2008-11-24 18:05 . 2008-11-24 18:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-24 15:46 . 2008-11-24 15:46 <DIR> d-------- c:\documents and settings\Administrator
2008-11-23 14:33 . 2008-11-23 14:33 <DIR> d-------- c:\documents and settings\Emir\Application Data\Red Alert 3
2008-11-23 13:54 . 2008-11-23 13:57 <DIR> d--h----- c:\windows\msdownld.tmp
2008-11-23 13:54 . 2008-11-23 13:54 <DIR> d-------- c:\windows\Logs
2008-11-20 20:19 . 2008-11-20 20:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-20 18:47 . 2008-11-20 18:47 <DIR> d-------- c:\program files\Yahoo!
2008-11-18 01:52 . 2008-11-18 01:52 286,720 --------- c:\windows\Setup1.exe
2008-11-18 01:52 . 2008-11-18 01:52 73,216 --a------ c:\windows\ST6UNST.EXE
2008-11-16 21:01 . 2008-11-16 21:01 <DIR> d-------- C:\ATI
2008-11-16 18:35 . 2008-11-16 18:35 <DIR> d-------- c:\documents and settings\Emir\Application Data\GrabPro
2008-11-15 16:11 . 2008-12-05 18:46 <DIR> d-------- c:\program files\Unlocker
2008-11-15 16:11 . 2008-11-15 16:11 <DIR> d-------- c:\documents and settings\Emir\Application Data\Desktopicon
2008-11-14 18:34 . 2008-11-14 18:34 <DIR> d-------- c:\program files\Common Files\Common Share
2008-11-14 18:14 . 2008-11-16 18:09 <DIR> d-------- c:\program files\VDOWNLOADER
2008-11-12 15:49 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 15:48 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-06 00:56 . 2008-12-05 21:32 <DIR> d-------- c:\windows\Internet Logs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-05 20:57 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 20:34 --------- d-----w c:\program files\DNA
2008-12-05 20:34 --------- d-----w c:\documents and settings\Emir\Application Data\DNA
2008-12-05 20:04 --------- d-----w c:\documents and settings\Emir\Application Data\BitTorrent
2008-12-03 14:08 --------- d-----w c:\documents and settings\Emir\Application Data\Orbit
2008-12-02 08:58 --------- d-----w c:\program files\Mv2Player
2008-11-27 13:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-25 20:07 --------- d-----w c:\program files\ATI Technologies
2008-11-24 21:21 --------- d-----w c:\documents and settings\Emir\Application Data\Skype
2008-11-24 21:20 --------- d-----w c:\documents and settings\Emir\Application Data\skypePM
2008-11-24 17:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-21 14:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 17:04 --------- d-----w c:\program files\MessengerDiscovery
2008-11-09 15:24 --------- d-----w c:\program files\Common Files\Adobe
2008-11-04 17:51 --------- d-----w c:\documents and settings\Emir\Application Data\Hamachi
2008-11-03 20:58 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-11-01 13:22 --------- d-----w c:\documents and settings\Emir\Application Data\Autodesk
2008-11-01 12:39 --------- d-----w c:\program files\Reference Assemblies
2008-11-01 11:06 --------- d-----w c:\program files\Wizard Software
2008-11-01 08:45 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-10-29 18:17 --------- d-----w c:\documents and settings\Emir\Application Data\Codemasters
2008-10-29 18:08 --------- d-----w c:\documents and settings\Emir\Application Data\InstallShield
2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-10-26 11:20 --------- d-----w c:\program files\VIA
2008-10-25 14:18 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-24 17:51 --------- d-----w c:\documents and settings\Emir\Application Data\THQ
2008-10-24 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-10-24 17:22 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 16:41 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-22 16:41 --------- d-----w c:\documents and settings\Emir\Application Data\SystemRequirementsLab
2008-10-19 09:19 --------- d-----w c:\documents and settings\Emir\Application Data\Ahead
2008-10-19 09:11 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-10-19 09:10 --------- d-----w c:\program files\Common Files\Ahead
2008-10-19 09:06 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-10-16 19:55 57,344 ----a-w c:\windows\system32\drivers\wdreg.exe
2008-10-16 19:48 47,616 ----a-w c:\windows\system32\drivers\Haspnt.sys
2008-10-16 15:00 --------- d-----w c:\documents and settings\Emir\Application Data\Mobile Master
2008-10-14 19:07 --------- d-----w c:\program files\CleverCell Phone Manager
2008-10-14 16:50 --------- d-----w c:\program files\Mobile Master
2008-10-14 16:50 --------- d-----w c:\program files\Common Files\Jumping Bytes
2008-10-14 15:11 --------- d-----w c:\documents and settings\Emir\Application Data\Samsung
2008-10-14 14:43 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-10-14 14:13 --------- d-----w c:\program files\Samsung
2008-10-13 16:16 --------- d-----w c:\program files\MSXML 4.0
2008-10-12 12:27 --------- d-----w c:\program files\File Recover
2008-10-12 12:04 --------- d-----w c:\documents and settings\Emir\Application Data\Teleca
2008-10-12 12:02 --------- d-----w c:\documents and settings\Emir\Application Data\Sony Ericsson
2008-10-11 14:06 --------- d-----w c:\documents and settings\Emir\Application Data\vlc
2008-10-11 14:05 --------- d-----w c:\program files\VideoLAN
2008-10-11 08:47 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-10-11 08:47 --------- d-----w c:\program files\Hamachi
2008-10-10 13:17 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-09 19:45 --------- d-----w c:\program files\Logitech
2008-10-09 19:45 --------- d-----w c:\program files\Common Files\Logitech
2008-10-09 12:06 --------- d-----w c:\program files\Java
2008-10-09 12:03 --------- d-----w c:\program files\Common Files\Java
2008-10-08 21:11 --------- d-----w c:\program files\BitTorrent Turbo Accelerator
2008-10-08 21:09 --------- d-----w c:\program files\BitTorrent
2008-10-06 21:59 --------- d-----w c:\program files\Lexmark 640 Series
2008-10-06 20:51 --------- d-----w c:\documents and settings\Emir\Application Data\Media Player Classic
2008-10-06 19:16 --------- d-----w c:\program files\Real Alternative
2008-10-05 20:25 --------- d-----w c:\program files\Reality Pump
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-12-05 1443072]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2008-04-14 169984]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-10-22 399504]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Emir\Start Menu\Programs\Startup\
Bandwidth Meter.lnk - c:\program files\Wizard Software\Bandwidth Meter\BandMeter.exe [2006-07-15 1420800]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ati6odxx.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Emir^Start Menu^Programs^Startup^Bandwidth Meter.lnk]
path=c:\documents and settings\Emir\Start Menu\Programs\Startup\Bandwidth Meter.lnk
backup=c:\windows\pss\Bandwidth Meter.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Emir^Start Menu^Programs^Startup^BitTorrent Turbo Accelerator.lnk]
path=c:\documents and settings\Emir\Start Menu\Programs\Startup\BitTorrent Turbo Accelerator.lnk
backup=c:\windows\pss\BitTorrent Turbo Accelerator.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-08-01 19:17 222592 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 18:03 152872 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-11-12 15:20 342336 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:42 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-01-19 10:45 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-01-19 10:39 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-01-19 10:05 221184 c:\windows\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-04-01 09:52 1368064 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-29 16:11 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus]
--a------ 2007-08-01 19:17 222592 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-10-09 14:25 981904 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FCI"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe "=
"d:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfw tdir.sys [2008-03-13 33800]
R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-05 170640]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system3 2\drivers\mbam.sys [2008-12-05 15504]
R3 PID_0920;Labtec WebCam(PID_0920);c:\windows\system32\DRIVERS\LV532 AV.SYS [2008-10-09 163328]
S0 ati6odxx;ati6odxx;c:\windows\system32\Drivers\ati6 odxx.sys []
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-05 356920]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 98328]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\DRIVERS\w200bus.sys [2008-10-12 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w200mdfl.sys [2008-10-12 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w200mdm.sys [2008-10-12 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\w200mgmt.sys [2008-10-12 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w200obex.sys [2008-10-12 86368]
.
Contents of the 'Scheduled Tasks' folder
2008-12-05 c:\windows\Tasks\setupeng.job
- c:\documents and settings\Emir\Desktop\setap\setupeng.exe [2008-10-26 15:36]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe
MSConfigStartUp-rs32net - c:\windows\System32\rs32net.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Emir\Application Data\Mozilla\Firefox\Profiles\wi92nrow.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US
fficial
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 23:44:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2008-12-05 23:47:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-05 22:47:36
Pre-Run: 5.581.279.232 bytes free
Post-Run: 5,480,488,960 bytes free
293 --- E O F --- 2008-11-27 13:16:46
-
Both look ok!! 
