ComboFix 09-10-27.07 - User 28.10.2009 11:34.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.1015.565 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User\b1k5a35n3.exe
c:\documents and settings\User\b4i2y22b8.exe
c:\documents and settings\User\b4n9s95b8.exe
c:\documents and settings\User\f2a8w344.exe
c:\documents and settings\User\h7j9f65w8.exe
c:\documents and settings\User\r1p2j95k4.exe
c:\documents and settings\User\s9u2n26x8.exe
c:\documents and settings\User\v9r8v85b6.exe
c:\documents and settings\User\z3x9c92v7.exe
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.
2009-10-26 19:21 . 2009-10-28 10:02 90157 ----a-w- c:\windows\system32\NVUKZ.exe
2009-10-26 18:54 . 2009-10-26 18:54 -------- d-----w- c:\program files\CCleaner
2009-10-26 16:57 . 2009-10-26 16:57 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
2009-10-26 16:56 . 2009-10-26 16:56 -------- d-----w- c:\windows\system32\FPAP-EXL600
2009-10-26 16:56 . 2009-10-26 16:56 -------- d-----w- c:\documents and settings\User\Application Data\ABIG
2009-10-26 13:30 . 2009-10-28 09:59 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2009-10-26 13:30 . 2009-10-26 13:30 -------- d-----w- c:\program files\Common Files\Skype
2009-10-26 13:30 . 2009-10-26 13:30 -------- d-----r- c:\program files\Skype
2009-10-26 13:29 . 2009-10-26 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-26 13:07 . 2009-10-26 13:07 -------- d-----w- c:\program files\Trend Micro
2009-10-26 12:58 . 2009-10-26 12:58 -------- d-----r- C:\xAVx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 18:54 . 2009-01-20 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-26 18:00 . 2009-01-20 01:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-26 17:21 . 2009-01-20 01:11 -------- d-----w- c:\program files\Opera
2009-09-10 13:54 . 2009-01-20 01:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-01-20 01:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.
------- Sigcheck -------
[-] 2007-12-15 . 409B44CE625776DB74EAA63F24E9D4E4 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\drivers\tcpip.sys
[-] 2007-12-15 . 837E25C89935C3CB144DD757D7FFF719 . 2302464 . . [5.1.2600.3181] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-12-15 . 3F57F13786678214051DF97A1423BDCC . 2182144 . . [5.1.2600.3181] . . c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlay1EXL600]
@="{BF9B13E4-FE9B-4121-853F-866F4E9E2830}"
[HKEY_CLASSES_ROOT\CLSID\{BF9B13E4-FE9B-4121-853F-866F4E9E2830}]
2008-04-16 13:55 599552 ----a-w- c:\windows\system32\FPAP-EXL600\FileptcIconOverlay.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-12-03 1230848]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"9UmxQPSiTJMbA"="c:\windows\system32\NVUKZ.exe" [2009-10-28 90157]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AAWTray"="c:\program files\Security\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-25 1451264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"MbWzdFPAP-EXL600"="c:\windows\system32\FPAP-EXL600\PdtGuide.exe" [2008-04-16 1030656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"zvb0dl2X8tt"="c:\windows\system32\NVUKZ.exe" [2009-10-28 90157]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-12-15 124928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-18 581693]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 iastor76;iastor76;c:\windows\system32\drivers\iastor76.sys [15.12.2007 22:24 305176]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [25.10.2008 5:53 34824]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [25.10.2008 5:51 468224]
R3 Fkndisf;FortKnox Firewall NDIS Filter Service;c:\windows\system32\drivers\fortknoxfw_ndisim.sys [20.1.2009 2:45 23248]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19.1.2009 17:49 36608]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{14MAD6M8-1MAD-81AD-JIM6-26OP5G3369085}]
c:\xavx\ReleAsE\xAVy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{67KLN5J0-4OPM-33WE-AAX5-34KC2A3453431}]
c:\setup\DATA\June.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{G0NP7z2v-B1Zd-qHJB-52lr-OUa3XrMOqGOk}]
c:\windows\system32\NVUKZ.exe
[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{G0NP7z2v-B1Zd-qHJB-52lr-OUa3XrMOqGOk}]
c:\windows\system32\NVUKZ.exe
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9d7hr5e5.default\
FF - prefs.js: browser.startup.homepage -
www.google.hrFF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files:
**************************************************************************
.
Completion time: 2009-10-28 11:39
ComboFix-quarantined-files.txt 2009-10-28 10:38
Pre-Run: 25.284.194.304 bytes free
Post-Run: 25.259.462.656 bytes free
- - End Of File - - D8325F91E74DAA39D1448E691811E074