[Closed] Win32/Renos.IO

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

[Closed] Win32/Renos.IO, Help

Options

Wooty View Member Profile	Jul 3 2009, 10:04 AM Post #1
New Member Group: New Member Posts: 2 Joined: 3-July 09 Member No.: 86,525 Operating System: Vista	i have seen one another post where someone else was helped i followed the steps here are the findings. if someone could help me that would be great, my windows defenders keeps getting the renos file and i have scanned my computer with eset nod 2 times and it has found nothing Attached File(s) Attach.txt ( 4.96K ) Number of downloads: 312 DDS.txt ( 21.31K ) Number of downloads: 186 Log.malwooty.txt ( 15.96K ) Number of downloads: 181

Replies

Wooty View Member Profile	Jul 3 2009, 05:27 PM Post #2
New Member Group: New Member Posts: 2 Joined: 3-July 09 Member No.: 86,525 Operating System: Vista	here is the file from combofix ComboFix 09-07-03.03 - Thomas 04/07/2009 0:07.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3070.2219 [GMT 1:00] Running from: c:\downloads\Combo-Fix.exe AV: ESET Smart Security 4.0 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} SP: ESET Smart Security 4.0 enabled (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Thomas\AppData\Roaming\.# c:\windows\Installer\27bf2.msi c:\windows\Installer\eaf493.msi c:\windows\msa.exe c:\windows\system32\ATIODCLI.exe c:\windows\system32\ATIODE.exe c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job . ((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 ))))))))))))))))))))))))))))))) . 2009-07-03 23:16 . 2009-07-03 23:16 -------- d-----w- c:\users\Thomas\AppData\Local\temp 2009-07-02 18:00 . 2009-07-02 18:00 348160 ----a-w- c:\users\Thomas\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_3440\msvcr71.dll 2009-07-02 17:59 . 2009-07-02 17:59 8212480 ----a-w- c:\users\Thomas\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_3440\fml.exe 2009-07-02 17:32 . 2009-07-02 17:32 -------- d-----w- c:\program files\Ubisoft 2009-06-30 13:52 . 2009-06-30 13:52 -------- d-----w- c:\users\Thomas\AppData\Roaming\fml_live_v1 2009-06-30 13:42 . 2009-06-30 13:42 348160 ----a-w- c:\users\Thomas\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_3436\msvcr71.dll 2009-06-30 13:42 . 2009-06-30 13:42 8212480 ----a-w- c:\users\Thomas\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\add_ons\client\app_3436\fml.exe 2009-06-29 14:42 . 2009-07-03 22:10 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-06-29 14:42 . 2009-06-29 14:42 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-06-29 14:39 . 2009-07-03 22:24 -------- d-----w- c:\program files\Anno 1701 2009-06-28 20:13 . 2009-06-28 20:13 -------- d-----w- c:\program files\uTorrent 2009-06-28 20:12 . 2009-07-03 11:35 -------- d-----w- c:\users\Thomas\AppData\Roaming\uTorrent 2009-06-27 12:25 . 2009-06-27 12:35 -------- d-----w- c:\program files\Overlord II 2009-06-27 11:07 . 2009-06-27 11:07 -------- d-----w- c:\programdata\ATI 2009-06-27 10:59 . 2009-06-27 10:59 10134 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{7113847B-EC8E-C244-66B0-C8C98A855525}\ARPPRODUCTICON.exe 2009-06-27 10:58 . 2009-06-27 10:58 -------- d-----w- C:\ATI 2009-06-27 10:53 . 2009-06-27 10:53 -------- d-----w- c:\users\Thomas\AppData\Roaming\ATI 2009-06-27 10:53 . 2009-06-27 10:53 -------- d-----w- c:\users\Thomas\AppData\Local\ATI 2009-06-27 10:46 . 2009-06-27 10:46 9158 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe 2009-06-27 10:46 . 2009-06-27 10:46 -------- d-----w- c:\program files\Common Files\ATI Technologies 2009-06-27 10:46 . 2009-06-27 10:46 0 ----a-w- c:\windows\ativpsrm.bin 2009-06-27 10:46 . 2008-07-08 13:37 3107788 ----a-w- c:\windows\system32\atiumdva.dat 2009-06-27 10:45 . 2009-06-27 11:47 -------- d-----w- c:\program files\ATI 2009-06-27 10:45 . 2009-06-27 11:02 -------- d-----w- c:\program files\ATI Technologies 2009-06-25 21:31 . 2009-06-25 21:31 -------- d-----w- c:\windows\system32\ca-ES 2009-06-25 21:31 . 2009-06-25 21:31 -------- d-----w- c:\windows\system32\eu-ES 2009-06-25 21:31 . 2009-06-25 21:31 -------- d-----w- c:\windows\system32\vi-VN 2009-06-25 21:20 . 2009-06-25 21:20 -------- d-----w- c:\windows\system32\EventProviders 2009-06-25 21:17 . 2009-04-11 06:32 180712 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2009-06-25 09:23 . 2009-06-25 09:25 -------- d-----w- c:\users\Thomas\AppData\Local\Microsoft Games 2009-06-23 21:50 . 2009-06-24 18:24 -------- d-----w- c:\users\Thomas\AppData\Roaming\My Games 2009-06-21 15:13 . 2009-06-21 15:13 -------- d-----w- c:\users\Thomas\AppData\Roaming\The Creative Assembly 2009-06-19 13:53 . 2009-06-19 13:53 -------- d-----w- c:\program files\PowerISO 2009-06-18 17:55 . 2009-06-18 17:55 -------- d-----w- c:\program files\Atari 2009-06-15 19:18 . 2009-06-27 20:56 -------- d-----w- c:\users\Thomas\AppData\Local\My Games 2009-06-15 18:25 . 2009-06-27 09:27 -------- d-----w- c:\users\Thomas\AppData\Roaming\Firaxis Games 2009-06-15 09:38 . 2009-06-15 09:38 -------- d-----w- c:\users\Thomas\AppData\Roaming\Nero 2009-06-15 09:38 . 2009-06-15 09:38 -------- d-----w- c:\users\Thomas\AppData\Local\Xenocode 2009-06-13 18:15 . 2009-06-13 18:15 -------- d-----w- c:\program files\AC3Filter 2009-06-12 08:06 . 2009-06-12 08:06 -------- d-sh--w- c:\windows\ftpcache 2009-06-11 18:31 . 2009-06-11 18:31 -------- d-----w- c:\program files\netloader.in 2009-06-08 20:52 . 2009-06-13 16:32 -------- d-----w- c:\users\Thomas\AppData\Roaming\DivX 2009-06-08 20:51 . 2009-06-08 20:51 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-06-08 20:51 . 2009-06-08 20:52 -------- d-----w- c:\program files\DivX 2009-06-08 20:51 . 2009-06-08 20:51 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-08 18:49 . 2009-06-08 18:49 -------- d-----w- c:\windows\Thomson.0000 2009-06-07 23:08 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2009-06-07 21:01 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll 2009-06-07 21:01 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll 2009-06-07 21:01 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll 2009-06-07 21:01 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2009-06-07 21:01 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2009-06-07 21:01 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2009-06-07 20:46 . 2009-06-07 20:46 -------- d-----w- C:\PerfLogs 2009-06-07 20:03 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll 2009-06-07 19:59 . 2009-06-07 19:59 -------- d-----w- c:\users\Thomas\AppData\Roaming\InstallShield 2009-06-07 18:58 . 2009-06-07 21:09 -------- d-----w- c:\programdata\Media Center Programs 2009-06-07 12:42 . 2009-06-07 12:42 -------- d-----w- c:\programdata\DAEMON Tools Lite 2009-06-07 12:41 . 2009-06-07 12:41 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-06-07 12:41 . 2009-06-07 12:41 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-06-07 12:31 . 2009-06-07 12:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-06-07 12:31 . 2009-06-07 12:43 -------- d-----w- c:\users\Thomas\AppData\Roaming\DAEMON Tools Lite 2009-06-07 12:28 . 2009-06-07 12:29 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-06-07 12:28 . 2009-06-07 12:28 -------- d-----w- c:\windows\system32\xlive 2009-06-07 12:23 . 2009-06-07 12:48 -------- d-----w- c:\users\Thomas\AppData\Local\Fallout3 2009-06-07 09:40 . 2009-07-03 23:02 -------- d-----w- C:\Downloads 2009-06-07 09:38 . 2009-07-03 23:02 -------- d-----w- c:\users\Thomas\AppData\Roaming\Orbit 2009-06-07 09:38 . 2009-06-07 09:38 -------- d-----w- c:\program files\Orbitdownloader 2009-06-07 08:46 . 2008-01-19 07:29 705536 ----a-w- c:\windows\system32\imagesp1.dll 2009-06-07 08:46 . 2008-01-19 07:36 116736 ----a-w- c:\windows\system32\sstpsvc.dll 2009-06-07 08:46 . 2008-01-19 07:36 175104 ----a-w- c:\windows\system32\winrscmd.dll 2009-06-07 08:44 . 2008-01-19 07:42 52792 ----a-w- c:\windows\system32\drivers\volmgr.sys 2009-06-07 08:43 . 2008-01-19 07:34 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll 2009-06-07 08:43 . 2008-01-19 07:36 357888 ----a-w- c:\windows\system32\wbemcomn.dll 2009-06-07 08:43 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll 2009-06-07 08:43 . 2008-01-19 07:36 139264 ----a-w- c:\windows\system32\SmiInstaller.dll 2009-06-07 08:43 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll 2009-06-07 08:43 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll 2009-06-07 08:43 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll 2009-06-06 21:01 . 2009-06-17 21:44 -------- d-----w- c:\users\Thomas\AppData\Roaming\Apple Computer 2009-06-06 21:01 . 2009-06-13 16:34 -------- d-----w- c:\users\Thomas\AppData\Local\Apple Computer 2009-06-06 18:52 . 2009-06-06 18:52 -------- d-----w- c:\users\Thomas\AppData\Local\Blizzard Entertainment 2009-06-06 15:54 . 2009-06-06 15:54 -------- d-----w- c:\program files\SopCast 2009-06-06 14:39 . 2009-06-06 14:39 -------- d-----w- c:\program files\ReflexiveArcade 2009-06-06 14:32 . 2009-06-06 14:32 -------- d-----w- c:\users\Thomas\AppData\Local\ESET 2009-06-06 11:59 . 2009-07-02 17:25 -------- d-----w- c:\program files\Common Files\Steam 2009-06-06 11:59 . 2009-07-03 18:04 -------- d-----w- c:\program files\Steam 2009-06-06 10:12 . 2009-06-06 10:12 -------- d-----w- c:\program files\ESET 2009-06-06 09:51 . 2009-06-06 09:51 61440 ----a-w- c:\windows\system32\winipsec.dll 2009-06-06 09:51 . 2009-06-06 09:51 272896 ----a-w- c:\windows\system32\polstore.dll 2009-06-06 09:43 . 2009-06-06 09:43 2048 ----a-w- c:\windows\system32\msxml3r.dll 2009-06-06 09:37 . 2006-11-02 09:46 8704 ----a-w- c:\windows\system32\hccoin.dll 2009-06-06 09:34 . 2009-06-06 09:34 6656 ----a-w- c:\windows\system32\kbd106n.dll 2009-06-06 09:32 . 2009-06-06 09:32 9728 ----a-w- c:\windows\system32\lsass.exe 2009-06-06 09:30 . 2009-06-06 09:30 37888 ----a-w- c:\windows\system32\printcom.dll 2009-06-06 09:30 . 2009-06-06 09:30 14848 ----a-w- c:\windows\system32\wshrm.dll 2009-06-06 09:28 . 2009-06-06 09:28 84480 ----a-w- c:\windows\system32\INETRES.dll 2009-06-06 09:25 . 2009-06-06 09:25 2048 ----a-w- c:\windows\system32\msxml6r.dll 2009-06-06 09:16 . 2009-06-06 09:16 -------- d-----w- c:\program files\Intel 2009-06-06 09:16 . 2008-05-01 15:35 53248 ----a-w- c:\windows\system32\CSVer.dll 2009-06-06 09:16 . 2009-06-06 09:16 -------- d-----w- C:\Intel 2009-06-05 21:41 . 2009-06-05 22:11 -------- d-----w- c:\users\Public\Games 2009-06-05 21:40 . 2009-06-05 21:40 -------- d-----w- c:\programdata\Blizzard 2009-06-05 21:00 . 2009-06-05 21:09 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-06-05 19:46 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2009-06-05 19:21 . 2009-06-07 21:44 -------- d-----w- C:\Warhammer Online - Age of Reckoning 2009-06-05 19:10 . 2009-07-02 17:59 348160 ----a-w- c:\users\Thomas\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\msvcr71.dll 2009-06-05 19:10 . 2009-07-02 17:59 1073152 ----a-w- c:\users\Thomas\AppData\Roaming\Sports Interactive\Football Manager Live\fml_live_v1\fml_launcher.exe 2009-06-05 19:08 . 2009-06-05 19:08 -------- d-----w- c:\users\Thomas\AppData\Roaming\Sports Interactive 2009-06-05 19:08 . 2009-06-05 19:08 -------- d-----w- c:\program files\Sports Interactive 2009-06-05 19:05 . 2009-06-05 19:05 51224 ----a-w- c:\windows\system32\wuauclt.exe 2009-06-05 19:05 . 2009-06-05 19:05 43544 ----a-w- c:\windows\system32\wups2.dll 2009-06-05 19:05 . 2009-06-05 19:05 1524736 ----a-w- c:\windows\system32\wucltux.dll 2009-06-05 19:05 . 2009-06-05 19:05 1809944 ----a-w- c:\windows\system32\wuaueng.dll 2009-06-05 19:05 . 2009-06-05 19:05 83456 ----a-w- c:\windows\system32\wudriver.dll 2009-06-05 19:05 . 2009-06-05 19:05 561688 ----a-w- c:\windows\system32\wuapi.dll 2009-06-05 19:05 . 2009-06-05 19:05 34328 ----a-w- c:\windows\system32\wups.dll 2009-06-05 19:04 . 2009-06-05 19:04 31232 ----a-w- c:\windows\system32\wuapp.exe 2009-06-05 19:04 . 2009-06-05 19:04 162064 ----a-w- c:\windows\system32\wuwebv.dll 2009-06-05 18:47 . 2008-06-30 17:28 47616 ----a-w- c:\windows\system32\drivers\L1E60x86.sys 2009-06-05 18:47 . 2009-06-05 18:47 -------- d-----w- c:\windows\system32\Atheros_L1e 2009-06-05 18:47 . 2009-07-03 22:10 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-05 18:46 . 2006-10-18 05:44 7680 ----a-w- c:\windows\system32\drivers\ASACPI.sys 2009-06-05 18:46 . 2007-12-28 07:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS 2009-06-05 18:11 . 2009-06-27 13:09 -------- d-----w- c:\program files\SpeedFan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-27 10:44 . 2009-06-05 17:49 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-27 10:42 . 2009-06-05 18:45 1356 ----a-w- c:\users\Thomas\AppData\Local\d3d9caps.dat 2009-06-27 09:20 . 2009-06-05 18:05 31966 ----a-w- c:\programdata\nvModes.dat 2009-06-25 21:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar 2009-06-25 21:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-06-25 21:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar 2009-06-25 21:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery 2009-06-25 21:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration 2009-06-25 21:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender 2009-06-25 21:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-06-09 09:05 . 2009-06-09 09:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-06-08 19:01 . 2009-06-08 19:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-06-07 20:38 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2009-06-07 20:38 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2009-06-07 08:34 . 2009-06-06 19:22 -------- d-----w- c:\programdata\Apple 2009-06-06 21:01 . 2009-06-06 21:01 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-06 21:01 . 2009-06-06 21:01 -------- d-----w- c:\program files\iTunes 2009-06-06 21:01 . 2009-06-06 21:01 -------- d-----w- c:\program files\iPod 2009-06-06 21:01 . 2009-06-06 19:22 -------- d-----w- c:\program files\Common Files\Apple 2009-06-06 21:01 . 2009-06-06 19:24 -------- d-----w- c:\programdata\Apple Computer 2009-06-06 19:24 . 2009-06-06 19:24 -------- d-----w- c:\program files\Bonjour 2009-06-06 19:24 . 2009-06-06 19:24 -------- d-----w- c:\program files\QuickTime 2009-06-06 19:23 . 2009-06-06 19:23 -------- d-----w- c:\program files\Apple Software Update 2009-06-05 18:45 . 2009-06-05 18:45 48600 ----a-w- c:\users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-05 17:49 . 2009-06-05 17:49 319456 ----a-w- c:\windows\DIFxAPI.dll 2009-06-05 17:49 . 2009-06-05 17:49 -------- d-----w- c:\program files\Realtek 2009-06-05 17:49 . 2009-06-05 17:49 315392 ----a-w- c:\windows\HideWin.exe 2009-05-30 11:50 . 2009-05-30 11:50 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-05-29 12:36 . 2009-05-29 12:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-05-29 12:36 . 2009-05-29 12:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-05-16 04:01 . 2009-05-16 04:01 4933632 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2009-05-16 03:24 . 2009-05-16 03:24 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2009-05-16 03:24 . 2009-05-16 03:24 335872 ----a-w- c:\windows\system32\atieclxx.exe 2009-05-16 03:23 . 2009-05-16 03:23 176128 ----a-w- c:\windows\system32\atiesrxx.exe 2009-05-16 03:22 . 2008-07-08 14:10 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2009-05-16 03:22 . 2008-07-08 14:09 356352 ----a-w- c:\windows\system32\atipdlxx.dll 2009-05-16 03:22 . 2009-05-16 03:22 278528 ----a-w- c:\windows\system32\Oemdspif.dll 2009-05-16 03:22 . 2009-05-16 03:22 11776 ----a-w- c:\windows\system32\atimuixx.dll 2009-05-16 03:22 . 2008-07-08 14:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2009-05-16 03:19 . 2009-05-16 03:19 2411008 ----a-w- c:\windows\system32\atidxx32.dll 2009-05-16 03:08 . 2008-07-08 13:55 3064832 ----a-w- c:\windows\system32\atiumdag.dll 2009-05-16 02:53 . 2008-07-08 13:38 2847744 ----a-w- c:\windows\system32\atiumdva.dll 2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\atimpc32.dll 2009-05-16 02:42 . 2009-05-16 02:42 51712 ----a-w- c:\windows\system32\amdpcom32.dll 2009-05-16 02:41 . 2009-05-16 02:41 172032 ----a-w- c:\windows\system32\atiadlxx.dll 2009-05-16 02:40 . 2009-05-16 02:40 11376640 ----a-w- c:\windows\system32\atioglxx.dll 2009-05-16 02:27 . 2009-05-16 02:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalrt.dll 2009-05-16 02:00 . 2009-05-16 02:00 53248 ----a-w- c:\windows\system32\aticalcl.dll 2009-05-16 01:59 . 2009-05-16 01:59 3174400 ----a-w- c:\windows\system32\aticaldd.dll 2009-05-14 14:49 . 2009-05-14 14:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys 2009-05-14 14:49 . 2009-05-14 14:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys 2009-05-14 14:49 . 2009-05-14 14:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys 2009-05-14 14:47 . 2009-05-14 14:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-05-14 14:41 . 2009-05-14 14:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-05-09 05:50 . 2009-06-09 19:21 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-09 05:34 . 2009-06-09 19:21 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe 2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-30 23:08 . 2009-04-30 23:08 1505824 ----a-w- c:\windows\system32\nvcpluir.dll 2009-04-30 23:08 . 2009-04-30 23:08 1194528 ----a-w- c:\windows\system32\nvcplui.exe 2009-04-30 23:08 . 2009-04-30 23:08 1358368 ----a-w- c:\windows\system32\nvsvsr.dll 2009-04-30 23:08 . 2009-04-30 23:08 1292832 ----a-w- c:\windows\system32\nvsvs.dll 2009-04-30 21:02 . 2009-04-30 21:02 9850016 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2009-04-30 21:02 . 2009-04-30 21:02 983552 ----a-w- c:\windows\system32\nvapi.dll 2009-04-30 21:02 . 2009-04-30 21:02 795104 ----a-w- c:\windows\system32\dpinst.exe 2009-04-30 21:02 . 2009-04-30 21:02 7593472 ----a-w- c:\windows\system32\nvd3dum.dll 2009-04-30 21:02 . 2009-04-30 21:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll 2009-04-30 21:02 . 2009-04-30 21:02 457248 ----a-w- c:\windows\system32\nvudisp.exe 2009-04-30 21:02 . 2009-04-30 21:02 3128320 ----a-w- c:\windows\system32\nvwgf2um.dll 2009-04-30 21:02 . 2009-04-30 21:02 1704960 ----a-w- c:\windows\system32\nvcuda.dll 2009-04-30 21:02 . 2009-04-30 21:02 143360 ----a-w- c:\windows\system32\nvcod146.dll 2009-04-30 21:02 . 2009-04-30 21:02 143360 ----a-w- c:\windows\system32\nvcod.dll 2009-04-30 21:02 . 2009-04-30 21:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-04-30 21:02 . 2009-04-30 21:02 10366976 ----a-w- c:\windows\system32\nvoglv32.dll 2009-04-24 05:43 . 2009-04-24 05:43 95544 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys 2009-04-23 19:04 . 2009-04-23 19:04 189051 ----a-w- c:\windows\system32\atiicdxx.dat 2009-04-23 12:15 . 2009-06-09 19:21 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:14 . 2009-06-09 19:21 623616 ----a-w- c:\windows\system32\localspl.dll 2009-04-21 23:20 . 2009-04-21 23:20 14311680 ----a-w- c:\windows\system32\xlive.dll 2009-04-21 23:20 . 2009-04-21 23:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll 2009-04-21 11:39 . 2009-06-09 19:21 2034688 ----a-w- c:\windows\system32\win32k.sys 2009-04-11 06:33 . 2009-06-25 21:18 986600 ----a-w- c:\windows\system32\winload.exe 2009-04-11 06:33 . 2009-06-25 21:18 926184 ----a-w- c:\windows\system32\winresume.exe 2009-04-11 06:33 . 2009-06-25 21:17 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys 2009-04-11 06:33 . 2009-06-25 21:18 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-04-11 06:33 . 2009-06-25 21:18 614376 ----a-w- c:\windows\system32\ci.dll 2009-04-11 06:28 . 2009-06-25 21:18 56320 ----a-w- c:\windows\system32\xmlfilter.dll 2009-04-11 06:27 . 2009-06-25 21:18 441344 ----a-w- c:\windows\system32\SearchIndexer.exe 2009-04-11 06:22 . 2009-06-25 21:17 7168 ----a-w- c:\windows\system32\f3ahvoas.dll 2009-04-11 06:21 . 2009-06-25 21:17 37376 ----a-w- c:\windows\system32\cdd.dll 2009-04-11 05:42 . 2009-06-25 21:17 93696 ----a-w- c:\windows\system32\drivers\bridge.sys 2009-04-11 05:03 . 2009-06-25 21:18 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2009-04-11 05:03 . 2009-06-25 21:18 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell] @="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}" [HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}] 2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2009-06-10 1217784] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-13 6183456] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "BindDirectlyToPropertySetStorage"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:24,63,c8,1b,dd,f5,c9,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{9C7AE463-8DDA-47B5-976B-4D8B2C6CCCA9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{78456E9F-0F5D-4FAB-8DD6-DEB34FF8D7DF}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{D74C466E-2B7C-47E2-AF31-4958181D0F47}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{B236ED80-3619-4ACF-A4F7-B0CEC147B460}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{C4DD8DFE-9F7A-4534-97D1-EAB646E4CBEB}"= UDP:c:\program files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet "{312B763A-474F-4754-B6BD-DEAB6D0B6A25}"= TCP:c:\program files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet "{E93C8958-588E-476C-9A73-E983EF6A01BC}"= UDP:c:\program files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:Fallout 3 "{394A5436-C0BD-4CE4-98D4-BBBD4DDE80F3}"= TCP:c:\program files\Steam\steamapps\common\fallout 3\FalloutLauncher.exe:Fallout 3 "{85263136-7580-410E-8F52-67E0A464BA41}"= UDP:c:\program files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:Sid Meier's Civilization IV "{C9135D52-7D2F-46D9-9ECE-AF4A0A98FA8B}"= TCP:c:\program files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:Sid Meier's Civilization IV "{1CE61E88-3AE7-45AE-AC34-87594AEACC7A}"= UDP:c:\program files\Steam\steamapps\common\civilization iv colonization\Colonization.exe:Sid Meier's Civilization IV: Colonization "{2F850B8F-A37C-4F4D-BE81-CDD8A9F78EDC}"= TCP:c:\program files\Steam\steamapps\common\civilization iv colonization\Colonization.exe:Sid Meier's Civilization IV: Colonization "{CC3353D7-D0D5-47B7-8708-529F1C8FDBC9}"= UDP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords.exe:Sid Meier's Civilization IV: Warlords "{C236CED1-0938-41A0-BCFD-1ED296C2BA85}"= TCP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords.exe:Sid Meier's Civilization IV: Warlords "{5CC8FBC7-8E04-4B9B-93E4-E76200BBFF64}"= UDP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization IV: Warlords "{FBF6C28B-C91E-4281-82DA-95EA9AD926BA}"= TCP:c:\program files\Steam\steamapps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization IV: Warlords "{E9FA9DCE-D057-4602-A36D-71CB8366E933}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{51E17B4B-F945-4B98-AF04-43E5C80CBAA1}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{6D66657E-B14F-46C9-8C07-3206992D7CBC}"= UDP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War "{648A74A9-7B5F-4FBF-830E-09B27D2EB9EC}"= TCP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War "{B573C5D2-A83D-4E14-8780-A13F8790E79D}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor "{3DE13B76-2477-4FE7-B507-9742919D5F4F}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe::Enabled:Orbit "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe::Enabled:Orbit R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14/05/2009 15:47 107256] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16/05/2009 04:23 176128] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 15:47 731840] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [24/04/2009 06:43 95544] R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [05/06/2009 19:47 47616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\u89j7ebc.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-04 00:16 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-07-03 0:17 ComboFix-quarantined-files.txt 2009-07-03 23:17 Pre-Run: 158,189,191,168 bytes free Post-Run: 160,890,699,776 bytes free 351 --- E O F --- 2009-07-02 14:32

Posts in this topic

Wooty [Closed] Win32/Renos.IO Jul 3 2009, 10:04 AM

Wooty here is the file from combofix ComboFix 09-07-03.... Jul 3 2009, 05:27 PM

Tomk Hi Wooty, My name is Tomk. I would be glad to... Jul 7 2009, 12:26 PM

Tomk Due to inactivity this topic will be closed. If yo... Jul 13 2009, 10:13 PM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal Google Redirect, Win32, Shutdown	2	ectoman	39	Today, 01:22 PM Last post by: ectoman
Infections Removal [Closed] virus wont let me post!	3	clgray75	69	Today, 10:19 AM Last post by: extremeboy
Infections Removal [Resolved] Win32/kryptik.DBX trojan/ SPYWAREPROTECT 2009	6	ROOFIE(MTL)	99	Today, 06:42 AM Last post by: CatByte
Infections Removal recurring Win32.kstp trojan, may be rootkit?	20	JoHawk	383	Today, 06:18 AM Last post by: schrauber