PcMac
Newbie
Posts: 16
|
 |
Re: same problem for weeks now,
« Reply #2 on: Mar 30th, 2008, 7:28am » |
 Quote  Modify
|
ComboFix 08-03-30.2 - DJ 2008-03-30 10:10:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.474 [GMT -3:00]
Running from: C:\Documents and Settings\DJ\My Documents\DOWNLOADS\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM9fe05f1b.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\bmqetfay.dll
C:\WINDOWS\system32\brncxvyg.dll
C:\WINDOWS\system32\cmeftrjd.dll
C:\WINDOWS\system32\cvixhqmg.ini
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\diwexhxq.dll
C:\WINDOWS\system32\gjpbkeqm.dll
C:\WINDOWS\system32\gmqhxivc.dll
C:\WINDOWS\system32\kpllquec.dll
C:\WINDOWS\system32\mfawisyo.dll
C:\WINDOWS\system32\mgxqpgvk.dll
C:\WINDOWS\system32\ncamcimt.dll
C:\WINDOWS\system32\opnljjj.dll
C:\WINDOWS\system32\smgtfstw.dll
C:\WINDOWS\system32\tmicmacn.ini
C:\WINDOWS\system32\todipwly.dll
C:\WINDOWS\system32\tumidpdf.dll
C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\vvvwa.ini2
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\wtsftgms.ini
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
.
2008-03-30 09:56 . 2008-03-30 09:56
<DIR>
d--------
C:\Program Files\Trend Micro
2008-03-29 08:22 . 2007-01-18 09:00
3,968
--a------
C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-03-27 15:39 . 2008-03-28 15:39
774
---hs----
C:\WINDOWS\system32\bahcsxws.ini
2008-03-26 15:38 . 2008-03-27 04:09
714
---hs----
C:\WINDOWS\system32\cjfdajba.ini
2008-03-25 22:10 . 2008-03-30 10:19
54,156
--ah-----
C:\WINDOWS\QTFont.qfn
2008-03-25 22:10 . 2008-03-25 22:10
1,409
--a------
C:\WINDOWS\QTFont.for
2008-03-25 15:41 . 2008-03-29 08:40
894
---hs----
C:\WINDOWS\system32\bomhqhio.ini
2008-03-24 15:38 . 2008-03-25 15:38
414
---hs----
C:\WINDOWS\system32\yqbrwjfc.ini
2008-03-23 10:53 . 2004-08-03 22:58
14,848
--a------
C:\WINDOWS\system32\drivers\kbdhid.sys
2008-03-23 10:53 . 2004-08-03 22:58
14,848
--a--c---
C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-03-22 23:12 . 2006-11-13 03:02
288,768
---------
C:\WINDOWS\system32\rhttpaa.dll
2008-03-22 23:12 . 2006-11-13 03:02
116,736
---------
C:\WINDOWS\system32\aaclient.dll
2008-03-22 23:12 . 2006-11-13 03:02
36,352
---------
C:\WINDOWS\system32\tsgqec.dll
2008-03-22 20:15 . 2008-03-22 20:15
<DIR>
d--------
C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-03-22 15:38 . 2008-03-22 15:38
534
---hs----
C:\WINDOWS\system32\gjhptnhu.ini
2008-03-22 09:14 . 2008-03-22 09:14
474
---hs----
C:\WINDOWS\system32\htfgbbhr.ini
2008-03-22 06:10 . 2008-03-22 21:31
534
---hs----
C:\WINDOWS\system32\yosrqihw.ini
2008-03-21 06:07 . 2008-03-21 06:07
534
---hs----
C:\WINDOWS\system32\yuoybufy.ini
2008-03-20 19:40 . 2008-03-21 06:11
534
---hs----
C:\WINDOWS\system32\knlycdla.ini
2008-03-20 19:40 . 2008-03-22 02:12
0
--a------
C:\WINDOWS\system32\pyfsnvud.dll
2008-03-19 19:37 . 2008-03-20 19:37
354
---hs----
C:\WINDOWS\system32\wtufprkk.ini
2008-03-19 19:37 . 2008-03-22 02:11
0
--a------
C:\WINDOWS\system32\lnlqhtmu.dll
2008-03-18 19:38 . 2008-03-18 19:38
294
---hs----
C:\WINDOWS\system32\lypkbmix.ini
2008-03-18 19:37 . 2008-03-22 02:11
0
--a------
C:\WINDOWS\system32\fsvrfrsr.dll
2008-03-17 19:38 . 2008-03-17 19:38
534
---hs----
C:\WINDOWS\system32\fnekkvtc.ini
2008-03-17 19:38 . 2008-03-22 02:10
0
--a------
C:\WINDOWS\system32\ctvkkenf.dll
2008-03-17 09:26 . 2008-03-17 09:26
<DIR>
d---s----
C:\Documents and Settings\LocalService\UserData
2008-03-16 19:35 . 2008-03-17 15:20
474
---hs----
C:\WINDOWS\system32\ojtgskjw.ini
2008-03-16 19:35 . 2008-03-22 02:11
0
--a------
C:\WINDOWS\system32\lpdnjayc.dll
2008-03-16 19:33 . 2008-03-16 19:33
63
--a------
C:\WINDOWS\system32\9cd37e09
2008-03-16 19:31 . 2008-03-17 11:52
<DIR>
d--------
C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-16 19:29 . 2008-03-22 20:30
<DIR>
d--------
C:\Program Files\Bat
2008-03-15 22:56 . 2008-03-15 22:56
<DIR>
d--------
C:\Program Files\Common Files\xing shared
2008-03-15 22:55 . 2008-03-15 22:56
<DIR>
d--------
C:\Program Files\Real
2008-03-15 22:55 . 2008-03-15 22:55
<DIR>
d--------
C:\Program Files\Common Files\Real
2008-02-24 07:59 . 2008-02-24 07:59
<DIR>
d--------
C:\Program Files\Windows Media Connect 2
2008-02-24 07:58 . 2008-02-24 07:58
<DIR>
d--------
C:\WINDOWS\system32\LogFiles
2008-02-18 08:43 . 2008-02-18 08:43
<DIR>
d--------
C:\Program Files\MagicISO
2008-02-15 09:27 . 2008-02-15 09:27
<DIR>
d--------
C:\Documents and Settings\DJ\Application Data\Maxprog
2008-02-15 09:26 . 2008-02-15 09:29
<DIR>
d--------
C:\Program Files\iCash
2008-02-12 13:25 . 2008-02-12 13:25
<DIR>
d--------
C:\Program Files\Morpheus Photo Morpher
2008-02-12 13:25 . 2008-02-12 13:25
<DIR>
d--------
C:\Documents and Settings\DJ\Application Data\Morpheus Software
2008-02-11 08:51 . 2008-03-02 21:40
<DIR>
d--------
C:\Program Files\Podmaxx 2008
2008-02-11 08:51 . 2008-02-11 08:51
<DIR>
d--------
C:\Program Files\AviSynth 2.5
2008-02-11 08:51 . 2008-02-11 08:51
<DIR>
d--------
C:\Documents and Settings\DJ\Application Data\Bling Software
2008-02-10 23:27 . 2008-02-10 23:27
<DIR>
d--------
C:\Program Files\Real Alternative
2008-02-10 17:17 . 2008-02-10 17:17
<DIR>
d--------
C:\Program Files\Common Files\eSellerate
2008-02-10 17:14 . 2008-02-10 17:15
<DIR>
d--------
C:\Program Files\iPod Access for Windows
2008-02-10 17:14 . 2008-02-10 17:14
<DIR>
d--------
C:\Documents and Settings\All Users\Application Data\Findley Designs
2008-02-06 09:51 . 2008-02-06 09:51
<DIR>
d--------
C:\Documents and Settings\DJ\Application Data\AutoSync for Yahoo
2008-02-06 09:12 . 2008-02-06 09:12
<DIR>
d--------
C:\Program Files\Common Files\Intellisync
2008-02-06 08:57 . 2008-02-06 08:57
<DIR>
d--------
C:\Documents and Settings\DJ\Application Data\XemiComputers
2008-02-06 08:57 . 2008-02-06 08:57
<DIR>
d--------
C:\Documents and Settings\All Users\Application Data\XemiComputers
2008-02-06 08:55 . 2008-02-06 08:55
<DIR>
d--------
C:\Program Files\XemiComputers
2008-02-03 18:51 . 2008-02-03 19:30
<DIR>
d--------
C:\Program Files\VstPlugins
2008-02-03 18:51 . 2002-07-07 19:14
1,294,336
--a------
C:\WINDOWS\system32\vorbis.acm
2008-02-03 18:51 . 2006-06-20 05:56
225,280
--a------
C:\WINDOWS\system32\rewire.dll
2008-02-03 18:50 . 2008-02-03 19:30
<DIR>
d--------
C:\Program Files\Image-Line
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 13:19
---------
d-----w
C:\Program Files\Symantec AntiVirus
2008-03-30 13:05
---------
d-----w
C:\Documents and Settings\DJ\Application Data\uTorrent
2008-03-29 23:22
---------
d-----w
C:\Program Files\Sticky Password
2008-03-29 22:10
---------
d-----w
C:\Documents and Settings\DJ\Application Data\OpenOffice.org2
2008-03-24 07:58
---------
d-----w
C:\Program Files\uTorrent
2008-03-23 19:37
---------
d-----w
C:\Program Files\PowerArchiver
2008-03-23 13:31
---------
d-----w
C:\Program Files\MP3 Splitter & Joiner
2008-02-26 16:20
---------
d-----w
C:\Documents and Settings\All Users\Application Data\Dell
2008-02-17 05:14
---------
d-----w
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-17 05:11
---------
d-----w
C:\Program Files\Spybot - Search & Destroy
2008-02-17 04:57
691,545
----a-w
C:\WINDOWS\unins000.exe
2008-02-11 01:35
---------
d-----w
C:\Program Files\DivX
2008-02-06 12:12
---------
d-----w
C:\Program Files\Yahoo!
2008-01-31 04:48
---------
d-----w
C:\Program Files\iTunes
2008-01-31 04:48
---------
d-----w
C:\Program Files\iPod
2008-01-31 04:46
---------
d-----w
C:\Program Files\QuickTime
2007-09-13 17:44
54,266
-c--a-w
C:\Documents and Settings\DJ\Application Data\unins000.dat
2007-09-13 17:43
683,801
----a-w
C:\Documents and Settings\DJ\Application Data\unins000.exe
2007-09-24 14:06
56
--sh--r
C:\WINDOWS\system32\E03E99BDB9.sys
2007-12-03 00:12
10,856
--sha-w
C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{144C8C31-035B-4A12-B56F-BF3B7C69692B}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E906942-51F3-4789-8DC8-86D2C50AD829}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{609B3F42-D7DD-47F7-8376-D940FBEDB7E7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61ab0961-ca3a-4cf0-9e7c-5e55bdacd454}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79A96D3A-50D3-45C6-8A8A-441F53899559}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7822D3F-8F22-4DBF-8EE2-A0A5AE7938F8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1F63132-2163-4A36-AE50-EC0F99327371}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9383002-FC55-4330-B9C9-67E03BC5C840}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F86182B1-AE6C-465C-A70F-6675E763E44F}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2007-11-30 12:08 140328]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2008-02-06 08:53 1171968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 22:05 344064]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2004-10-04 20:53 176216]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 13:42 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 14:28 85744]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 10:31 1046688]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 16:42 321088]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
"WinUtilities Memory Optimizer"="C:\Program Files\WinUtilities\ToolMemoryOptimizer.exe" [2007-11-20 06:09 409600]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"1cla.exe"="c:\progra~1\1click~1\1cla.exe" [2006-05-25 17:26 655360]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 13:30 139264]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"9cd36c87"="C:\WINDOWS\system32\oihqhmob.dll" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-15 22:55 185896]
"BM9fe05f1b"="C:\WINDOWS\system32\mgxqpgvk.dll" [ ]
C:\Documents and Settings\DJ\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-09-12 22:43:41 118784]
Yahoo! Autosync.lnk - C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe [2007-08-21 15:28:52 391680]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnljjj]
opnljjj.dll
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\progra~1\1click~1\1cla.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\launch4j-tmp\\Efigio.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"137:TCP"= 137:TCP:SMB
"138:TCP"= 138:TCP:SMB
"67:UDP"= 67:UDP HCP Discovery Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 ppa;Iomega Parallel Port Filter Driver;C:\WINDOWS\system32\DRIVERS\ppa.sys [2001-08-17 10:53]
R1 HFSYS;HFSYS;C:\WINDOWS\system32\drivers\HFSYS.SYS [2004-01-12 01:34]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
S3 cmudau;Audio Advantage Roadie Interface;C:\WINDOWS\system32\drivers\cmudau.sys [2005-10-03 10:07]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d40762bc-8a02-11dc-81cc-00111182a29c}]
\Shell\AutoRun\command - Sticky~1.exe
\Shell\open\command - Sticky~1.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-30 13:19:57 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-24 08:05:10 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
************************************************************************ **
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 10:19:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************************************ **
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\XemiComputers\Active Desktop Calendar\MouseHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Executive Software\Diskeeper\DfrgFat.exe
.
************************************************************************ **
.
Completion time: 2008-03-30 10:24:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-30 13:24:14
Pre-Run: 631,389,581,312 bytes free
Post-Run: 631,357,718,528 bytes free
.
2008-03-12 11:03:24
--- E O F ---
|
|
 IP Logged |
|
|
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
