Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Outerinfo

Started by Reedhead , Dec 17 2007 09:46 PM

  • Please log in to reply

#1
Reedhead
Posted 17 December 2007 - 09:46 PM

Reedhead

    New Member

  • Member
  • Pip
  • 1 posts
Ran all the steps and AVG quarentined and/or deleted all the infected files so problems should be resolved. Just following all the steps listed in case there are more problems.







ComboFix 07-12-17.1 - default 2007-12-17 20:10:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.230 [GMT -5:00]
Running from: C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\OOJH1JYP\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\default\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\default\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\default\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\icroso~1.net
C:\Program Files\inetget2
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bkR11
C:\Temp\bkR11\ftCa.log
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\hda.dll
C:\WINDOWS\system32\hplyhxqp.exe
C:\WINDOWS\system32\hsdjnaud.dll
C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\ijllm.ini2
C:\WINDOWS\system32\instsrv.exe
C:\WINDOWS\system32\mljjgge.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\mvujjpki.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pbexkbuw.ini
C:\WINDOWS\system32\qorrvdbl.exe
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\wubkxebp.dll
C:\winlogon.exe
C:\x.dat
C:\z.dat
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))
.

2007-12-17 19:54 . <DIR> C:\WINDOWS\LastGood.Tmp
2007-12-16 13:51 . 2007-12-16 16:24 26,810 --a------ C:\WINDOWS\DIIUnin.dat
2007-12-16 13:50 . 2007-12-16 13:50 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-12-16 13:50 . 2007-12-16 13:50 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-12-16 13:46 . 2007-12-17 13:46 970,949 --ahs---- C:\WINDOWS\system32\uefavvuu.ini
2007-12-16 13:40 . 2007-12-17 07:24 <DIR> d-------- C:\Diablo II
2007-12-16 10:09 . 2005-03-01 18:06 211 --ah----- C:\boot.ini.SAB
2007-12-16 10:03 . 2007-12-16 10:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-15 23:52 . 2007-12-16 02:26 970,437 --ahs---- C:\WINDOWS\system32\awqskfbf.ini
2007-12-15 21:26 . 2007-12-15 21:26 <DIR> d-------- C:\Program Files\Router
2007-12-15 13:23 . 2007-12-15 13:23 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-15 00:32 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-12-14 21:00 . 2007-12-14 21:00 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-14 20:57 . 2007-12-15 23:31 <DIR> d--hs---- C:\WINDOWS\ZGVmYXVsdA
2007-12-14 20:57 . 2007-12-16 02:11 <DIR> d-------- C:\WINDOWS\system32\pi3
2007-12-14 20:57 . 2007-12-14 23:36 <DIR> d-------- C:\WINDOWS\system32\eu1
2007-12-14 20:57 . 2007-12-14 20:57 <DIR> d-------- C:\WINDOWS\system32\daSgo05
2007-12-14 20:57 . 2007-12-14 20:57 134 --a------ C:\n.bat
2007-12-07 16:40 . 2007-12-07 16:40 <DIR> d-------- C:\Program Files\BitZipper
2007-12-07 16:40 . 2007-12-07 16:40 <DIR> d-------- C:\Documents and Settings\default\Application Data\BitZipper
2007-12-03 22:38 . 2007-12-03 22:38 <DIR> d-------- C:\Documents and Settings\default\Application Data\ATI
2007-12-03 22:32 . 2007-12-03 22:33 <DIR> d-------- C:\Program Files\ATI Technologies
2007-12-03 22:32 . 2006-05-03 11:57 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-12-03 22:31 . 2007-12-03 22:31 <DIR> d-------- C:\ATI
2007-12-01 09:16 . 2007-12-01 09:16 <DIR> dr-h----- C:\Documents and Settings\default\Application Data\SecuROM
2007-11-29 22:29 . 2007-11-29 22:29 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-11-29 19:56 . 2007-11-29 22:18 <DIR> d-------- C:\Program Files\D-Tools
2007-11-29 19:56 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-11-29 19:56 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-11-18 15:44 . 2007-11-18 15:44 462,848 --a------ C:\cls.dll
2007-11-18 15:44 . 2007-11-18 15:44 69,632 --a------ C:\atm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 18:21 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-16 06:44 --------- d-----w C:\Program Files\SearchRelevant
2007-12-16 04:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-15 04:36 --------- d-----w C:\Program Files\S3
2007-12-15 03:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 21:43 --------- d-----w C:\Program Files\Guild Wars
2007-11-19 20:54 --------- d-----w C:\Program Files\mIRC
2007-11-12 23:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-04 18:19 8,405 ----a-w C:\Program Files\install.log
2007-11-04 18:19 --------- d-----w C:\Program Files\GameSpot
2007-11-03 15:31 --------- d-----w C:\Program Files\Google
2007-11-01 11:49 85,152 ----a-w C:\Documents and Settings\default\Application Data\GDIPFONTCACHEV1.DAT
2007-10-24 00:18 --------- d-----w C:\Program Files\Google Video
2007-07-19 13:29 14 ----a-w C:\Documents and Settings\default\getfile.dat
2007-03-24 15:41 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2001-10-16 21:04 5,492 ----a-w C:\Program Files\Readme.txt
2005-05-15 00:11 56 -csh--r C:\WINDOWS\system32\481E71293C.sys
2005-05-15 01:28 1,393,558,694 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trash it! Scheduler"="C:\Program Files\Trash it!\Trash it Scheduler.exe" []
"LDM"="\Program\BackWeb-8876480.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 22:31]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2007-09-26 13:14]
"Router"="C:\Program Files\Router\Router.exe" [2007-12-15 21:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 03:34 C:\WINDOWS\SOUNDMAN.EXE]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-31 04:54]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-01-14 15:55]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 05:50]
"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2003-03-21 12:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-01-26 09:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-08 13:33]
"salm"="c:\temp\salm.exe" []
"BullsEye Network"="C:\Program Files\BullsEye Network\bin\bargains.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-28 12:07]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"Gbzzkl"="C:\Program Files\Ydrq\Ibbe.exe" []
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe" [2005-03-28 02:45]
"BDNewsAgent"="c:\program files\softwin\bitdefender8\bdnagent.exe" [2005-05-09 11:19]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:56]
"NT LM Security Support Regulator"="ntlmssr.exe" []
"Symantec Anti Virus"="symantec32.exe" []
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-07-25 17:03]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 22:31]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Symantec Anti Virus"="symantec32.exe" []

C:\Documents and Settings\default\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [2007-10-12 19:34:50]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-02-14 00:19:36]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-28 09:37:20]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-27 18:07:55]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

S2 ZESOFT;ZESOFT;C:\WINDOWS\zeta.exe []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cef36582-e498-11db-913e-0020ed8fe34f}]
\Shell\AutoRun\command - E:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-16 07:15:00 C:\WINDOWS\Tasks\SpyHunter.job"
- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 20:28:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-17 20:31:05 - machine was rebooted
.
2007-12-17 21:49:44 --- E O F ---
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP