Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

POS TEMPS IN MY DOCUMENTS AND C: DRIVE [RESOLVED]


  • This topic is locked This topic is locked

#1
XxXHUSHXxX

XxXHUSHXxX

    Member

  • Member
  • PipPip
  • 14 posts
I REALLY NEED HELP BECASUE THERE ARE MILLIONS OF POS TEMPS IN MY C DRIVE AND DOCUMENTS WHICH IS MAKING MY COMPUTER RUN REALLY SLOW AND FREEZE I HAVE GOT AS FAR AS MAKING A LOG FILE WITH "HIJACKTHIS" BUT I DONT KNOW WHAT TO DO AFTER THIS CAN SOME READ THE LOGFILE AT THE BOTTOM AND TELL ME WHAT TO DO.

THNX VERY MUCH

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:28 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nfmrmqtvrq.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\xInsIDE\xInsIDE.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [nfmrmqtvrq] C:\WINDOWS\system32\nfmrmqtvrq.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF
968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [d0c01471] rundll32.exe "C:\WINDOWS\system32\vtvqyfnw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSzim055YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Print Spooler Service (kelyym41) - Unknown owner - C:\WINDOWS\system32\nfmrmqtvrq.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 6249 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
XxXHUSHXxX

XxXHUSHXxX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
THANKYOU FOR THE INFORMATION ABOVE THIS IS MY LOG FILE FOR "COMBOFIX"





ComboFix 08-02-20.2 - xXxXxHUSHxXxXx 2008-02-20 17:40:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.543 [GMT 0:00]
Running from: C:\Documents and Settings\xXxXxHUSHxXxXx\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\jkkkllj.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Program Files\Common Files\StorageProtector
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\Program Files\inetget2
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Outlook Express\danubaf89104.dll
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERIns.exe
C:\Program Files\Windows NT\laduxak.dll
C:\Program Files\Windows NT\laduxak996.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\b151.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\adtskhmm.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\eahdavgr.dll
C:\WINDOWS\system32\eqdaextm.ini
C:\WINDOWS\system32\fccdayy.dll
C:\WINDOWS\system32\gmmvxaco.ini
C:\WINDOWS\system32\hgshraqf.ini
C:\WINDOWS\system32\isgrllqj.dll
C:\WINDOWS\system32\isgrllqj.dll . . . . failed to delete
C:\WINDOWS\system32\isgrllqj.dllbox
C:\WINDOWS\system32\jkkkllj.dll
C:\WINDOWS\system32\mapjvswq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mjxuiawy.ini
C:\WINDOWS\system32\mljhfff.dll
C:\WINDOWS\system32\mmhkstda.ini
C:\WINDOWS\system32\mnqvfrdr.dll
C:\WINDOWS\system32\mqlgksgj.dll
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\nGpxx18\nGpxx182328.exe
C:\WINDOWS\system32\ogryrupv.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qwsvjpam.ini
C:\WINDOWS\system32\sncnvcyx.dll
C:\WINDOWS\system32\srnwcspa.dll
C:\WINDOWS\system32\tiwiipyd.dll
C:\WINDOWS\system32\tnokwctm.ini
C:\WINDOWS\system32\u1
C:\WINDOWS\system32\u1\hiba3133.exe
C:\WINDOWS\system32\ukyyupuq.dll
C:\WINDOWS\system32\umxwskby.ini
C:\WINDOWS\system32\viymavyu.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wlighnes.dll
C:\WINDOWS\system32\wnfyqvtv.ini
C:\WINDOWS\system32\wvuroop.dll
C:\WINDOWS\system32\x8
C:\WINDOWS\system32\x8\liopud89104.exe
C:\WINDOWS\system32\xeefsbtk.ini
C:\WINDOWS\system32\ywaiuxjm.dll
C:\WINDOWS\system32\z2
C:\WINDOWS\system32\z2\liamdll2.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\windows\xpupdate.exe
C:\WINDOWS\Fonts\'

----- BITS: Possible infected sites -----

hxxp://au.download.windowsup
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-20 17:56 . 2008-02-20 17:57 163,904 --a------ C:\WINDOWS\system32\isgrllqj.dll
2008-02-20 12:24 . 2008-02-20 12:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-19 19:43 . 2008-02-19 19:43 <DIR> d-------- C:\Program Files\iMesh Applications
2008-02-19 19:43 . 2008-02-19 19:43 <DIR> d-------- C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\iMesh
2008-02-19 17:15 . 2008-02-19 17:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-18 20:48 . 2008-02-18 20:48 <DIR> d-------- C:\Program Files\Java
2008-02-18 20:46 . 2008-02-18 20:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-18 09:04 . 2008-02-18 09:04 <DIR> d-------- C:\Program Files\xInsIDE
2008-02-18 08:48 . 2008-02-19 13:42 <DIR> d-------- C:\Program Files\MalwareAlarm
2008-02-18 08:43 . 2008-02-18 08:43 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-02-17 21:12 . 2008-02-17 21:12 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-17 21:08 . 2008-02-17 21:08 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-02-16 22:38 . 2008-02-16 22:38 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-16 19:14 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-02-16 12:30 . 2008-02-16 12:30 <DIR> d-------- C:\Program Files\MSBuild
2008-02-12 15:36 . 2007-08-13 18:40 991,232 --a------ C:\WINDOWS\system32\ieframe.dll.mui
2008-02-11 19:21 . 2008-02-11 19:21 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-11 19:20 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-11 18:15 . 2008-02-11 18:15 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-02-11 17:42 . 2008-02-11 17:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-02-11 17:39 . 2008-02-11 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-10 21:06 . 2008-02-10 21:06 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-10 21:03 . 2008-02-20 17:41 <DIR> d-------- C:\Temp
2008-02-04 18:04 . 2008-02-05 18:26 <DIR> d-------- C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Yahoo!
2008-02-03 18:55 . 2008-02-05 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-03 18:49 . 2008-02-05 18:26 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-02 13:50 . 2008-02-02 13:50 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-02 13:44 . 2008-02-02 13:44 <DIR> d-------- C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Talkback
2008-02-02 13:43 . 2008-02-02 13:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-28 19:06 . 2008-02-06 18:36 <DIR> d-------- C:\Program Files\Windows Live
2008-01-27 20:51 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-27 20:51 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-27 20:49 . 2008-01-27 20:49 <DIR> d-------- C:\WINDOWS\Drivers
2008-01-27 20:48 . 2008-01-27 20:49 <DIR> d-------- C:\Program Files\Common Files\snp2std
2008-01-27 20:48 . 2005-11-14 19:22 225,350 --a------ C:\WINDOWS\rsnp2std.dll
2008-01-27 20:48 . 2005-11-15 17:11 61,440 --a------ C:\WINDOWS\vsnp2std.dll
2008-01-27 20:48 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp2std.dll
2008-01-27 20:22 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-27 20:22 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-23 21:28 . 2008-01-23 21:28 135,168 -ra------ C:\WINDOWS\system32\nfmrmqtvrq.exe
2008-01-23 17:45 . 2008-01-23 17:45 <DIR> d-------- C:\WINDOWS\Sun
2008-01-20 14:29 . 2008-01-20 15:22 <DIR> d-------- C:\Program Files\OneClick PSP Video Converter
2008-01-20 00:17 . 2008-01-20 00:17 268 --ah-c--- C:\sqmdata03.sqm
2008-01-20 00:17 . 2008-01-20 00:17 244 --ah-c--- C:\sqmnoopt03.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 17:29 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\LimeWire
2008-02-20 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-13 20:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 21:06 278,544 ----a-w C:\WINDOWS\Fonts\Setup.exe
2008-02-05 18:25 --------- d-----w C:\Program Files\Common Files\Real
2008-01-28 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 18:02 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\MSNInstaller
2008-01-27 20:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-17 00:38 --------- d-----w C:\Program Files\DivX
2008-01-09 17:54 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Ahead
2008-01-04 20:09 --------- d-----w C:\Program Files\QuickTime
2008-01-04 18:21 --------- dc----w C:\Documents and Settings\Administrator\Application Data\AntiSpyware
2008-01-04 09:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-03 19:48 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Samsung
2008-01-03 19:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-03 19:35 --------- d-----w C:\Program Files\Samsung
2008-01-03 17:38 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Apple Computer
2008-01-03 11:25 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-03 09:36 --------- dc----w C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-01-03 09:36 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-03 09:36 --------- d-----w C:\Program Files\Spam Monitor
2008-01-03 09:36 --------- d-----w C:\Program Files\Realtek
2008-01-02 19:50 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Leadertech
2008-01-02 19:46 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Spam Monitor
2008-01-02 19:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 19:27 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Windows Desktop Search
2008-01-02 19:27 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Teleca
2008-01-02 19:27 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ErrorSmart
2008-01-01 09:29 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2008-01-01 09:14 --------- d-----w C:\Program Files\Windows Desktop Search
2007-12-29 17:02 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-12-29 15:45 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-12-29 15:45 --------- dc----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-29 15:45 --------- dc----w C:\Documents and Settings\Administrator\Application Data\AdobeAUM
2007-12-29 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-29 15:23 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Teleca
2007-12-22 04:03 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Ahead
2007-12-22 01:17 --------- dc----w C:\Documents and Settings\Administrator\Application Data\ErrorSmart
2007-12-18 07:42 431,272 ----a-w C:\WINDOWS\K8VM0902.zip
2004-06-10 12:13 40,960 ----a-w C:\Program Files\owcsetup.dll
2004-04-29 12:36 40,960 ----a-w C:\Program Files\owsetup1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-20 17:57 163904 --a------ C:\WINDOWS\system32\isgrllqj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E05C0DCD-7505-460A-B344-B36216BA9B6B}]
C:\WINDOWS\system32\ddcca.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"Windows update loader"="C:\Windows\xpupdate.exe" [ ]
"xInsIDE"="C:\Program Files\xInsIDE\xInsIDE.exe" [2008-02-18 09:04 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nfmrmqtvrq"="C:\WINDOWS\system32\nfmrmqtvrq.exe" [2008-01-23 21:28 135168]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 12:00 388608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"nfmrmqtvrq"="C:\WINDOWS\system32\nfmrmqtvrq.exe" [2008-01-23 21:28 135168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-12-18 00:12 2115728]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2007-12-14 21:55:19 262144]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 23:40:46 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 0 (0x0)
"ForceActiveDesktopOn"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 23:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\isgrllqj]
isgrllqj.dll 2008-02-20 17:57 163904 C:\WINDOWS\system32\isgrllqj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkllj]
jkkkllj.dll

R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-30 00:08]
R2 kelyym41;Print Spooler Service;C:\WINDOWS\system32\nfmrmqtvrq.exe [2008-01-23 21:28]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2006-03-01 08:40]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 12:00]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2006-03-01 08:40]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 11:31]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 18:29]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 03:00:00 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2008-01-13 03:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 18:14:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\isgrllqj.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\isgrllqj.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
.
**************************************************************************
.
Completion time: 2008-02-20 18:17:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-20 18:17:40
.
2008-02-18 10:36:57 --- E O F ---
  • 0

#4
XxXHUSHXxX

XxXHUSHXxX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
THIS IS THE LOG FILE FOR "HIJACKTHIS" :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:38 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nfmrmqtvrq.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\xInsIDE\xInsIDE.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\isgrllqj.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [nfmrmqtvrq] C:\WINDOWS\system32\nfmrmqtvrq.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunServices: [nfmrmqtvrq] C:\WINDOWS\system32\nfmrmqtvrq.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSzim055YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: isgrllqj - C:\WINDOWS\SYSTEM32\isgrllqj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Print Spooler Service (kelyym41) - Unknown owner - C:\WINDOWS\system32\nfmrmqtvrq.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 6349 bytes
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\WINDOWS\system32\nfmrmqtvrq.exe"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\WINDOWS\system32\nfmrmqtvrq.exe

  • Click Open.
  • Click Post.
Thank you!



Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\WINDOWS\K8VM0902.zip

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

Repeat it for this file

C:\Program Files\owcsetup.dll



1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\isgrllqj.dll
C:\WINDOWS\system32\nfmrmqtvrq.exe
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\system32\ddcca.dll

Folder::
C:\Program Files\MalwareAlarm
C:\Program Files\xInsIDE
C:\Program Files\ShoppingReport

Driver::
kelyym41


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Reboot and post a new HijackThis log
  • 0

#6
XxXHUSHXxX

XxXHUSHXxX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
These are the results for C:\WINDOWS\K8VM0902.zip :

Antivirus Version Last Update Result
AhnLab-V3 2008.2.20.0 2008.02.20 -
AntiVir 7.6.0.67 2008.02.20 -
Authentium 4.93.8 2008.02.20 -
Avast 4.7.1098.0 2008.02.20 -
AVG 7.5.0.516 2008.02.20 -
BitDefender 7.2 2008.02.20 -
CAT-QuickHeal 9.50 2008.02.20 -
ClamAV 0.92.1 2008.02.20 -
DrWeb 4.44.0.09170 2008.02.20 -
eSafe 7.0.15.0 2008.02.20 -
eTrust-Vet 31.3.5550 2008.02.20 -
Ewido 4.0 2008.02.20 -
FileAdvisor 1 2008.02.20 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.19 -
F-Secure 6.70.13260.0 2008.02.20 -
Ikarus T3.1.1.20 2008.02.20 -
Kaspersky 7.0.0.125 2008.02.20 -
McAfee 5234 2008.02.20 -
Microsoft 1.3204 2008.02.20 -
NOD32v2 2890 2008.02.20 -
Norman 5.80.02 2008.02.20 -
Panda 9.0.0.4 2008.02.20 -
Prevx1 V2 2008.02.20 -
Rising 20.32.22.00 2008.02.20 -
Sophos 4.26.0 2008.02.20 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.20 -
TheHacker 6.2.9.224 2008.02.19 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.20 -
Webwasher-Gateway 6.6.2 2008.02.20 -
Additional information
File size: 431272 bytes
MD5: ae6a664feda8c327d70e83ccd3c36995
SHA1: 7b58c10c127684fe8d46bcbb3749061f1c848d98
PEiD: -
  • 0

#7
XxXHUSHXxX

XxXHUSHXxX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
THESE ARE THE RESULTS FOR C:\Program Files\owcsetup.dll :

Antivirus Version Last Update Result
AhnLab-V3 2008.2.20.0 2008.02.20 -
AntiVir 7.6.0.67 2008.02.20 -
Authentium 4.93.8 2008.02.20 -
Avast 4.7.1098.0 2008.02.20 -
AVG 7.5.0.516 2008.02.20 -
BitDefender 7.2 2008.02.20 -
CAT-QuickHeal 9.50 2008.02.20 -
ClamAV 0.92.1 2008.02.20 -
DrWeb 4.44.0.09170 2008.02.20 -
eSafe 7.0.15.0 2008.02.20 -
eTrust-Vet 31.3.5550 2008.02.20 -
Ewido 4.0 2008.02.20 -
FileAdvisor 1 2008.02.20 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.19 -
F-Secure 6.70.13260.0 2008.02.20 -
Ikarus T3.1.1.20 2008.02.20 -
Kaspersky 7.0.0.125 2008.02.20 -
McAfee 5234 2008.02.20 -
Microsoft 1.3204 2008.02.20 -
NOD32v2 2890 2008.02.20 -
Norman 5.80.02 2008.02.20 -
Panda 9.0.0.4 2008.02.20 -
Prevx1 V2 2008.02.20 -
Rising 20.32.22.00 2008.02.20 -
Sophos 4.26.0 2008.02.20 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.20 -
TheHacker 6.2.9.224 2008.02.19 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.20 -
Webwasher-Gateway 6.6.2 2008.02.20 -
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok go on with the rest of the steps
  • 0

#9
XxXHUSHXxX

XxXHUSHXxX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
THESE ARE LOG FILES FOR "HIJACKTHIS" AFTER I FOLLOWED THE OTHER STEPS
THANKYOU FOR YOU TIME :)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47, on 2008-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [nfmrmqtvrq] C:\WINDOWS\system32\nfmrmqtvrq.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunServices: [nfmrmqtvrq] C:\WINDOWS\system32\nfmrmqtvrq.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSzim055YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: isgrllqj - isgrllqj.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 5977 bytes
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the ComboFix log and a new HijackThis log
  • 0

Advertisements


#11
XxXHUSHXxX

XxXHUSHXxX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
THIS IS THE NEW HIJACKTHIS LOG :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:39, on 2008-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [nfmrmqtvrq] C:\WINDOWS\system32\nfmrmqtvrq.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunServices: [nfmrmqtvrq] C:\WINDOWS\system32\nfmrmqtvrq.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSzim055YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: isgrllqj - isgrllqj.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 6279 bytes
  • 0

#12
XxXHUSHXxX

XxXHUSHXxX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
DO I NEED TO CARRY ON BECAUSE THE POS TEMPS HAVE GONE AND MY COMPUTER IS RUNNING MUCH FASTER :)
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes post the ComboFix log and a new HijackThis log
  • 0

#14
XxXHUSHXxX

XxXHUSHXxX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
This is the log for "COMBOFIX"

ComboFix 08-02-20.2 - xXxXxHUSHxXxXx 2008-02-21 9:01:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.661 [GMT 0:00]
Running from: C:\Documents and Settings\xXxXxHUSHxXxXx\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-20 12:24 . 2008-02-20 12:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-19 19:43 . 2008-02-19 19:43 <DIR> d-------- C:\Program Files\iMesh Applications
2008-02-19 19:43 . 2008-02-20 22:45 <DIR> d-------- C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\iMesh
2008-02-19 17:15 . 2008-02-19 17:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-18 20:48 . 2008-02-18 20:48 <DIR> d-------- C:\Program Files\Java
2008-02-18 20:46 . 2008-02-18 20:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-18 08:43 . 2008-02-18 08:43 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-02-17 21:12 . 2008-02-17 21:12 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-17 21:08 . 2008-02-17 21:08 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-02-16 22:38 . 2008-02-16 22:38 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-16 19:14 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-02-16 12:30 . 2008-02-16 12:30 <DIR> d-------- C:\Program Files\MSBuild
2008-02-12 15:36 . 2007-08-13 18:40 991,232 --a------ C:\WINDOWS\system32\ieframe.dll.mui
2008-02-11 19:21 . 2008-02-11 19:21 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-11 19:20 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-11 18:15 . 2008-02-11 18:15 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-02-11 17:42 . 2008-02-11 17:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-02-11 17:39 . 2008-02-11 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-10 21:06 . 2008-02-10 21:06 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-10 21:03 . 2008-02-20 17:41 <DIR> d-------- C:\Temp
2008-02-04 18:04 . 2008-02-05 18:26 <DIR> d-------- C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Yahoo!
2008-02-03 18:55 . 2008-02-05 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-03 18:49 . 2008-02-05 18:26 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-02 13:50 . 2008-02-02 13:50 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-02 13:44 . 2008-02-02 13:44 <DIR> d-------- C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Talkback
2008-02-02 13:43 . 2008-02-02 13:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-28 19:06 . 2008-02-06 18:36 <DIR> d-------- C:\Program Files\Windows Live
2008-01-27 20:51 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-27 20:51 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-27 20:49 . 2008-01-27 20:49 <DIR> d-------- C:\WINDOWS\Drivers
2008-01-27 20:48 . 2008-01-27 20:49 <DIR> d-------- C:\Program Files\Common Files\snp2std
2008-01-27 20:48 . 2005-11-14 19:22 225,350 --a------ C:\WINDOWS\rsnp2std.dll
2008-01-27 20:48 . 2005-11-15 17:11 61,440 --a------ C:\WINDOWS\vsnp2std.dll
2008-01-27 20:48 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp2std.dll
2008-01-27 20:22 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-27 20:22 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-23 17:45 . 2008-01-23 17:45 <DIR> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-20 17:29 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\LimeWire
2008-02-13 20:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 18:25 --------- d-----w C:\Program Files\Common Files\Real
2008-01-28 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 18:02 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\MSNInstaller
2008-01-27 20:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 15:22 --------- d-----w C:\Program Files\OneClick PSP Video Converter
2008-01-17 00:38 --------- d-----w C:\Program Files\DivX
2008-01-09 17:54 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Ahead
2008-01-07 19:03 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-07 19:03 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-04 20:09 --------- d-----w C:\Program Files\QuickTime
2008-01-04 18:21 --------- dc----w C:\Documents and Settings\Administrator\Application Data\AntiSpyware
2008-01-04 09:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-03 19:48 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Samsung
2008-01-03 19:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-03 19:35 --------- d-----w C:\Program Files\Samsung
2008-01-03 17:38 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Apple Computer
2008-01-03 11:25 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-03 09:36 --------- dc----w C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-01-03 09:36 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-03 09:36 --------- d-----w C:\Program Files\Spam Monitor
2008-01-03 09:36 --------- d-----w C:\Program Files\Realtek
2008-01-02 19:50 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Leadertech
2008-01-02 19:46 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Spam Monitor
2008-01-02 19:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 19:27 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Windows Desktop Search
2008-01-02 19:27 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Teleca
2008-01-02 19:27 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ErrorSmart
2008-01-01 09:29 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2008-01-01 09:14 --------- d-----w C:\Program Files\Windows Desktop Search
2007-12-29 17:02 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-12-29 15:45 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-12-29 15:45 --------- dc----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-29 15:45 --------- dc----w C:\Documents and Settings\Administrator\Application Data\AdobeAUM
2007-12-29 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-29 15:23 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Teleca
2007-12-22 04:03 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Ahead
2007-12-22 01:17 --------- dc----w C:\Documents and Settings\Administrator\Application Data\ErrorSmart
2007-12-18 07:42 431,272 ----a-w C:\WINDOWS\K8VM0902.zip
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2004-06-10 12:13 40,960 ----a-w C:\Program Files\owcsetup.dll
2004-04-29 12:36 40,960 ----a-w C:\Program Files\owsetup1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"xInsIDE"="C:\Program Files\xInsIDE\xInsIDE.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nfmrmqtvrq"="C:\WINDOWS\system32\nfmrmqtvrq.exe" [ ]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"nfmrmqtvrq"="C:\WINDOWS\system32\nfmrmqtvrq.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-12-18 00:12 2115728]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2007-12-14 21:55:19 262144]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 23:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 23:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\isgrllqj]
isgrllqj.dll

R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-30 00:08]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2006-03-01 08:40]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 12:00]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2006-03-01 08:40]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 11:31]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 18:29]

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 03:00:00 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2008-01-13 03:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 09:04:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-21 9:05:43
ComboFix-quarantined-files.txt 2008-02-21 09:05:22
ComboFix2.txt 2008-02-20 22:44:17
ComboFix3.txt 2008-02-20 18:17:51
.
2008-02-18 10:36:57 --- E O F ---
  • 0

#15
XxXHUSHXxX

XxXHUSHXxX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
THIS THE NEW LOG FOR "HIJACKTHIS"


ComboFix 08-02-20.2 - xXxXxHUSHxXxXx 2008-02-21 9:01:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.661 [GMT 0:00]
Running from: C:\Documents and Settings\xXxXxHUSHxXxXx\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-20 12:24 . 2008-02-20 12:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-19 19:43 . 2008-02-19 19:43 <DIR> d-------- C:\Program Files\iMesh Applications
2008-02-19 19:43 . 2008-02-20 22:45 <DIR> d-------- C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\iMesh
2008-02-19 17:15 . 2008-02-19 17:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-18 20:48 . 2008-02-18 20:48 <DIR> d-------- C:\Program Files\Java
2008-02-18 20:46 . 2008-02-18 20:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-18 08:43 . 2008-02-18 08:43 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-02-17 21:12 . 2008-02-17 21:12 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-17 21:08 . 2008-02-17 21:08 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-02-16 22:38 . 2008-02-16 22:38 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-16 19:14 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-02-16 12:30 . 2008-02-16 12:30 <DIR> d-------- C:\Program Files\MSBuild
2008-02-12 15:36 . 2007-08-13 18:40 991,232 --a------ C:\WINDOWS\system32\ieframe.dll.mui
2008-02-11 19:21 . 2008-02-11 19:21 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-11 19:20 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-11 18:15 . 2008-02-11 18:15 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-02-11 17:42 . 2008-02-11 17:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-02-11 17:39 . 2008-02-11 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-10 21:06 . 2008-02-10 21:06 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-10 21:03 . 2008-02-20 17:41 <DIR> d-------- C:\Temp
2008-02-04 18:04 . 2008-02-05 18:26 <DIR> d-------- C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Yahoo!
2008-02-03 18:55 . 2008-02-05 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-03 18:49 . 2008-02-05 18:26 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-02 13:50 . 2008-02-02 13:50 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-02 13:44 . 2008-02-02 13:44 <DIR> d-------- C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Talkback
2008-02-02 13:43 . 2008-02-02 13:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-28 19:06 . 2008-02-06 18:36 <DIR> d-------- C:\Program Files\Windows Live
2008-01-27 20:51 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-27 20:51 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-27 20:49 . 2008-01-27 20:49 <DIR> d-------- C:\WINDOWS\Drivers
2008-01-27 20:48 . 2008-01-27 20:49 <DIR> d-------- C:\Program Files\Common Files\snp2std
2008-01-27 20:48 . 2005-11-14 19:22 225,350 --a------ C:\WINDOWS\rsnp2std.dll
2008-01-27 20:48 . 2005-11-15 17:11 61,440 --a------ C:\WINDOWS\vsnp2std.dll
2008-01-27 20:48 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp2std.dll
2008-01-27 20:22 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-27 20:22 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-23 17:45 . 2008-01-23 17:45 <DIR> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-20 17:29 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\LimeWire
2008-02-13 20:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 18:25 --------- d-----w C:\Program Files\Common Files\Real
2008-01-28 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 18:02 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\MSNInstaller
2008-01-27 20:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 15:22 --------- d-----w C:\Program Files\OneClick PSP Video Converter
2008-01-17 00:38 --------- d-----w C:\Program Files\DivX
2008-01-09 17:54 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Ahead
2008-01-07 19:03 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-07 19:03 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-04 20:09 --------- d-----w C:\Program Files\QuickTime
2008-01-04 18:21 --------- dc----w C:\Documents and Settings\Administrator\Application Data\AntiSpyware
2008-01-04 09:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-03 19:48 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Samsung
2008-01-03 19:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-03 19:35 --------- d-----w C:\Program Files\Samsung
2008-01-03 17:38 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Apple Computer
2008-01-03 11:25 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-03 09:36 --------- dc----w C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-01-03 09:36 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-03 09:36 --------- d-----w C:\Program Files\Spam Monitor
2008-01-03 09:36 --------- d-----w C:\Program Files\Realtek
2008-01-02 19:50 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Leadertech
2008-01-02 19:46 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Spam Monitor
2008-01-02 19:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 19:27 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Windows Desktop Search
2008-01-02 19:27 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Teleca
2008-01-02 19:27 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ErrorSmart
2008-01-01 09:29 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2008-01-01 09:14 --------- d-----w C:\Program Files\Windows Desktop Search
2007-12-29 17:02 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-12-29 15:45 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-12-29 15:45 --------- dc----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-29 15:45 --------- dc----w C:\Documents and Settings\Administrator\Application Data\AdobeAUM
2007-12-29 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-29 15:23 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Teleca
2007-12-22 04:03 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Ahead
2007-12-22 01:17 --------- dc----w C:\Documents and Settings\Administrator\Application Data\ErrorSmart
2007-12-18 07:42 431,272 ----a-w C:\WINDOWS\K8VM0902.zip
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2004-06-10 12:13 40,960 ----a-w C:\Program Files\owcsetup.dll
2004-04-29 12:36 40,960 ----a-w C:\Program Files\owsetup1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"xInsIDE"="C:\Program Files\xInsIDE\xInsIDE.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nfmrmqtvrq"="C:\WINDOWS\system32\nfmrmqtvrq.exe" [ ]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"nfmrmqtvrq"="C:\WINDOWS\system32\nfmrmqtvrq.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-12-18 00:12 2115728]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2007-12-14 21:55:19 262144]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 23:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 23:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\isgrllqj]
isgrllqj.dll

R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-30 00:08]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2006-03-01 08:40]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 12:00]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2006-03-01 08:40]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 11:31]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 18:29]

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 03:00:00 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2008-01-13 03:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 09:04:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-21 9:05:43
ComboFix-quarantined-files.txt 2008-02-21 09:05:22
ComboFix2.txt 2008-02-20 22:44:17
ComboFix3.txt 2008-02-20 18:17:51
.
2008-02-18 10:36:57 --- E O F ---
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP