THANKYOU FOR THE INFORMATION ABOVE THIS IS MY LOG FILE FOR "COMBOFIX"
ComboFix 08-02-20.2 - xXxXxHUSHxXxXx 2008-02-20 17:40:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.543 [GMT 0:00]
Running from: C:\Documents and Settings\xXxXxHUSHxXxXx\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\jkkkllj.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Program Files\Common Files\StorageProtector
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\Program Files\inetget2
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Outlook Express\danubaf89104.dll
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERIns.exe
C:\Program Files\Windows NT\laduxak.dll
C:\Program Files\Windows NT\laduxak996.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\b151.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\adtskhmm.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\eahdavgr.dll
C:\WINDOWS\system32\eqdaextm.ini
C:\WINDOWS\system32\fccdayy.dll
C:\WINDOWS\system32\gmmvxaco.ini
C:\WINDOWS\system32\hgshraqf.ini
C:\WINDOWS\system32\isgrllqj.dll
C:\WINDOWS\system32\isgrllqj.dll . . . . failed to delete
C:\WINDOWS\system32\isgrllqj.dllbox
C:\WINDOWS\system32\jkkkllj.dll
C:\WINDOWS\system32\mapjvswq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mjxuiawy.ini
C:\WINDOWS\system32\mljhfff.dll
C:\WINDOWS\system32\mmhkstda.ini
C:\WINDOWS\system32\mnqvfrdr.dll
C:\WINDOWS\system32\mqlgksgj.dll
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\nGpxx18\nGpxx182328.exe
C:\WINDOWS\system32\ogryrupv.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qwsvjpam.ini
C:\WINDOWS\system32\sncnvcyx.dll
C:\WINDOWS\system32\srnwcspa.dll
C:\WINDOWS\system32\tiwiipyd.dll
C:\WINDOWS\system32\tnokwctm.ini
C:\WINDOWS\system32\u1
C:\WINDOWS\system32\u1\hiba3133.exe
C:\WINDOWS\system32\ukyyupuq.dll
C:\WINDOWS\system32\umxwskby.ini
C:\WINDOWS\system32\viymavyu.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wlighnes.dll
C:\WINDOWS\system32\wnfyqvtv.ini
C:\WINDOWS\system32\wvuroop.dll
C:\WINDOWS\system32\x8
C:\WINDOWS\system32\x8\liopud89104.exe
C:\WINDOWS\system32\xeefsbtk.ini
C:\WINDOWS\system32\ywaiuxjm.dll
C:\WINDOWS\system32\z2
C:\WINDOWS\system32\z2\liamdll2.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\windows\xpupdate.exe
C:\WINDOWS\Fonts\'
----- BITS: Possible infected sites -----
hxxp://au.download.windowsup
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\Network Monitor
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.
2008-02-20 17:56 . 2008-02-20 17:57 163,904 --a------ C:\WINDOWS\system32\isgrllqj.dll
2008-02-20 12:24 . 2008-02-20 12:25 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-19 19:43 . 2008-02-19 19:43 <DIR> d-------- C:\Program Files\iMesh Applications
2008-02-19 19:43 . 2008-02-19 19:43 <DIR> d-------- C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\iMesh
2008-02-19 17:15 . 2008-02-19 17:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-18 20:48 . 2008-02-18 20:48 <DIR> d-------- C:\Program Files\Java
2008-02-18 20:46 . 2008-02-18 20:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-18 09:04 . 2008-02-18 09:04 <DIR> d-------- C:\Program Files\xInsIDE
2008-02-18 08:48 . 2008-02-19 13:42 <DIR> d-------- C:\Program Files\MalwareAlarm
2008-02-18 08:43 . 2008-02-18 08:43 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-02-17 21:12 . 2008-02-17 21:12 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-17 21:08 . 2008-02-17 21:08 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-02-16 22:38 . 2008-02-16 22:38 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-16 19:14 . 2007-11-22 16:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-02-16 12:30 . 2008-02-16 12:30 <DIR> d-------- C:\Program Files\MSBuild
2008-02-12 15:36 . 2007-08-13 18:40 991,232 --a------ C:\WINDOWS\system32\ieframe.dll.mui
2008-02-11 19:21 . 2008-02-11 19:21 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-11 19:20 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-02-11 18:15 . 2008-02-11 18:15 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-02-11 17:42 . 2008-02-11 17:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-02-11 17:39 . 2008-02-11 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-10 21:06 . 2008-02-10 21:06 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-10 21:03 . 2008-02-20 17:41 <DIR> d-------- C:\Temp
2008-02-04 18:04 . 2008-02-05 18:26 <DIR> d-------- C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Yahoo!
2008-02-03 18:55 . 2008-02-05 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-03 18:49 . 2008-02-05 18:26 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-02 13:50 . 2008-02-02 13:50 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-02 13:44 . 2008-02-02 13:44 <DIR> d-------- C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Talkback
2008-02-02 13:43 . 2008-02-02 13:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-28 19:06 . 2008-02-06 18:36 <DIR> d-------- C:\Program Files\Windows Live
2008-01-27 20:51 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-27 20:51 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-27 20:49 . 2008-01-27 20:49 <DIR> d-------- C:\WINDOWS\Drivers
2008-01-27 20:48 . 2008-01-27 20:49 <DIR> d-------- C:\Program Files\Common Files\snp2std
2008-01-27 20:48 . 2005-11-14 19:22 225,350 --a------ C:\WINDOWS\rsnp2std.dll
2008-01-27 20:48 . 2005-11-15 17:11 61,440 --a------ C:\WINDOWS\vsnp2std.dll
2008-01-27 20:48 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp2std.dll
2008-01-27 20:22 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-27 20:22 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-23 21:28 . 2008-01-23 21:28 135,168 -ra------ C:\WINDOWS\system32\nfmrmqtvrq.exe
2008-01-23 17:45 . 2008-01-23 17:45 <DIR> d-------- C:\WINDOWS\Sun
2008-01-20 14:29 . 2008-01-20 15:22 <DIR> d-------- C:\Program Files\OneClick PSP Video Converter
2008-01-20 00:17 . 2008-01-20 00:17 268 --ah-c--- C:\sqmdata03.sqm
2008-01-20 00:17 . 2008-01-20 00:17 244 --ah-c--- C:\sqmnoopt03.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 17:29 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\LimeWire
2008-02-20 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-13 20:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 21:06 278,544 ----a-w C:\WINDOWS\Fonts\Setup.exe
2008-02-05 18:25 --------- d-----w C:\Program Files\Common Files\Real
2008-01-28 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 18:02 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\MSNInstaller
2008-01-27 20:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-17 00:38 --------- d-----w C:\Program Files\DivX
2008-01-09 17:54 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Ahead
2008-01-04 20:09 --------- d-----w C:\Program Files\QuickTime
2008-01-04 18:21 --------- dc----w C:\Documents and Settings\Administrator\Application Data\AntiSpyware
2008-01-04 09:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-03 19:48 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Samsung
2008-01-03 19:44 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-03 19:35 --------- d-----w C:\Program Files\Samsung
2008-01-03 17:38 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Apple Computer
2008-01-03 11:25 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-03 09:36 --------- dc----w C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-01-03 09:36 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-03 09:36 --------- d-----w C:\Program Files\Spam Monitor
2008-01-03 09:36 --------- d-----w C:\Program Files\Realtek
2008-01-02 19:50 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Leadertech
2008-01-02 19:46 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Spam Monitor
2008-01-02 19:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 19:27 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Windows Desktop Search
2008-01-02 19:27 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\Teleca
2008-01-02 19:27 --------- d-----w C:\Documents and Settings\xXxXxHUSHxXxXx\Application Data\ErrorSmart
2008-01-01 09:29 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2008-01-01 09:14 --------- d-----w C:\Program Files\Windows Desktop Search
2007-12-29 17:02 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-12-29 15:45 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-12-29 15:45 --------- dc----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-12-29 15:45 --------- dc----w C:\Documents and Settings\Administrator\Application Data\AdobeAUM
2007-12-29 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-29 15:23 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Teleca
2007-12-22 04:03 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Ahead
2007-12-22 01:17 --------- dc----w C:\Documents and Settings\Administrator\Application Data\ErrorSmart
2007-12-18 07:42 431,272 ----a-w C:\WINDOWS\K8VM0902.zip
2004-06-10 12:13 40,960 ----a-w C:\Program Files\owcsetup.dll
2004-04-29 12:36 40,960 ----a-w C:\Program Files\owsetup1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-20 17:57 163904 --a------ C:\WINDOWS\system32\isgrllqj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E05C0DCD-7505-460A-B344-B36216BA9B6B}]
C:\WINDOWS\system32\ddcca.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"Windows update loader"="C:\Windows\xpupdate.exe" [ ]
"xInsIDE"="C:\Program Files\xInsIDE\xInsIDE.exe" [2008-02-18 09:04 53248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nfmrmqtvrq"="C:\WINDOWS\system32\nfmrmqtvrq.exe" [2008-01-23 21:28 135168]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 12:00 388608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"nfmrmqtvrq"="C:\WINDOWS\system32\nfmrmqtvrq.exe" [2008-01-23 21:28 135168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-12-18 00:12 2115728]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2007-12-14 21:55:19 262144]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 23:40:46 118784]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 0 (0x0)
"ForceActiveDesktopOn"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 23:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\isgrllqj]
isgrllqj.dll 2008-02-20 17:57 163904 C:\WINDOWS\system32\isgrllqj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkllj]
jkkkllj.dll
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [2004-03-30 00:08]
R2 kelyym41;Print Spooler Service;C:\WINDOWS\system32\nfmrmqtvrq.exe [2008-01-23 21:28]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2006-03-01 08:40]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 12:00]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2006-03-01 08:40]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 11:31]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 18:29]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 03:00:00 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2008-01-13 03:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-20 18:14:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\isgrllqj.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\isgrllqj.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqtgsvc.exe
.
**************************************************************************
.
Completion time: 2008-02-20 18:17:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-20 18:17:40
.
2008-02-18 10:36:57 --- E O F ---
This topic is locked
Sign In
Create Account
