Downloader.Zlob!gen.2
Started by
slan
, Apr 27 2008 01:27 PM
#1
Posted 27 April 2008 - 01:27 PM
#2
Posted 27 April 2008 - 03:43 PM
Hello slan
Welcome to G2Go.
=====================
* Click here to download HJTsetup.exe
Welcome to G2Go.
=====================
* Click here to download HJTsetup.exe
- Save HJTsetup.exe to your desktop.
- Doubleclick on the HJTsetup.exe icon on your desktop.
- By default it will install to C:\Program Files\Trend Micro\Hijack This.
- Click on I agree
- Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- Come back here to this thread and Paste the log in your next reply.
- DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
#3
Posted 28 April 2008 - 10:46 AM
Thank you for your help. I hvae followed the commands and this is the report on notepad.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:24, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1203751650\ee\AOLSoftware.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\2.bin\ASKPBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203751650\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [20a5d7c2] rundll32.exe "C:\WINDOWS\system32\pnwaampj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uvkwluxh] C:\WINDOWS\system32\qdsbsbkj.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
--
End of file - 6522 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:24, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1203751650\ee\AOLSoftware.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\2.bin\A9SRCHAS.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\2.bin\ASKPBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1203751650\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [20a5d7c2] rundll32.exe "C:\WINDOWS\system32\pnwaampj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uvkwluxh] C:\WINDOWS\system32\qdsbsbkj.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
--
End of file - 6522 bytes
#4
Posted 28 April 2008 - 11:25 AM
Download ComboFix from one of the locations below, and save it to your Desktop.
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
#5
Posted 28 April 2008 - 12:50 PM
Thank you very much for your help, it is very appreciated. I saved Combofix.exe on my desktop and ran the software. The log is as follows..
ComboFix 08-04-27.3 - Aslan 2008-04-28 19:42:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.241 [GMT 1:00]
Running from: C:\Documents and Settings\Aslan\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Ali.HOME.000\Application Data\macromedia\Flash Player\#SharedObjects\7BDFUKGN\iforex.com
C:\Documents and Settings\Ali.HOME.000\Application Data\macromedia\Flash Player\#SharedObjects\7BDFUKGN\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Ali.HOME.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Ali.HOME.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\PC-Cleaner
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\awttqpOh.dll
C:\WINDOWS\system32\awturSjK.dll
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\cbXOExYO.dll
C:\WINDOWS\system32\CdfgOUvw.ini
C:\WINDOWS\system32\CdfgOUvw.ini2
C:\WINDOWS\system32\dyxdqlfn.ini
C:\WINDOWS\system32\egtdjswv.ini
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\fuqyuqyv.ini
C:\WINDOWS\system32\hgGxvWPj.dll
C:\WINDOWS\system32\hOpqttwa.ini
C:\WINDOWS\system32\hOpqttwa.ini2
C:\WINDOWS\system32\jpmaawnp.ini
C:\WINDOWS\system32\KjSrutwa.ini
C:\WINDOWS\system32\KjSrutwa.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\otswxpeh.ini
C:\WINDOWS\system32\ovmrcchr.ini
C:\WINDOWS\system32\OYxEOXbc.ini
C:\WINDOWS\system32\OYxEOXbc.ini2
C:\WINDOWS\system32\pnwaampj.dll
C:\WINDOWS\system32\qmphvnvm.ini
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\wvUOgfdC.dll
C:\WINDOWS\system32\xiyxpjwi.ini
C:\WINDOWS\system32\yurfpgvd.ini
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.
2008-04-28 19:25 . 2008-04-28 19:25 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-28 19:25 . 2008-04-28 19:25 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG
2008-04-28 17:44 . 2008-04-28 17:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 19:41 . 2008-04-27 19:41 <DIR> d-------- C:\VundoFix Backups
2008-04-25 21:27 . 2008-04-25 21:27 <DIR> d-------- C:\Program Files\Sun
2008-04-25 21:27 . 2008-04-25 21:26 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-04-25 21:27 . 2008-04-25 21:26 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 21:14 . 2008-04-25 21:26 <DIR> d-------- C:\Program Files\Java
2008-04-25 17:46 . 1995-01-30 00:00 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2008-04-25 17:46 . 1994-12-06 00:00 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2008-04-23 20:25 . 2008-04-23 17:54 294 --ahs---- C:\WINDOWS\system32\bkqudxio.ini
2008-04-23 17:54 . 2008-04-23 17:54 1,540,729 --ahs---- C:\WINDOWS\system32\bkqudxio.tmp
2008-04-22 17:04 . 2008-04-22 17:04 53,312 --a------ C:\WINDOWS\system32\darmhsjp.dll
2008-04-21 17:02 . 2008-04-21 17:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-21 16:57 . 2008-04-21 17:31 <DIR> d-------- C:\SDFix
2008-04-21 16:20 . 2008-04-21 16:20 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-21 16:04 . 2008-04-21 16:04 53,312 --a------ C:\WINDOWS\system32\dddanjjj.dll
2008-04-21 16:03 . 2008-04-21 16:03 <DIR> d-------- C:\Documents and Settings\Aslan\Application Data\TmpRecentIcons
2008-04-21 09:45 . 2008-04-21 10:14 <DIR> d-------- C:\Documents and Settings\Ali.HOME.000\Application Data\TmpRecentIcons
2008-04-21 00:54 . 2008-04-21 00:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\laxwhylm
2008-04-20 22:36 . 2008-04-20 22:36 <DIR> d-------- C:\Documents and Settings\Aslan\Application Data\Canon
2008-04-20 12:35 . 2008-04-20 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-20 12:35 . 2008-04-20 12:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-19 18:57 . 2000-02-29 18:20 64,000 --a------ C:\WINDOWS\_detmp.2
2008-04-19 18:57 . 2008-04-19 14:39 2,881 --a------ C:\WINDOWS\_detmp.1
2008-04-19 14:38 . 2008-04-19 14:38 <DIR> d-------- C:\Program Files\QuickTime
2008-04-19 14:38 . 2008-04-19 14:38 <DIR> d-------- C:\Program Files\DK Interactive Learning
2008-04-19 14:38 . 2008-04-19 14:38 <DIR> d-------- C:\Program Files\directx
2008-04-19 14:34 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-19 14:27 . 2008-04-19 14:27 <DIR> d-------- C:\Documents and Settings\Ali.HOME.000\WINDOWS
2008-04-18 09:41 . 2008-04-18 09:41 <DIR> d-------- C:\Documents and Settings\Ali.HOME.000\Application Data\Canon
2008-04-08 18:01 . 2008-04-08 18:01 <DIR> d-------- C:\Program Files\MiDigiWorld
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 22:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-27 17:55 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-25 18:36 --------- d-----w C:\Program Files\LimeWire
2008-04-19 17:55 --------- d-----w C:\Program Files\LogMeIn
2008-03-24 00:06 --------- d-----w C:\Program Files\Common Files\snpstd2
2008-03-24 00:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 00:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 22:41 --------- d-----w C:\Documents and Settings\Aslan\Application Data\LimeWire
2008-03-11 02:20 --------- d-----w C:\Documents and Settings\Ali.HOME.000\Application Data\AdobeUM
2008-03-01 21:48 --------- d--h--w C:\Documents and Settings\Ali.HOME.000\Application Data\yahoo!
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-04-25 21:26 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-04-25 21:26 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"uvkwluxh"="C:\WINDOWS\system32\qdsbsbkj.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-01-18 16:33 45056 C:\WINDOWS\system32\NVATray.exe]
"C-Media Mixer"="Mixer.exe" [2002-07-12 09:33 1581056 C:\WINDOWS\mixer.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-29 13:13 579072]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-09 21:00 185896]
"HostManager"="C:\Program Files\Common Files\AOL\1203751650\ee\AOLSoftware.exe" [2006-11-14 15:01 50736]
"ScanSoft OmniPage SE 4.0-reminder"="C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 16:38 1410600]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 19:34 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-04-25 21:26 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-28 13:05 219136]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-12-11 21:34:40 10252288]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 22:51:54 45568]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AOL 9.0 VRb\\waol.exe"=
"C:\\Program Files\\AOL 9.0 VRe\\waol.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 23:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 14:28]
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 22:31]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 17:32:13 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 19:43:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 4
**************************************************************************
.
Completion time: 2008-04-28 19:45:43
ComboFix-quarantined-files.txt 2008-04-28 18:45:39
Pre-Run: 51,266,699,264 bytes free
Post-Run: 51,256,070,144 bytes free
199 --- E O F --- 2008-04-13 06:41:05
ComboFix 08-04-27.3 - Aslan 2008-04-28 19:42:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.241 [GMT 1:00]
Running from: C:\Documents and Settings\Aslan\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Ali.HOME.000\Application Data\macromedia\Flash Player\#SharedObjects\7BDFUKGN\iforex.com
C:\Documents and Settings\Ali.HOME.000\Application Data\macromedia\Flash Player\#SharedObjects\7BDFUKGN\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Ali.HOME.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Ali.HOME.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\PC-Cleaner
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\awttqpOh.dll
C:\WINDOWS\system32\awturSjK.dll
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\cbXOExYO.dll
C:\WINDOWS\system32\CdfgOUvw.ini
C:\WINDOWS\system32\CdfgOUvw.ini2
C:\WINDOWS\system32\dyxdqlfn.ini
C:\WINDOWS\system32\egtdjswv.ini
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\fuqyuqyv.ini
C:\WINDOWS\system32\hgGxvWPj.dll
C:\WINDOWS\system32\hOpqttwa.ini
C:\WINDOWS\system32\hOpqttwa.ini2
C:\WINDOWS\system32\jpmaawnp.ini
C:\WINDOWS\system32\KjSrutwa.ini
C:\WINDOWS\system32\KjSrutwa.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\otswxpeh.ini
C:\WINDOWS\system32\ovmrcchr.ini
C:\WINDOWS\system32\OYxEOXbc.ini
C:\WINDOWS\system32\OYxEOXbc.ini2
C:\WINDOWS\system32\pnwaampj.dll
C:\WINDOWS\system32\qmphvnvm.ini
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\wvUOgfdC.dll
C:\WINDOWS\system32\xiyxpjwi.ini
C:\WINDOWS\system32\yurfpgvd.ini
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.
2008-04-28 19:25 . 2008-04-28 19:25 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-28 19:25 . 2008-04-28 19:25 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG
2008-04-28 17:44 . 2008-04-28 17:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 19:41 . 2008-04-27 19:41 <DIR> d-------- C:\VundoFix Backups
2008-04-25 21:27 . 2008-04-25 21:27 <DIR> d-------- C:\Program Files\Sun
2008-04-25 21:27 . 2008-04-25 21:26 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-04-25 21:27 . 2008-04-25 21:26 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 21:14 . 2008-04-25 21:26 <DIR> d-------- C:\Program Files\Java
2008-04-25 17:46 . 1995-01-30 00:00 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2008-04-25 17:46 . 1994-12-06 00:00 12,800 --a------ C:\WINDOWS\system\WING32.DLL
2008-04-23 20:25 . 2008-04-23 17:54 294 --ahs---- C:\WINDOWS\system32\bkqudxio.ini
2008-04-23 17:54 . 2008-04-23 17:54 1,540,729 --ahs---- C:\WINDOWS\system32\bkqudxio.tmp
2008-04-22 17:04 . 2008-04-22 17:04 53,312 --a------ C:\WINDOWS\system32\darmhsjp.dll
2008-04-21 17:02 . 2008-04-21 17:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-21 16:57 . 2008-04-21 17:31 <DIR> d-------- C:\SDFix
2008-04-21 16:20 . 2008-04-21 16:20 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-21 16:04 . 2008-04-21 16:04 53,312 --a------ C:\WINDOWS\system32\dddanjjj.dll
2008-04-21 16:03 . 2008-04-21 16:03 <DIR> d-------- C:\Documents and Settings\Aslan\Application Data\TmpRecentIcons
2008-04-21 09:45 . 2008-04-21 10:14 <DIR> d-------- C:\Documents and Settings\Ali.HOME.000\Application Data\TmpRecentIcons
2008-04-21 00:54 . 2008-04-21 00:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\laxwhylm
2008-04-20 22:36 . 2008-04-20 22:36 <DIR> d-------- C:\Documents and Settings\Aslan\Application Data\Canon
2008-04-20 12:35 . 2008-04-20 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-20 12:35 . 2008-04-20 12:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-19 18:57 . 2000-02-29 18:20 64,000 --a------ C:\WINDOWS\_detmp.2
2008-04-19 18:57 . 2008-04-19 14:39 2,881 --a------ C:\WINDOWS\_detmp.1
2008-04-19 14:38 . 2008-04-19 14:38 <DIR> d-------- C:\Program Files\QuickTime
2008-04-19 14:38 . 2008-04-19 14:38 <DIR> d-------- C:\Program Files\DK Interactive Learning
2008-04-19 14:38 . 2008-04-19 14:38 <DIR> d-------- C:\Program Files\directx
2008-04-19 14:34 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-19 14:27 . 2008-04-19 14:27 <DIR> d-------- C:\Documents and Settings\Ali.HOME.000\WINDOWS
2008-04-18 09:41 . 2008-04-18 09:41 <DIR> d-------- C:\Documents and Settings\Ali.HOME.000\Application Data\Canon
2008-04-08 18:01 . 2008-04-08 18:01 <DIR> d-------- C:\Program Files\MiDigiWorld
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 22:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-27 17:55 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-25 18:36 --------- d-----w C:\Program Files\LimeWire
2008-04-19 17:55 --------- d-----w C:\Program Files\LogMeIn
2008-03-24 00:06 --------- d-----w C:\Program Files\Common Files\snpstd2
2008-03-24 00:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 00:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 22:41 --------- d-----w C:\Documents and Settings\Aslan\Application Data\LimeWire
2008-03-11 02:20 --------- d-----w C:\Documents and Settings\Ali.HOME.000\Application Data\AdobeUM
2008-03-01 21:48 --------- d--h--w C:\Documents and Settings\Ali.HOME.000\Application Data\yahoo!
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-04-25 21:26 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-04-25 21:26 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"uvkwluxh"="C:\WINDOWS\system32\qdsbsbkj.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-01-18 16:33 45056 C:\WINDOWS\system32\NVATray.exe]
"C-Media Mixer"="Mixer.exe" [2002-07-12 09:33 1581056 C:\WINDOWS\mixer.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-29 13:13 579072]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-09 21:00 185896]
"HostManager"="C:\Program Files\Common Files\AOL\1203751650\ee\AOLSoftware.exe" [2006-11-14 15:01 50736]
"ScanSoft OmniPage SE 4.0-reminder"="C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 16:38 1410600]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-01-05 19:34 40960]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-04-25 21:26 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-28 13:05 219136]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-12-11 21:34:40 10252288]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 22:51:54 45568]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AOL 9.0 VRb\\waol.exe"=
"C:\\Program Files\\AOL 9.0 VRe\\waol.exe"=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 23:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 14:28]
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-03-22 22:31]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 17:32:13 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 19:43:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 4
**************************************************************************
.
Completion time: 2008-04-28 19:45:43
ComboFix-quarantined-files.txt 2008-04-28 18:45:39
Pre-Run: 51,266,699,264 bytes free
Post-Run: 51,256,070,144 bytes free
199 --- E O F --- 2008-04-13 06:41:05
#6
Posted 28 April 2008 - 06:30 PM
We now suggest that you install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.
Download the file & save it as it's originally named, next to ComboFix.exe.
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When prompted to scan for infected files chose no, when done a log named CF_RC.txt will open. Please post the contents of that log.
Please do not reboot your machine until we have reviewed the log.
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.
Download the file & save it as it's originally named, next to ComboFix.exe.
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When prompted to scan for infected files chose no, when done a log named CF_RC.txt will open. Please post the contents of that log.
Please do not reboot your machine until we have reviewed the log.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users