Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unknown infection [CLOSED]

Started by robertsaundersiv , Aug 23 2008 11:13 PM

  • This topic is locked This topic is locked

#1
robertsaundersiv
Posted 23 August 2008 - 11:13 PM

robertsaundersiv

    New Member

  • Member
  • Pip
  • 3 posts
i have no idea what is going on please help me so i can get things back to normal, this just started today, and when i go to a webpage sometimes it only goes about halfway then just stops loading, saying it is still loading





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:20 AM, on 8/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\rownw64r.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ocntmtdl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Bobaganush
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [{AF-F9-9F-FF-DW}] C:\windows\system32\rownw64r.exe DWram03FF
O4 - HKLM\..\Run: [443af950] rundll32.exe "C:\WINDOWS\system32\irxjogsw.dll",b
O4 - HKLM\..\Run: [BM4709cacc] Rundll32.exe "C:\WINDOWS\system32\bmoxaiow.dll",s
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ocntmtdl.exe DWram03FF
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntmtdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rownw64r.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207791415735
O16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://timeticker.co...t/TcpServer.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Ym9iYWdhbnVzaA\command.exe (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c903f51287d072) (gupdate1c903f51287d072) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 9857 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 24 August 2008 - 05:45 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
robertsaundersiv
Posted 24 August 2008 - 05:21 PM

robertsaundersiv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
ComboFix 08-08-23.03 - robert 2008-08-24 17:52:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.549 [GMT -5:00]
Running from: C:\Documents and Settings\robert\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\robert\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU(2).exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\SeekmoSA
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEULA.mht
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\Seekmo
C:\Documents and Settings\NetworkService\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.txt
C:\Documents and Settings\NetworkService\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip
C:\Documents and Settings\NetworkService\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.cdf
C:\Documents and Settings\NetworkService\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip
C:\Documents and Settings\NetworkService\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.txt
C:\Documents and Settings\NetworkService\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\NetworkService\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\NetworkService\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\robert\Application Data\macromedia\Flash Player\#SharedObjects\TRP2RBXV\interclick.com
C:\Documents and Settings\robert\Application Data\macromedia\Flash Player\#SharedObjects\TRP2RBXV\interclick.com\ud.sol
C:\Documents and Settings\robert\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\robert\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\robert\Cookies\[email protected][1].txt
C:\Documents and Settings\robert\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\robert\Start Menu\Programs\Startup\DW_Start.lnk
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BM4709cacc.txt
C:\WINDOWS\BM4709cacc.xml
C:\WINDOWS\Fonts\'
C:\WINDOWS\jestertb.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\stfMeane1000106.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\avicchfv.ini
C:\WINDOWS\system32\awawpjqb.dll
C:\WINDOWS\system32\bmoxaiow.dll
C:\WINDOWS\system32\cbXQhIXp.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\igxpmp322.sys
C:\WINDOWS\system32\dwwnw64r.exe
C:\WINDOWS\system32\ekvhcouq.exe
C:\WINDOWS\system32\ELmnnUtv.ini
C:\WINDOWS\system32\ELmnnUtv.ini2
C:\WINDOWS\system32\hgGxWnKc.dll
C:\WINDOWS\system32\irxjogsw.dll
C:\WINDOWS\system32\kczyin.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\odbxjvsv.dll
C:\WINDOWS\system32\otgpvqjs.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\pynkpqbw.ini
C:\WINDOWS\system32\qjdped.dll
C:\WINDOWS\system32\rbhyjr.dll
C:\WINDOWS\system32\rownw64r.exe
C:\WINDOWS\system32\rswispye.dll
C:\WINDOWS\system32\tllguhne.exe
C:\WINDOWS\system32\vfhcciva.dll
C:\WINDOWS\system32\vtUnnmLE.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wsgojxri.ini
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\Ym9iYWdhbnVzaA\
C:\WINDOWS\Ym9iYWdhbnVzaA\\asappsrv.dll
C:\WINDOWS\Ym9iYWdhbnVzaA\\sA62sqx1vBpWuE.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_IGXPMP322
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_igxpmp322
-------\Service_Network Monitor


((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-12-21 23:59 . 2008-12-21 23:59 447,200 --a------ C:\WINDOWS\system32\OpenQuicktimeLib.dll
2008-12-21 23:59 . 2008-12-21 23:59 332,512 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2008-12-21 23:59 . 2008-12-21 23:59 25,312 --a------ C:\WINDOWS\system32\SamsungVfWCodec.dll
2008-12-21 23:59 . 2008-12-21 23:59 25,312 --a------ C:\WINDOWS\system32\DivXVfWCodec.dll
2008-12-21 23:58 . 2008-12-21 23:58 1,155,808 --a------ C:\WINDOWS\system32\3ivx.dll
2008-12-21 23:52 . 2008-12-21 23:52 66,272 --a------ C:\WINDOWS\system32\libfaac.dll
2008-08-24 17:24 . 2008-08-24 17:24 <DIR> d-------- C:\System32
2008-08-24 00:13 . 2008-08-24 00:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-23 23:49 . 2008-08-23 23:49 548,934 --a------ C:\WINDOWS\system32\ocntmtdl.exe
2008-08-23 19:25 . 2008-08-23 19:25 2,028 --a------ C:\WINDOWS\system32\###Temp###
2008-08-23 18:33 . 2008-08-23 18:33 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-08-23 14:30 . 2008-08-23 14:30 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-08-23 14:27 . 2008-08-23 18:35 <DIR> d-------- C:\WINDOWS\system32\spol
2008-08-23 14:27 . 2008-08-23 14:27 <DIR> d-------- C:\WINDOWS\system32\jr
2008-08-23 14:27 . 2008-08-23 18:34 <DIR> d-------- C:\WINDOWS\system32\drive2
2008-08-23 14:27 . 2008-08-23 18:33 <DIR> d-------- C:\WINDOWS\system32\Cusp
2008-08-23 14:27 . 2008-08-23 14:28 153,362 --a------ C:\WINDOWS\system32\g17.exe
2008-08-23 14:26 . 2008-08-23 18:34 <DIR> d-------- C:\WINDOWS\system32\eMaxt02
2008-08-23 14:26 . 2008-08-23 14:27 <DIR> d-------- C:\Temp\bbc2
2008-08-23 14:26 . 2008-08-24 17:53 <DIR> d-------- C:\Temp
2008-08-23 14:20 . 2008-08-23 14:29 <DIR> d-------- C:\Program Files\Incomplete
2008-08-21 20:18 . 2008-08-24 02:03 <DIR> d-------- C:\Program Files\Google
2008-08-17 15:51 . 2008-08-17 15:51 <DIR> d-------- C:\WINDOWS\Performance
2008-08-17 15:49 . 2008-08-20 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-08-16 09:30 . 2008-08-24 17:33 <DIR> d-------- C:\Documents and Settings\robert\Application Data\Vidalia
2008-08-16 09:30 . 2008-08-24 18:05 <DIR> d-------- C:\Documents and Settings\robert\Application Data\tor
2008-08-16 09:29 . 2008-08-16 09:30 <DIR> d-------- C:\Program Files\Vidalia Bundle
2008-08-16 00:59 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-16 00:48 . 2008-05-09 05:53 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll
2008-08-16 00:48 . 2008-05-09 05:53 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll
2008-08-16 00:48 . 2008-05-08 06:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe
2008-08-16 00:48 . 2008-05-09 03:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe
2008-08-16 00:48 . 2008-05-09 05:53 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll
2008-08-16 00:47 . 2008-07-07 15:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-08-15 23:51 . 2008-05-07 00:12 1,288,192 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-08-15 23:44 . 2008-06-20 06:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-08-15 23:44 . 2008-06-20 12:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-08-15 23:44 . 2008-06-20 06:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-08-15 23:44 . 2008-06-20 12:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-08-15 23:44 . 2008-06-20 06:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-08-15 23:42 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-15 23:42 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-15 23:42 . 2008-06-24 11:43 74,240 -----c--- C:\WINDOWS\system32\dllcache\mscms.dll
2008-08-15 22:14 . 2008-08-15 22:14 <DIR> d-------- C:\Program Files\iTunes
2008-08-15 22:14 . 2008-08-15 22:14 <DIR> d-------- C:\Program Files\iPod
2008-08-15 18:07 . 2008-08-15 18:07 <DIR> d-------- C:\Documents and Settings\robert\Application Data\vlc
2008-08-15 18:07 . 2008-08-22 21:48 <DIR> d-------- C:\Documents and Settings\robert\Application Data\dvdcss
2008-07-31 17:42 . 2008-07-31 17:42 25,216 --a------ C:\WINDOWS\system32\drivers\tap0901.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 23:08 --------- d-----w C:\Documents and Settings\robert\Application Data\WTablet
2008-08-24 23:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-08-24 22:49 --------- d-----w C:\Documents and Settings\robert\Application Data\StumbleUpon
2008-08-23 22:46 --------- d-----w C:\Program Files\FrostWire
2008-08-23 21:10 --------- d-----w C:\Documents and Settings\robert\Application Data\FrostWire
2008-08-23 20:03 --------- d-----w C:\Documents and Settings\robert\Application Data\uTorrent
2008-08-23 19:29 --------- d-----w C:\Program Files\StumbleUpon
2008-08-17 20:49 --------- d-----w C:\Documents and Settings\robert\Application Data\OpenOffice.org2
2008-08-16 07:45 --------- d-----w C:\Program Files\Apple Software Update
2008-08-16 03:12 --------- d-----w C:\Program Files\QuickTime
2008-08-15 23:34 --------- d-----w C:\Program Files\Java
2008-07-23 01:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2008-08-02 22:52 3945620]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 03:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 03:32 696320]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 21:58 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 04:08 483328]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-06-05 09:06 188416]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-02 08:31 185632]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 15:45 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 14:46 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 14:46 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 14:46 131072]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"TPSMain"="TPSMain.exe" [2005-05-31 19:16 282624 C:\WINDOWS\system32\TPSMain.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 18:14 16859136 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 19:12 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 22:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetworkConnections"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.SEDG"= SamsungVfWCodec.dll
"vidc.DX50"= DivXVfWCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
--a------ 2005-03-17 20:37 151552 C:\TOSHIBA\IVP\ISM\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 14:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 13:30]
S3 Mnmddruor;Mnmddruor;C:\WINDOWS\system32\drivers\rawwan.sys [2004-08-04 07:00]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 tap0901;TAP-Win32 Adapter V9;C:\WINDOWS\system32\DRIVERS\tap0901.sys [2008-07-31 17:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaf3443-e269-11dc-a55c-00130210482d}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8146c484-4543-d89d-950d-e485c6f696cd} - C:\WINDOWS\system32\omeaoatkjnlsv.dll
BHO-{e99ec554-5965-15a2-19de-f732e2d93240} - C:\WINDOWS\system32\iwatygpbjcnaoxsr.dll
HKLM-Run-{AF-F9-9F-FF-DW} - C:\windows\system32\rownw64r.exe
HKLM-Run-BM4709cacc - C:\WINDOWS\system32\otgpvqjs.dll
HKLM-Run-443af950 - C:\WINDOWS\system32\vfhcciva.dll
HKU-Default-Run-MySpaceIM - C:\Program Files\MySpace\IM\MySpaceIM.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\robert\Application Data\Mozilla\Firefox\Profiles\q0hnplrn.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 18:08:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
.
**************************************************************************
.
Completion time: 2008-08-24 18:14:15 - machine was rebooted [robert]
ComboFix-quarantined-files.txt 2008-08-24 23:14:12

Pre-Run: 11,493,961,728 bytes free
Post-Run: 11,413,327,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU(2).exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

277 --- E O F --- 2008-08-16 13:34:08








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:42 PM, on 8/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1207791415735
O16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://timeticker.co...t/TcpServer.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8471 bytes
  • 0

#4
Rorschach112
Posted 24 August 2008 - 05:35 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\ocntmtdl.exe
C:\WINDOWS\system32\g17.exe


Folder::
C:\WINDOWS\system32\spol
C:\WINDOWS\system32\jr
C:\WINDOWS\system32\drive2
C:\WINDOWS\system32\Cusp
C:\WINDOWS\system32\eMaxt02
C:\Temp\bbc2

Sysrst::


Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaf3443-e269-11dc-a55c-00130210482d}]

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\system32\###Temp###
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#5
Rorschach112
Posted 28 August 2008 - 05:40 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP