Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lots of pop-ups. Please help :(.

Started by Corey103 , Dec 14 2008 12:42 AM

  • Please log in to reply

#1
Corey103
Posted 14 December 2008 - 12:42 AM

Corey103

    New Member

  • Member
  • Pip
  • 1 posts
Here is a COMBOFIX LOG:
ComboFix 08-12-13.03 - F.E.A.R 2008-12-14 1:26:43.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.894.444 [GMT -5:00]
Running from: c:\documents and settings\F.E.A.R\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\F.E.A.R\Application Data\addon.dat
c:\windows\system32\cbXronmL.dll
c:\windows\system32\DMUCJkkj.ini
c:\windows\system32\DMUCJkkj.ini2
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fsystatr.dll
c:\windows\system32\jkkJCUMD.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\wplvlm.dll
c:\windows\Tasks\saekhila.job

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_NPF
-------\Service_oreans32


(((((((((((((((((((((((((   Files Created from 2008-11-14 to 2008-12-14  )))))))))))))))))))))))))))))))
.

2008-12-13 20:20 . 2008-12-13 20:20	<DIR>	d--------	c:\program files\Lavasoft
2008-12-13 20:20 . 2008-12-13 20:22	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-13 19:49 . 2007-12-03 10:49	<DIR>	d--------	c:\documents and settings\Administrator.GMOD.000\Application Data\InstallShield
2008-12-13 19:49 . 2008-07-10 23:23	<DIR>	d--------	c:\documents and settings\Administrator.GMOD.000\Application Data\ATI
2008-12-13 19:49 . 2008-12-13 19:49	<DIR>	d--------	c:\documents and settings\Administrator.GMOD.000
2008-12-13 15:49 . 2008-12-13 20:11	<DIR>	d--------	c:\documents and settings\All Users\Application Data\EmailNotifier
2008-12-13 03:23 . 2008-12-13 03:23	35,328	--a------	c:\windows\system32\geBuUmMe.dll
2008-12-13 03:22 . 2008-12-13 03:22	35,328	--a------	c:\windows\system32\wvUopqRK.dll
2008-12-13 03:12 . 2008-12-13 15:29	4,413	--ahs----	c:\windows\system\klog.dat
2008-12-13 03:10 . 2008-12-13 03:10	5,488,640	--a------	c:\windows\system32\xa30249921.exe
2008-12-13 03:10 . 2008-12-13 03:10	5,488,640	--a------	c:\windows\system32\xa30249546.exe
2008-12-13 03:10 . 2008-12-13 03:10	5,488,640	--a------	c:\windows\system32\xa30231921.exe
2008-12-13 03:10 . 2008-12-13 03:10	5,488,640	--a------	c:\windows\system32\xa30231328.exe
2008-12-13 03:10 . 2008-12-13 03:10	176,128	--a------	c:\windows\system32\xwr98477.dll
2008-12-13 03:10 . 2008-12-13 03:10	176,128	--a------	c:\windows\system32\wr98477.dll
2008-12-13 02:47 . 2008-12-13 03:32	21	--a------	c:\windows\mta.ini
2008-12-13 02:45 . 2008-12-13 18:32	<DIR>	d--------	c:\program files\Multi Theft Auto
2008-12-12 22:54 . 2008-12-12 22:54	<DIR>	d--------	c:\program files\NHN USA
2008-12-12 22:54 . 2008-06-17 19:28	710,064	--a------	c:\windows\system32\ijjiSetup.exe
2008-12-12 22:54 . 2008-04-23 14:02	157,152	--a------	c:\windows\system32\PubPlugin.dll
2008-12-12 22:54 . 2008-06-11 23:01	58,800	--a------	c:\windows\system32\ijjiPlugin2.dll
2008-12-09 00:26 . 2008-12-09 00:26	237,568	--a------	c:\windows\system32\rmc_rtspdl.dll
2008-12-09 00:26 . 2008-12-09 00:26	156,672	--a------	c:\windows\system32\rmc_fixasf.exe
2008-12-09 00:25 . 2008-12-09 00:25	<DIR>	d--------	c:\windows\Replay Media Catcher
2008-12-09 00:25 . 2008-12-09 00:26	323,584	--a------	c:\windows\system32\AUDIOGENIE2.DLL
2008-12-09 00:24 . 2008-12-09 01:24	<DIR>	d--------	c:\program files\Replay Media Catcher
2008-12-09 00:04 . 2008-12-09 00:04	<DIR>	d--------	c:\windows\system32\lib
2008-12-09 00:04 . 2008-12-09 00:04	<DIR>	d--------	c:\program files\YouTube Video Ripper
2008-12-09 00:04 . 2008-12-09 00:17	<DIR>	d--------	c:\documents and settings\F.E.A.R\Application Data\downyourtube
2008-12-08 08:12 . 2008-12-08 08:12	<DIR>	d--------	c:\program files\AskBarDis
2008-12-08 08:12 . 2008-12-08 08:16	<DIR>	d----c---	C:\DVDVideoSoft
2008-12-08 08:11 . 2008-12-08 08:11	<DIR>	d--------	c:\program files\DVDVideoSoft
2008-12-08 08:11 . 2008-12-08 08:12	<DIR>	d--------	c:\program files\Common Files\DVDVideoSoft
2008-12-08 00:00 . 2008-12-08 00:00	<DIR>	d--------	c:\program files\Valve
2008-12-07 13:30 . 2008-12-07 13:30	<DIR>	d--------	c:\program files\Makayama Interactive
2008-12-07 13:30 . 2004-11-01 06:38	57,344	--a------	c:\windows\system32\XButton.ocx
2008-12-06 21:12 . 2008-12-06 21:12	<DIR>	d--------	c:\program files\Adobe PhotoShop CS3
2008-12-06 16:45 . 2008-12-06 16:47	<DIR>	d---s----	c:\documents and settings\Administrator.GMOD
2008-12-05 23:33 . 2008-12-05 23:33	<DIR>	d--------	c:\documents and settings\F.E.A.R\Application Data\Thinstall
2008-12-04 00:54 . 2008-12-04 01:00	<DIR>	d--------	c:\program files\PC Satellite TV
2008-12-04 00:39 . 2008-12-04 00:39	<DIR>	d--------	c:\program files\Intelore
2008-12-03 02:20 . 2008-12-13 03:03	22,328	--a------	c:\documents and settings\F.E.A.R\Application Data\PnkBstrK.sys
2008-12-03 02:19 . 2008-12-13 03:02	682,280	--a------	c:\windows\system32\pbsvc.exe
2008-12-03 02:13 . 2008-12-10 16:41	<DIR>	d--------	c:\program files\Ubisoft
2008-12-02 18:27 . 2008-12-08 00:11	<DIR>	d--------	c:\program files\Unlocker
2008-12-02 18:24 . 2008-12-02 18:24	<DIR>	d--------	c:\program files\Recuva
2008-11-30 14:27 . 2008-11-30 14:27	<DIR>	d--------	c:\program files\Ventrilo
2008-11-30 14:27 . 2008-11-30 14:27	262	--a------	c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-30 14:22 . 2008-11-30 14:27	<DIR>	d--------	c:\documents and settings\F.E.A.R\Application Data\Ventrilo
2008-11-30 13:51 . 2008-11-30 13:51	<DIR>	d--------	c:\program files\Eidos Interactive
2008-11-30 03:52 . 2008-11-30 03:58	<DIR>	d----c---	C:\HammerAutosave
2008-11-29 13:35 . 2008-12-10 16:39	<DIR>	d--------	c:\program files\Bethesda Softworks
2008-11-29 13:12 . 2008-11-29 13:35	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Fallout3
2008-11-29 13:09 . 2008-11-29 13:09	<DIR>	d--------	c:\windows\system32\xlive
2008-11-29 01:12 . 2008-11-29 13:10	714	--a------	c:\documents and settings\F.E.A.R\Application Data\FNTCACHE.BIN
2008-11-29 01:10 . 2008-11-29 01:10	<DIR>	d--------	c:\program files\YourWare Solutions
2008-11-27 16:51 . 2004-08-04 00:56	159,232	--a------	c:\windows\system32\ptpusd.dll
2008-11-27 16:51 . 2004-08-03 22:58	15,104	--a------	c:\windows\system32\drivers\usbscan.sys
2008-11-27 16:51 . 2004-08-03 22:58	15,104	--a------	c:\windows\system32\dllcache\usbscan.sys
2008-11-27 16:51 . 2001-08-17 22:36	5,632	--a------	c:\windows\system32\ptpusb.dll
2008-11-26 10:41 . 2008-11-26 10:41	<DIR>	d--------	c:\program files\TubeTilla
2008-11-26 10:38 . 2008-11-26 10:38	<DIR>	d--------	c:\program files\C12
2008-11-23 17:54 . 2008-11-23 17:54	<DIR>	d--------	c:\program files\iTunes
2008-11-23 17:54 . 2008-11-23 17:54	<DIR>	d--------	c:\program files\iPod
2008-11-23 17:54 . 2008-11-23 17:54	<DIR>	d--------	c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 15:22 . 2008-11-23 15:34	<DIR>	d---s----	c:\documents and settings\Administrator.CHOCOLATE_CAKE
2008-11-23 13:50 . 2008-11-23 15:34	<DIR>	d--------	c:\program files\KGB Archiver 2
2008-11-22 22:06 . 2008-11-22 22:06	<DIR>	d--------	c:\program files\Softnyx
2008-11-22 16:12 . 2008-11-22 16:12	<DIR>	d----c---	C:\ijji
2008-11-22 16:11 . 2008-11-22 16:11	<DIR>	d--------	c:\documents and settings\All Users\Application Data\IJJIGame
2008-11-21 19:05 . 2008-11-23 17:08	<DIR>	d----c---	C:\PacSteamT
2008-11-21 17:16 . 2008-11-21 17:16	603,904	--a------	c:\windows\system32\TUProgSt.exe
2008-11-21 17:16 . 2008-11-21 17:16	362,240	--a------	c:\windows\system32\TuneUpDefragService.exe
2008-11-21 17:16 . 2008-11-12 16:44	27,904	--a------	c:\windows\system32\uxtuneup.dll
2008-11-21 17:15 . 2008-11-21 17:16	<DIR>	d--------	c:\program files\TuneUp Utilities 2009
2008-11-21 17:15 . 2008-11-21 17:15	<DIR>	d--------	c:\documents and settings\F.E.A.R\Application Data\TuneUp Software
2008-11-21 17:15 . 2008-11-21 17:15	<DIR>	d--------	c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-21 17:15 . 2008-11-21 17:15	<DIR>	d--hs----	c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-11-21 16:43 . 2008-11-21 16:43	<DIR>	d--------	c:\program files\Axife Mouse Recorder DEMO
2008-11-20 16:55 . 2008-11-20 16:56	<DIR>	d--------	c:\program files\ReaConverter 5.5 Pro
2008-11-20 16:55 . 2008-11-20 17:06	<DIR>	d--------	c:\documents and settings\F.E.A.R\Application Data\RCP 5
2008-11-19 18:13 . 2008-11-19 18:13	<DIR>	dr-h-----	c:\documents and settings\F.E.A.R\Application Data\SecuROM
2008-11-19 17:25 . 2008-11-19 17:25	<DIR>	d--------	c:\program files\CAPCOM
2008-11-19 16:57 . 2008-11-19 16:57	<DIR>	d--------	c:\program files\THQ
2008-11-19 16:56 . 2008-11-22 15:22	<DIR>	d--------	c:\documents and settings\F.E.A.R\Application Data\DAEMON Tools
2008-11-18 23:59 . 2008-11-19 00:03	<DIR>	d--------	c:\program files\Prince of Persia Warrior Within
2008-11-18 01:33 . 2008-11-18 01:39	<DIR>	d--------	c:\program files\pspvc
2008-11-18 01:33 . 2008-11-18 01:36	<DIR>	d--------	c:\program files\AviSynth 2.5
2008-11-18 01:33 . 2008-11-18 01:36	22	--a------	c:\windows\pspvc_path.ini
2008-11-18 00:07 . 2008-11-18 00:07	<DIR>	d--------	c:\program files\SystemRequirementsLab
2008-11-18 00:06 . 2008-11-18 00:07	<DIR>	d--------	c:\documents and settings\F.E.A.R\Application Data\SystemRequirementsLab
2008-11-17 23:16 . 2008-11-17 23:52	<DIR>	d--------	c:\program files\DirectX Happy Uninstall
2008-11-17 23:01 . 2008-11-17 23:52	<DIR>	d--------	c:\program files\ACW
2008-11-17 20:39 . 2008-11-17 23:54	<DIR>	d--------	c:\program files\DirectX Uninstaller v.13
2008-11-17 20:22 . 2008-11-17 22:51	<DIR>	d--------	c:\windows\Logs
2008-11-16 22:46 . 2008-11-16 22:46	<DIR>	d--------	c:\documents and settings\F.E.A.R\Application Data\Ulead Systems
2008-11-16 22:44 . 2008-11-16 22:44	<DIR>	d--------	c:\program files\Ulead Systems
2008-11-16 22:44 . 2008-11-17 23:56	<DIR>	d--------	c:\program files\Common Files\Ulead Systems
2008-11-16 22:44 . 2008-11-17 23:56	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-16 22:33 . 2008-11-16 22:33	<DIR>	d--------	c:\documents and settings\F.E.A.R\Application Data\Sony
2008-11-16 22:30 . 2008-11-16 22:30	<DIR>	d--------	c:\program files\Sony Setup
2008-11-16 22:30 . 2008-11-16 22:30	<DIR>	d--------	c:\program files\Sony
2008-11-16 01:32 . 2008-11-16 01:32	<DIR>	d--------	c:\program files\Moyea
2008-11-16 01:32 . 2008-11-16 01:32	<DIR>	d--------	c:\documents and settings\F.E.A.R\Application Data\Moyea
2008-11-15 17:08 . 2008-11-17 23:57	<DIR>	d--------	c:\program files\TZ Connection Booster

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 06:22	---------	d-----w	c:\program files\Trend Micro
2008-12-14 01:25	---------	d-----w	c:\program files\Steam
2008-12-14 01:19	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2008-12-13 22:44	---------	d-----w	c:\program files\Activision
2008-12-13 20:33	---------	d-----w	c:\program files\Spybot - Search & Destroy
2008-12-13 08:36	---------	d-----w	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-13 08:24	138,464	----a-w	c:\windows\system32\drivers\PnkBstrK.sys
2008-12-13 08:22	---------	d-----w	c:\documents and settings\F.E.A.R\Application Data\uTorrent
2008-12-13 08:02	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-12-12 02:28	---------	d-----w	c:\documents and settings\F.E.A.R\Application Data\Hamachi
2008-12-07 02:13	---------	d-----w	c:\program files\Common Files\Adobe
2008-11-29 17:52	---------	d-----w	c:\program files\Gpotato
2008-11-26 20:41	---------	d-----w	c:\program files\ATI Technologies
2008-11-23 19:11	---------	d-----w	c:\program files\Cheat Engine
2008-11-18 11:14	---------	d-----w	c:\program files\DAP
2008-11-18 06:46	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
2008-11-18 06:46	---------	d-----w	c:\documents and settings\All Users\Application Data\SpeedBit
2008-11-10 19:13	---------	d-----w	c:\program files\BitComet Acceleration Patch
2008-11-10 18:55	---------	d-----w	c:\program files\BitComet
2008-11-10 18:21	---------	d-----w	c:\documents and settings\All Users\Application Data\Launcher
2008-11-10 05:40	---------	d-----w	c:\documents and settings\F.E.A.R\Application Data\MozillaControl
2008-11-10 05:38	---------	d-----w	c:\program files\Mozilla ActiveX Control v1.7.12
2008-11-10 05:38	---------	d-----w	c:\program files\Graboid
2008-11-10 05:38	---------	d-----w	c:\documents and settings\All Users\Application Data\Graboid Inc
2008-11-10 05:22	---------	d-----w	c:\documents and settings\F.E.A.R\Application Data\Lost Marble
2008-11-10 05:19	---------	d-----w	c:\program files\Smith Micro
2008-11-08 17:37	---------	d-----w	c:\documents and settings\F.E.A.R\Application Data\Bioshock
2008-11-03 02:01	---------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2008-11-03 01:31	---------	d-----w	c:\documents and settings\F.E.A.R\Application Data\Malwarebytes
2008-11-01 21:07	---------	d-----w	c:\program files\Swf2Avi
2008-11-01 20:39	---------	d-----w	c:\program files\TechSmith
2008-11-01 20:21	---------	d-----w	c:\program files\Freestylers Gaming Community
2008-11-01 01:29	---------	d-----w	c:\documents and settings\F.E.A.R\Application Data\ATI
2008-10-24 11:10	453,632	----a-w	c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 21:10	38,496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10	15,504	----a-w	c:\windows\system32\drivers\mbam.sys
2008-10-19 19:11	---------	d-----w	c:\program files\Defraggler
2008-10-16 20:18	---------	d-----w	c:\program files\Audacity
2008-10-15 01:28	---------	d-----w	c:\program files\RelevantKnowledge
2008-09-30 03:38	16,384	-c--a-w	C:\msansspc(2).dll
2008-02-27 22:48	774,144	----a-w	c:\program files\RngInterstitial.dll
2008-01-11 01:14	32	-c--a-r	c:\documents and settings\All Users\hash.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E7E36E6-B7BF-3768-A3F3-8DA55E1EE651}]
2008-12-13 03:10	176128	--a------	c:\windows\system32\xwr98477.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wplvlm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ZDSV"= scrvid.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"StyleXPService"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Home\\ftpte.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\GhostSurf 2005\\Proxy.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Steam\\steamapps\\corey105\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\PacSteamT\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Softnyx\\RakionIS\\Bin\\rakion.bin"=
"c:\\Program Files\\Steam\\steamapps\\corey105\\garrysmod\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\PC Satellite TV\\PC Satellite TV.exe"=
"c:\\Program Files\\pspvc\\PSPVC (Server).exe"=
"c:\\WINDOWS\\system32\\xa30231328.exe"=
"c:\\WINDOWS\\system32\\xa30249546.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43594:TCP"= 43594:TCP:PingScape.no-ip.biz
"13984:TCP"= 13984:TCP:BitComet 13984 TCP
"13984:UDP"= 13984:UDP:BitComet 13984 UDP
"38519:TCP"= 38519:TCP:null

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys []
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-18 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-08-18 20560]
R3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys [2006-12-27 9006]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]
S4 FAH@C:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;FAH@C:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe;c:\program files\Ubisoft\Far Cry 2\bin\FAH.exe -svcstart []
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-11-21 603904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DF43C228-50C4-8BE4-A1E0-8EAD02A98C7B}]
c:\windows\System\svchost.exe s
.
Contents of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 16:28]

2008-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-08 c:\windows\Tasks\Critical Battery Alarm Program.job
- c:\documents and settings\F.E.A.R\My Documents\Stupid!.txt [2008-09-15 11:16]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3D58B79D-B824-4B8D-84CB-59CD075D8500} - c:\windows\system32\jkkJCUMD.dll
BHO-{cc8848e7-a964-42d3-8978-ad083e021dbf} - c:\windows\system32\wplvlm.dll
Notify-iifCsQhG - iifCsQhG.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071203
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071203
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\F.E.A.R\Application Data\Mozilla\Firefox\Profiles\c1uwdt4w.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.thedarkwarez.com/index.php?action=forum|http://tmuservers.com/index.php?action=forum
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\DNA\plugins\npbtdna.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 01:33:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  NoActiveDesktopChanges = 3F 00 00 00 
  NoActiveDesktop = 63
  NoSaveSettings = 63
  ClassicShell = 63

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+Ubisoft+Far Cry 2+bin+FAH.exe]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2008-12-14  1:38:37 - machine was rebooted [F.E.A.R]
ComboFix-quarantined-files.txt  2008-12-14 06:38:34

Pre-Run: 42,278,748,160 bytes free
Post-Run: 42,448,023,552 bytes free

350	--- E O F ---	2008-12-10 11:07:50
And here's a HIJACKTHIS log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:28 AM, on 12/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: D - {1E7E36E6-B7BF-3768-A3F3-8DA55E1EE651} - C:\WINDOWS\system32\xwr98477.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O20 - AppInit_DLLs: wplvlm.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 3378 bytes

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP