Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

tricky rookkit stuff


  • Please log in to reply

#1
rabies

rabies

    New Member

  • Member
  • Pip
  • 1 posts
So let's start off by saying that this is my employer's computer and it needs to be super freaking clean as it deals with a lot of client info. At this moment it is riddled with all sorts of fun trojans and spyware and malware and rootkits and whatever the [bleep] else you can think of. I've cleared temp and cookies with revo uninstaller and I have them using ESET smart security with all that firewalll stuff. They previouslsy got sucked into buying a subscription to "Internet AntiVirus Pro" (LOL) and I have been looking around in some of the other forums as to removal but it is almost the end of my shift and theres no way I'm staying here for like 4 hours, picking my [bleep] until someone can reply. I've installed ComboFix and I let it have it's run, the log is here for you. If someone could give me further instructions for tomorrow when I try and tackle this problem further that would be awesome!

Thanks!

ComboFix 09-06-14.02 - HP_Owner 06/15/2009 14:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1132 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner.YOUR-27E1513D96\My Documents\Downloads\Combo-Fix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\Internet Antivirus Pro
c:\program files\Internet Antivirus Pro
c:\windows\Downloaded Program Files\MyWebEx
c:\windows\system32\drivers\UACkhbgrqoqvdypisx.sys
c:\windows\system32\UACboyrdpedxqubbww.dll
c:\windows\system32\UACcplvbmwyrqjxfmq.dll
c:\windows\system32\UAChyoquweeowlfjky.log
c:\windows\system32\UAClofjroanevwixvd.log
c:\windows\system32\UACmlkkklolkjrjvbs.dll
c:\windows\system32\UACmnknjmltltitudo.dll
c:\windows\system32\UACqdjptgyfgulyivd.log
c:\windows\system32\UACvhioykfiynryirg.dat
c:\windows\system32\UACvptxewsrnkvymex.dll
c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\Internet Antivirus Pro\db\config.cfg
c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\Internet Antivirus Pro\db\Timeout.inf
c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\Internet Antivirus Pro\db\Urls.inf
c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\Internet Antivirus Pro\settings.ini
c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\Internet Antivirus Pro\uill.ini
c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\Internet Antivirus Pro\updateloadlist.ini
c:\program files\Internet Antivirus Pro\activate.ico
c:\program files\Internet Antivirus Pro\db\DBInfo.ver
c:\program files\Internet Antivirus Pro\db\ia080614.db
c:\program files\Internet Antivirus Pro\Explorer.ico
c:\program files\Internet Antivirus Pro\Languages\IAEs.lng
c:\program files\Internet Antivirus Pro\Languages\IAFr.lng
c:\program files\Internet Antivirus Pro\Languages\IAGer.lng
c:\program files\Internet Antivirus Pro\Languages\IAIt.lng
c:\program files\Internet Antivirus Pro\unins000.dat
c:\program files\Internet Antivirus Pro\unins000.exe
c:\program files\Internet Antivirus Pro\uninstall.ico
c:\program files\Internet Antivirus Pro\working.log
c:\windows\Downloaded Program Files\MyWebEx\319\aasetup.dll
c:\windows\Downloaded Program Files\MyWebEx\319\Agent.ini
c:\windows\Downloaded Program Files\MyWebEx\319\atagtctl.exe
c:\windows\Downloaded Program Files\MyWebEx\319\atarm.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atas32.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atasanot.exe
c:\windows\Downloaded Program Files\MyWebEx\319\atasctrl.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atasnt40.dll
c:\windows\Downloaded Program Files\MyWebEx\319\ataudio.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atauthor.exe
c:\windows\Downloaded Program Files\MyWebEx\319\atcarmcl.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atdl2006.dll
c:\windows\Downloaded Program Files\MyWebEx\319\ateditor.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atinet.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atjpeg60.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atkbctl.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atlchat.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atmemmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atnetext.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atnthost.exe
c:\windows\Downloaded Program Files\MyWebEx\319\atpack.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atpcapnt.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atpdrvnt.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atpng12.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atprint.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atprint.gpd
c:\windows\Downloaded Program Files\MyWebEx\319\atprtses.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atrares.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atrcp.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atrecply.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atres.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atrpui.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atscr.scr
c:\windows\Downloaded Program Files\MyWebEx\319\atstmget.dll
c:\windows\Downloaded Program Files\MyWebEx\319\attp.dll
c:\windows\Downloaded Program Files\MyWebEx\319\atwbxui6.dll
c:\windows\Downloaded Program Files\MyWebEx\319\cmcrypto.dll
c:\windows\Downloaded Program Files\MyWebEx\319\h264dec.dll
c:\windows\Downloaded Program Files\MyWebEx\319\h264enc.dll
c:\windows\Downloaded Program Files\MyWebEx\319\insallmobile.log
c:\windows\Downloaded Program Files\MyWebEx\319\Install.ini
c:\windows\Downloaded Program Files\MyWebEx\319\mac.dll
c:\windows\Downloaded Program Files\MyWebEx\319\mmssl32.dll
c:\windows\Downloaded Program Files\MyWebEx\319\msess.dll
c:\windows\Downloaded Program Files\MyWebEx\319\mticket.dll
c:\windows\Downloaded Program Files\MyWebEx\319\mutiltpd.dll
c:\windows\Downloaded Program Files\MyWebEx\319\mvc.dll
c:\windows\Downloaded Program Files\MyWebEx\319\mwpc.ini
c:\windows\Downloaded Program Files\MyWebEx\319\raagt.dll
c:\windows\Downloaded Program Files\MyWebEx\319\raagtapp.exe
c:\windows\Downloaded Program Files\MyWebEx\319\racfg.exe
c:\windows\Downloaded Program Files\MyWebEx\319\rafilesp.dll
c:\windows\Downloaded Program Files\MyWebEx\319\ramtmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\319\rapanel.exe
c:\windows\Downloaded Program Files\MyWebEx\319\ratrace.dll
c:\windows\Downloaded Program Files\MyWebEx\319\Ratrace\ratrace.txt
c:\windows\Downloaded Program Files\MyWebEx\319\raupdate.exe
c:\windows\Downloaded Program Files\MyWebEx\319\raurl.dll
c:\windows\Downloaded Program Files\MyWebEx\319\stdnames.gpd
c:\windows\Downloaded Program Files\MyWebEx\319\uilibres.dll
c:\windows\Downloaded Program Files\MyWebEx\319\unidrv.dll
c:\windows\Downloaded Program Files\MyWebEx\319\unidrv.hlp
c:\windows\Downloaded Program Files\MyWebEx\319\unidrvui.dll
c:\windows\Downloaded Program Files\MyWebEx\319\unires.dll
c:\windows\Downloaded Program Files\MyWebEx\319\wbxcrypt.dll
c:\windows\Downloaded Program Files\MyWebEx\319\WbxDLDrv.exe
c:\windows\Downloaded Program Files\MyWebEx\319\WbxDLMgr.dll
c:\windows\IE4 Error Log.txt
c:\windows\ieocx.dll
c:\windows\system32\drivers\UACkhbgrqoqvdypisx.sys
c:\windows\system32\UACboyrdpedxqubbww.dll
c:\windows\system32\UACcplvbmwyrqjxfmq.dll
c:\windows\system32\UAChyoquweeowlfjky.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UAClofjroanevwixvd.log
c:\windows\system32\UACmlkkklolkjrjvbs.dll
c:\windows\system32\UACmnknjmltltitudo.dll
c:\windows\system32\UACqdjptgyfgulyivd.log
c:\windows\system32\UACvhioykfiynryirg.dat
c:\windows\system32\UACvptxewsrnkvymex.dll
c:\windows\winhelp.ini
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.

2009-06-15 15:58 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 15:58 . 2009-06-15 17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 15:58 . 2009-06-15 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-15 15:58 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 13:19 . 2009-06-15 13:19 -------- d-----w- c:\program files\VS Revo Group
2009-06-01 20:12 . 2006-12-07 14:45 110592 ----a-w- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\U3\temp\cleanup.exe
2009-06-01 18:33 . 2006-12-07 14:45 3096576 ---ha-w- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\U3\temp\Launchpad Removal.exe
2009-06-01 18:33 . 2009-06-01 20:12 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\U3
2009-05-25 19:19 . 2009-05-25 19:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-25 18:31 . 2009-05-25 18:36 -------- d-----w- c:\windows\SxsCaPendDel
2009-05-25 18:14 . 2009-05-25 18:14 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\URSoft
2009-05-25 18:14 . 2009-06-15 13:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-25 18:14 . 2009-06-15 13:21 -------- d-----w- c:\program files\Your Uninstaller 2008
2009-05-25 15:51 . 2009-05-25 15:51 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Local Settings\Application Data\ESET
2009-05-25 15:51 . 2009-05-25 15:51 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\ESET
2009-05-25 15:48 . 2009-05-25 15:48 -------- d-----w- c:\program files\ESET
2009-05-25 15:48 . 2009-05-25 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-05-25 14:23 . 2009-05-25 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-05-25 14:21 . 2009-05-25 14:21 -------- d-----w- c:\program files\Common Files\iS3
2009-05-24 00:21 . 2009-05-24 00:21 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-23 13:05 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-05-23 13:04 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-05-22 19:57 . 2009-06-15 13:03 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Tracing
2009-05-22 19:54 . 2009-05-22 19:54 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-22 19:54 . 2009-05-22 19:54 -------- d-----w- c:\program files\Windows Live
2009-05-22 19:48 . 2009-05-22 19:48 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 17:42 . 2008-10-31 13:37 -------- d-----w- c:\program files\LogMeIn
2009-06-15 17:42 . 2005-10-07 21:28 -------- d-----w- c:\program files\Quicken
2009-06-15 17:42 . 2005-10-07 21:21 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 17:42 . 2005-10-07 21:19 -------- d-----w- c:\program files\IntelliMover Data Transfer Demo
2009-06-15 17:42 . 2005-10-07 21:09 -------- d-----w- c:\program files\MSN Encarta Standard
2009-06-13 23:48 . 2008-01-02 18:36 14101 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys
2009-06-13 17:23 . 2009-02-23 16:59 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\FileZilla
2009-05-26 12:19 . 2006-02-07 18:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-25 18:36 . 2009-05-06 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-05-25 18:32 . 2005-10-07 21:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 18:31 . 2008-12-04 17:27 -------- d-----w- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\uTorrent
2009-05-23 15:22 . 2009-05-06 16:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-05-22 19:55 . 2008-12-04 19:31 71416 ----a-w- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-22 19:54 . 2005-12-30 15:02 -------- d-----w- c:\program files\Microsoft
2009-05-16 12:44 . 2005-10-07 21:41 -------- d-----w- c:\program files\Google
2009-05-15 17:12 . 2009-05-15 17:11 -------- d-----w- c:\program files\Picasa2
2009-05-15 17:10 . 2009-05-15 17:10 -------- d-----w- c:\program files\Western Digital
2009-05-15 17:09 . 2009-05-15 17:09 -------- d-s---w- c:\documents and settings\All Users\Application Data\Memeo
2009-05-15 17:01 . 2009-05-15 17:01 8854 ----a-r- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2009-05-15 17:01 . 2009-05-15 17:01 40960 ----a-r- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2009-05-15 17:01 . 2009-05-15 17:01 10134 ----a-r- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2009-05-15 17:01 . 2009-05-15 17:01 -------- d-----w- c:\program files\Western Digital Technologies
2009-05-14 19:49 . 2009-05-14 19:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 19:49 . 2009-05-14 19:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 19:49 . 2009-05-14 19:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 19:47 . 2009-05-14 19:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 19:41 . 2009-05-14 19:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-13 16:32 . 2009-05-06 16:14 -------- d-----w- c:\program files\SiteAdvisor
2009-05-13 14:39 . 2009-05-13 14:39 213 ----a-w- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\asd.bat
2009-05-13 14:39 . 2009-05-13 14:39 213 ----a-w- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Application Data\asd.bat
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 16:14 . 2009-05-06 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-06 12:47 . 2009-05-06 07:38 2220107 ----a-w- c:\program files\Common Files\InternetAntivirusPro.exe
2009-04-29 04:46 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 12:33 . 2009-04-27 12:33 -------- d-----w- c:\program files\Last.fm
2009-04-18 12:44 . 2009-04-18 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-04-18 12:44 . 2005-10-07 21:17 -------- d---a-w- c:\program files\Common Files\LightScribe
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-15 17:10 . 2009-05-15 17:10 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-15 1838592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-3-4 967960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 00:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 FlipShare Service;FlipShare Service;c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe [11/13/2008 1:17 PM 439616]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [12/10/2008 12:16 PM 47640]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1429030262-3445963811-1461730026-1009.job
- c:\documents and settings\HP_Owner.YOUR-27E1513D96\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-05 16:14]

2009-05-15 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-10 09:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.itsadogslife.ca/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 14:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(904)
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
.
**************************************************************************
.
Completion time: 2009-06-15 14:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-15 18:38

Pre-Run: 133,105,979,392 bytes free
Post-Run: 137,865,031,680 bytes free

312 --- E O F --- 2009-06-12 01:29
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP