Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Log - Please Help


  • This topic is locked This topic is locked
4 replies to this topic

#1 jwarren2k2

jwarren2k2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 29 January 2008 - 08:15 PM

Hello, please could you help me by telling me what I have to do with this log etc.

Kind regards,
James



LOG:



ComboFix 08-01-30.1 - James 2008-01-29 23:43:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.481 [GMT 0:00]
Running from: C:\Documents and Settings\James\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtstrs.dll
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\qwomfcds.dll
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Program Files\Common Files\StorageProtector
C:\Program Files\Common Files\StorageProtector\strpmon.exe
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\WINDOWS\retadpu1000520.exe
C:\WINDOWS\system32\awtstrs.dll
C:\WINDOWS\system32\awtuvtr.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\byxusrr.dll
C:\WINDOWS\system32\byxvwwv.dll
C:\WINDOWS\system32\byxywtt.dll
C:\WINDOWS\system32\byxyxxv.dll
C:\WINDOWS\system32\byxyyya.dll
C:\WINDOWS\system32\cbxvtqo.dll
C:\WINDOWS\system32\cbxwuvv.dll
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\cqrbntht.dllbox
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\ddcabcb.dll
C:\WINDOWS\system32\efcbcde.dll
C:\WINDOWS\system32\efcyvuv.dll
C:\WINDOWS\system32\gebcayv.dll
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\hbylknhx.dll
C:\WINDOWS\system32\hggebbc.dll
C:\WINDOWS\system32\iiffghh.dll
C:\WINDOWS\system32\jkkhfec.dll
C:\WINDOWS\system32\jkkhhef.dll
C:\WINDOWS\system32\jkkihee.dll
C:\WINDOWS\system32\jkkjjkh.dll
C:\WINDOWS\system32\jkklkhe.dll
C:\WINDOWS\system32\khfedby.dll
C:\WINDOWS\system32\ljjgecy.dll
C:\WINDOWS\system32\ljjgfgf.dll
C:\WINDOWS\system32\ljjhfff.dll
C:\WINDOWS\system32\ljjhghg.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljjiff.dll
C:\WINDOWS\system32\mljjkij.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\opnoono.dll
C:\WINDOWS\system32\pavzdjja.dllbox
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\pmnklkh.dll
C:\WINDOWS\system32\qomjiih.dll
C:\WINDOWS\system32\qomkhhg.dll
C:\WINDOWS\system32\qomlllj.dll
C:\WINDOWS\system32\qwomfcds.dll
C:\WINDOWS\system32\qwomfcds.dllbox
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\rqrpomj.dll
C:\WINDOWS\system32\ssqnlll.dll
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tuvuusq.dll
C:\WINDOWS\system32\tuvvtsq.dll
C:\WINDOWS\system32\tuvvutr.dll
C:\WINDOWS\system32\urqnnmm.dll
C:\WINDOWS\system32\urqpnoo.dll
C:\WINDOWS\system32\urqqpno.dll
C:\WINDOWS\system32\urqrpqq.dll
C:\WINDOWS\system32\utbmbjkn.dll
C:\WINDOWS\system32\uucbomwq.dll
C:\WINDOWS\system32\vturrrs.dll
C:\WINDOWS\system32\vtustrq.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wvurpmm.dll
C:\WINDOWS\system32\wvuttst.dll
C:\WINDOWS\system32\xxywxxx.dll
C:\WINDOWS\system32\yayxvww.dll
C:\WINDOWS\system32\yayxwvv.dll
C:\WINDOWS\system32\ybadd.bak1
C:\WINDOWS\system32\ycjpbvnj.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-29 23:38 . 2008-01-29 18:40 211 --a------ C:\Boot.bak
2008-01-29 23:37 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-29 22:52 . 2008-01-29 22:52 <DIR> d-------- C:\ComboFix[1]
2008-01-29 22:46 . 2008-01-29 22:46 <DIR> d-------- C:\Documents and Settings\James\Application Data\Grisoft
2008-01-29 22:45 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-29 22:44 . 2008-01-29 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-29 22:44 . 2008-01-29 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-29 20:10 . 2008-01-29 20:21 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-29 20:04 . 2008-01-29 20:04 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-29 20:02 . 2008-01-29 20:01 257,568 --a------ C:\Documents and Settings\James\Application Data\setup_en[1].exe
2008-01-29 19:46 . 2008-01-30 23:43 21 --a------ C:\WINDOWS\pskt.ini
2008-01-29 19:25 . 2008-01-29 19:25 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-29 10:11 . 2008-01-29 19:46 49 --a------ C:\WINDOWS\BMd30925de.xml
2008-01-28 14:14 . 2008-01-28 14:14 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-28 13:58 . 2008-01-29 18:33 <DIR> d-------- C:\Program Files\Mozilla Firefox(2)
2008-01-28 13:58 . 2008-01-28 13:58 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-25 11:07 . 2008-01-25 11:07 74,304 --a------ C:\WINDOWS\system32\annplesh(2).exe
2008-01-23 20:44 . 2008-01-23 20:44 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-23 19:26 . 2008-01-23 19:27 <DIR> d-------- C:\Program Files\Apollo DVD Copy
2008-01-23 19:26 . 2008-01-23 19:26 39,264 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2008-01-21 22:24 . 2008-01-21 22:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-21 22:24 . 2008-01-21 22:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 19:04 . 2008-01-21 19:09 <DIR> d-------- C:\Program Files\Microsoft Money Plus
2008-01-16 19:28 . 2008-01-16 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-16 19:26 . 2008-01-16 19:26 <DIR> d-------- C:\Program Files\ATI
2008-01-15 12:51 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-15 12:51 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-15 12:51 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-15 12:51 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-15 12:15 . 2008-01-15 12:15 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-01-15 12:13 . 2008-01-15 12:13 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-01-10 14:45 . 2008-01-10 15:04 <DIR> d-------- C:\Documents and Settings\James\Application Data\BearShare
2007-12-27 22:11 . 2007-12-27 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-21 22:15 . 2007-12-21 23:01 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-21 22:15 . 2007-12-21 23:00 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-21 22:15 . 2007-12-21 23:01 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-21 22:15 . 2007-12-21 22:15 22,328 --a------ C:\Documents and Settings\James\Application Data\PnkBstrK.sys
2007-12-21 22:15 . 2007-12-21 22:15 319 --a------ C:\WINDOWS\game.ini
2007-12-21 21:24 . 2007-12-21 21:24 <DIR> d-------- C:\Program Files\Activision
2007-12-21 21:08 . 2007-12-21 21:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-14 12:22 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-14 12:21 . 2007-12-14 12:21 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-12 03:27 . 2007-12-12 03:27 <DIR> d-------- C:\Documents and Settings\James\Application Data\SolidWorks
2007-12-12 03:25 . 2007-12-12 03:28 <DIR> d-------- C:\Documents and Settings\James\Application Data\sldIM
2007-12-10 18:33 . 2007-12-10 19:34 <DIR> d-------- C:\Program Files\Digital Photo Recovery
2007-12-10 18:30 . 2007-12-10 18:30 <DIR> d-------- C:\Program Files\CardRecovery
2007-12-08 15:49 . 2007-12-08 15:49 <DIR> d-------- C:\Program Files\Convar
2007-12-08 15:49 . 2003-07-18 13:58 516,784 -ra------ C:\WINDOWS\system32\XceedCry.dll
2007-12-08 15:49 . 2002-02-28 09:46 217,088 --a------ C:\WINDOWS\system32\DartSock.dll
2007-12-08 15:49 . 2002-02-21 10:12 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll
2007-12-08 15:49 . 1998-06-13 22:53 44,544 --a------ C:\WINDOWS\system32\Gif89.dll
2007-12-08 15:49 . 2002-04-12 13:19 28,672 --a------ C:\WINDOWS\system32\DartWeb.oca
2007-12-07 12:21 . 2007-12-07 12:21 <DIR> d-------- C:\Documents and Settings\James\Application Data\CyberLink
2007-12-07 12:20 . 2007-12-07 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-07 12:19 . 2007-12-07 12:20 <DIR> d-------- C:\Program Files\CyberLink
2007-12-03 10:44 . 2007-12-03 10:44 <DIR> d-------- C:\WINDOWS\Drivers
2007-12-03 10:44 . 2007-12-03 10:44 <DIR> d-------- C:\Documents and Settings\James\Application Data\Intel
2007-12-03 10:44 . 2007-12-03 10:44 <DIR> d-------- C:\Documents and Settings\James\Application Data\Avocent AdminWorks
2007-12-03 10:44 . 2007-12-03 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avocent AdminWorks
2007-12-03 10:44 . 2005-03-15 16:04 21,248 --a------ C:\WINDOWS\system32\drivers\intelsmb.sys
2007-12-03 10:44 . 2005-06-30 16:58 7,296 --a------ C:\WINDOWS\system32\drivers\osaio.sys
2007-12-03 10:43 . 2007-12-03 10:43 7,424 --a------ C:\WINDOWS\system32\drivers\SIODRV.SYS
2007-12-01 21:49 . 2007-12-15 18:08 <DIR> d-------- C:\Program Files\Windows Live
2007-12-01 21:49 . 2007-12-01 21:51 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-01 21:48 . 2007-12-14 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-23 20:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 20:43 --------- d-----w C:\Program Files\MSECACHE
2008-01-23 18:58 17,664 ----a-w C:\WINDOWS\system32\drivers\LfNtSp50.SYS
2008-01-23 18:58 --------- d-----w C:\Program Files\Life Racing
2008-01-16 19:25 --------- d-----w C:\Program Files\ATI Technologies
2008-01-15 12:15 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2007-12-21 22:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 05:11 --------- d-----w C:\Documents and Settings\James\Application Data\Canon
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-03 10:44 --------- d-----w C:\Program Files\Intel
2007-11-30 13:12 --------- d-----w C:\Program Files\GTR2
2007-11-30 12:08 --------- d-----w C:\Program Files\Common Files\PestPatrol
2007-11-30 12:08 --------- d-----w C:\Documents and Settings\James\Application Data\Virgin Broadband
2007-11-30 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2007-11-30 12:01 --------- d-----w C:\Program Files\Ubi Soft
2007-11-30 11:59 --------- d-----w C:\Program Files\EA GAMES
2007-11-15 10:46 1,776 -c--a-w C:\Documents and Settings\James\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"Steam"="" []
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-09-17 10:32 4608]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-03-02 11:49 86016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [2006-03-08 19:02 146432]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 10:03 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-10 19:13 282624]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-07-20 05:55 1617920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 13:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"ipTray.exe"="C:\Program Files\Intel\IDU\iptray.exe" [2005-12-02 17:50 1687552]
"awTray.exe"="C:\Program Files\Intel\IDU\awtray.exe" [2005-12-01 11:59 1305600]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2007-11-16 19:20 91432]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 09:35 72736]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 12:06 62760]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=WIKI.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 05:42 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
--a------ 2003-04-01 16:41 270336 C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a--c--- 2003-12-30 10:40 380928 C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]


R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 13:22]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-11-11 14:51]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12]
R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe" [2005-09-06 22:11]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-18 01:48]
S2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-15 12:15]
S3 LfNtSp50;LfNtSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\LfNtSp50.sys [2008-01-23 18:58]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2006-11-20 12:47]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2006-11-20 12:48]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2006-11-20 12:48]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2006-11-20 12:49]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2006-11-20 12:47]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2006-11-20 12:50]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2006-11-20 12:47]

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 23:00:00 C:\WINDOWS\Tasks\A76C90D790F70F07.job"
- c:\docume~1\james\applic~1\proxyk~1\memoantesecond.exe
"2008-01-30 23:47:13 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D3DECC57-6D38-40B5-8AB4-ECD36CD1EC18}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 23:52:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Intel\IDU\awtray.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
.
**************************************************************************
.
Completion time: 2008-01-30 23:56:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 23:56:20
.
2008-01-29 19:37:36 --- E O F ---

BC AdBot (Login to Remove)

 


#2 jwarren2k2

jwarren2k2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 30 January 2008 - 05:21 AM

Any help much appreciated!

Thanks,
James

#3 jwarren2k2

jwarren2k2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 30 January 2008 - 11:39 AM

bump

#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:08:07 AM

Posted 10 February 2008 - 09:00 PM

Hello jwarren2k2,

Welcome to the Bleeping Computer Forum, sorry for the delay but with the amount of logs we get one or two sometimes fall through the cracks, plus by replying to yourself you took your log out of the Zero replies catagory that our helpers look for to work logs. If you have not resolved your issue and still need assistance, post a Hijackthis log please


Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#5 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:08:07 AM

Posted 25 February 2008 - 02:29 PM

This thread is being closed due to lack of response, if you need it reopened, PM a moderator

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users