Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Notepad Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 girlywit1985

girlywit1985

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 06 April 2008 - 11:30 AM

ComboFix 08-04-04.1 - @njo 2008-04-07 0:07:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.215 [GMT 8:00]
Running from: C:\Documents and Settings\@njo\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\@njo\Desktopblackbird.jpg
C:\Documents and Settings\@njo\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\@njo\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\@njo\Desktopfilemanagerclient.exe
C:\Documents and Settings\@njo\Desktopfkwp1.5.exe
C:\Documents and Settings\@njo\Desktopfkwp2.0.exe
C:\Documents and Settings\@njo\Desktopfwebd.exe
C:\Documents and Settings\@njo\DesktopFWebdEditor.exe
C:\Documents and Settings\@njo\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\@njo\Desktopvirii
C:\Documents and Settings\@njo\Favorites\Error Cleaner.url
C:\Documents and Settings\@njo\Favorites\Privacy Protector.url
C:\Documents and Settings\@njo\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\Installer\{8e6d6e66-92a3-430d-b39c-e9f983699d41}\SysAlrt.dll
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\mywallpaper.bmp
C:\WINDOWS\system32\awtTkHXo.dll
C:\WINDOWS\system32\jkkKbXqr.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\system32\rqXbKkkj.ini
C:\WINDOWS\system32\rqXbKkkj.ini2
C:\WINDOWS\system32\tvbdcdwu.ini
C:\WINDOWS\system32\uwdcdbvt.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

----- BITS: Possible infected sites -----

hxxp://flyvideonetwork.com
.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-03 23:12 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-04-03 23:12 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-04-03 22:21 . 2008-04-06 22:45 <DIR> dr-h----- C:\Documents and Settings\@njo\Recent
2008-04-03 10:38 . 2004-08-04 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-03 10:35 . 2008-04-03 10:42 <DIR> d-------- C:\Documents and Settings\@njo\Application Data\TmpRecentIcons
2008-04-02 10:39 . 2008-04-02 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\elqbyhop
2008-04-02 10:39 . 2008-04-02 10:39 110,592 --a------ C:\WINDOWS\system32\ezgzmzef.exe
2008-03-28 23:05 . 2008-04-06 22:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-28 23:05 . 2008-03-28 23:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-19 09:47 . 2008-04-03 22:00 <DIR> d-------- C:\Documents and Settings\@njo\Application Data\LimeWire
2008-03-19 09:47 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-19 09:46 . 2008-03-19 09:47 <DIR> d-------- C:\Program Files\Java
2008-03-19 09:30 . 2008-03-19 09:30 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-19 09:29 . 2008-03-19 09:47 <DIR> d-------- C:\Program Files\LimeWire
2008-03-17 12:20 . 2008-03-17 12:20 <DIR> d-------- C:\Documents and Settings\@njo\Application Data\Apple Computer
2008-03-17 11:49 . 2005-03-07 19:44 45,056 --a------ C:\WINDOWS\system32\PhDi2.sys
2008-03-17 11:48 . 2008-03-17 11:48 <DIR> d-------- C:\Program Files\QuickTime
2008-03-17 11:48 . 2008-03-17 11:48 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-17 11:47 . 2008-03-17 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-17 08:43 . 2008-03-17 08:43 <DIR> d-------- C:\Program Files\DivX
2008-03-14 19:10 . 2008-03-14 19:10 <DIR> d-------- C:\logs
2008-03-14 19:10 . 2008-03-14 19:10 <DIR> d-------- C:\Documents and Settings\@njo\ChikkaDefault
2008-03-14 19:09 . 2008-03-14 19:09 <DIR> d-------- C:\Program Files\Chikka Messenger
2008-03-13 20:24 . 2008-03-13 20:24 9,662 --a------ C:\WINDOWS\EPISME00.SWB
2008-03-13 19:51 . 2008-03-13 20:04 <DIR> d-------- C:\Program Files\EPSON
2008-03-13 19:51 . 2002-10-08 02:34 73,676 --a------ C:\WINDOWS\system32\EBPMON2.DLL
2008-03-13 19:51 . 2002-07-31 02:25 61,440 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-03-13 19:51 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-03-13 19:51 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT.DAT
2008-03-13 15:43 . 2008-03-28 00:58 <DIR> d-------- C:\Documents and Settings\@njo\Application Data\dvdcss
2008-03-11 22:21 . 2008-03-11 22:21 <DIR> d-------- C:\Program Files\PowerISO
2008-03-11 16:57 . 2008-04-06 22:45 <DIR> d-------- C:\Downloads
2008-03-11 16:04 . 2008-03-11 16:04 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-11 14:59 . 2008-03-11 14:59 <DIR> d-------- C:\Program Files\ESET
2008-03-11 14:59 . 2008-03-11 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-03-11 14:46 . 2008-03-11 14:47 <DIR> d-------- C:\Documents and Settings\@njo\Application Data\Google
2008-03-11 14:41 . 2008-03-11 16:43 <DIR> d-------- C:\Program Files\Google
2008-03-11 14:41 . 2008-04-06 23:46 <DIR> d-------- C:\Program Files\FlashGet
2008-03-10 09:26 . 2008-04-07 00:16 3,670,016 --a------ C:\Documents and Settings\@njo\ntuser.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 14:52 --------- d-----w C:\Program Files\Symantec
2008-04-03 14:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-17 03:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 03:49 --------- d-----w C:\Program Files\Panasonic
2008-03-15 13:36 --------- d-s---w C:\Documents and Settings\@njo\Application Data\Microsoft
2008-03-11 14:17 --------- d-----w C:\Documents and Settings\@njo\Application Data\Ahead
2008-03-09 11:59 --------- d-----w C:\Program Files\Word Search Deluxe
2008-03-05 14:43 --------- d-----w C:\Documents and Settings\@njo\Application Data\Panasonic
2008-03-05 14:42 --------- d-----w C:\Documents and Settings\@njo\Application Data\InstallShield
2008-03-05 12:26 --------- d-----w C:\Documents and Settings\@njo\Application Data\Datalayer
2008-03-05 00:55 --------- d-----w C:\Documents and Settings\@njo\Application Data\WinRAR
2008-03-01 13:48 --------- d-----w C:\Program Files\iWin.com
2008-03-01 05:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-01 05:49 --------- d-----w C:\Program Files\Yahoo!
2008-03-01 05:32 --------- d-----w C:\Program Files\CCleaner
2008-03-01 03:01 --------- d-----w C:\Documents and Settings\@njo\Application Data\vlc
2008-03-01 02:56 --------- d-----w C:\Program Files\VideoLAN
2008-02-29 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-27 02:59 --------- d-----w C:\Documents and Settings\@njo\Application Data\Adobe
2008-02-27 02:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-26 13:19 --------- d-----w C:\Program Files\The Apprentice Los Angeles
2008-02-26 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Legacy Interactive
2008-02-26 12:17 --------- d-----w C:\Program Files\ReflexiveArcade
2008-02-26 12:05 --------- d-----w C:\Documents and Settings\@njo\Application Data\Help
2008-02-26 11:09 --------- d-----w C:\Documents and Settings\@njo\Application Data\Nokia
2008-02-26 10:35 --------- d-----w C:\Documents and Settings\@njo\Application Data\Nokia Multimedia Player
2008-02-26 10:32 --------- d-----w C:\Program Files\Nokia
2008-02-26 10:31 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-26 10:31 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-26 10:31 --------- d-----w C:\Documents and Settings\@njo\Application Data\PC Suite
2008-02-26 06:10 --------- d-----w C:\Documents and Settings\@njo\Application Data\Yahoo!
2008-02-26 06:10 --------- d-----w C:\Documents and Settings\@njo\Application Data\Macromedia
2008-02-26 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-26 05:50 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-02-26 05:50 --------- d-----w C:\Program Files\CyberLink
2008-02-26 05:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-26 05:45 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-26 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-26 05:33 --------- d-----w C:\Program Files\Broadcom
2008-02-26 05:10 81,920 ----a-w C:\WINDOWS\system32\VM305STI.dll
2008-02-26 05:10 61,440 ----a-w C:\WINDOWS\VM305_STI.EXE
2008-02-26 05:10 391,688 ----a-w C:\WINDOWS\system32\drivers\usbVM305.sys
2008-02-26 05:10 32,768 ----a-w C:\WINDOWS\Zoom.exe
2008-02-26 05:10 24,576 ----a-w C:\WINDOWS\VMPipe.dll
2008-02-26 05:10 176,128 ----a-w C:\WINDOWS\amcap.exe
2008-02-26 05:10 114,688 ----a-w C:\WINDOWS\VM305Cap.exe
2008-02-26 05:09 11,861 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-02-26 05:09 --------- d-----w C:\Program Files\Atheros
2008-02-26 05:05 --------- d-----w C:\Program Files\Analog Devices
2008-02-26 05:04 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-26 05:04 --------- d-----w C:\Program Files\Common Files\L&H
2008-02-26 05:03 --------- d-----w C:\Program Files\Microsoft Works
2008-02-26 05:03 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-26 04:58 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-26 04:58 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-26 04:56 --------- d-----w C:\Program Files\Nero
2008-02-26 04:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-26 04:35 --------- d-----w C:\Program Files\Intel
2008-02-25 03:54 --------- d-----w C:\Documents and Settings\@njo\Application Data\Identities
2008-02-25 03:50 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-20 03:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-02-20 03:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-02-20 03:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"eozfhtfv"="C:\WINDOWS\system32\ezgzmzef.exe" [2008-04-02 10:39 110592]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 22:39 68856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"eiozgvwm"="C:\WINDOWS\system32\itepadkl.exe" [2008-04-07 00:17 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2002-05-28 08:37 69632]
"ACU"="C:\Program Files\Atheros\acu.exe" [2003-10-27 19:18 1347584]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 17:27 52848]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2008-02-26 13:10 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"12oMUYedTM"= C:\Documents and Settings\All Users\Application Data\elqbyhop\qdopkdiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"= SYNCOR11.DLL
"MSVideo8"= VfWWDM32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2008-02-26 13:10]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-04 20:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 03:48:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 00:17:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-04-07 0:18:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-06 16:18:41
Pre-Run: 30,417,219,584 bytes free
Post-Run: 30,535,131,136 bytes free
.
2008-04-02 03:33:18 --- E O F ---

BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:52 AM

Posted 18 April 2008 - 06:42 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:52 AM

Posted 12 May 2008 - 09:07 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users