Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Log.


  • This topic is locked This topic is locked
3 replies to this topic

#1 zootycoon

zootycoon

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 16 July 2008 - 06:28 PM

um, combofix, hijackthis, can you guys help me out?



ComboFix 08-07-15.4 - Melody 2008-07-16 18:59:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446 [GMT -4:00]
Running from: C:\Documents and Settings\Melody\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Melody\Application Data\macromedia\Flash Player\#SharedObjects\QRD9EJSA\www.broadcaster.com
C:\Documents and Settings\Melody\Application Data\macromedia\Flash Player\#SharedObjects\QRD9EJSA\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Melody\Application Data\macromedia\Flash Player\#SharedObjects\QRD9EJSA\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Melody\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Melody\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-15 22:57 . 2008-07-15 22:57 <DIR> dr-hs---- C:\WINDOWS\BackupFiles
2008-07-15 22:57 . 2008-07-12 19:35 43,264 --a------ C:\WINDOWS\coordPt32.vbe
2008-07-15 22:57 . 2008-07-12 19:35 43,264 --------- C:\WINDOWS\coordPt32.tif
2008-07-15 22:57 . 2008-07-14 23:23 17,207 --a------ C:\WINDOWS\WinLog3.d23
2008-07-15 22:57 . 2008-07-15 21:58 16,384 --a------ C:\WINDOWS\WinKeyF.d23
2008-07-15 22:57 . 2008-07-15 21:58 16,384 --a------ C:\MSStats.d22
2008-07-15 22:57 . 2008-06-13 15:08 16,343 --a------ C:\WINDOWS\WinLog2.d23
2008-07-15 22:57 . 2007-06-10 22:33 15,888 --------- C:\Documents and Settings\Melody\Application Data\UserDataLog.vbe
2008-07-15 22:57 . 2008-07-13 14:53 10,262 -r-hs---- C:\Documents and Settings\Melody\Application Data\WinSetCl.vbe
2008-07-15 22:57 . 2007-06-10 22:33 2,993 --------- C:\WINDOWS\comdial32.ico
2008-07-15 22:57 . 2007-06-10 23:10 2,666 --------- C:\WINDOWS\WINEXCNT.DAT
2008-07-15 22:57 . 2007-11-28 15:23 1,586 --a------ C:\WINDOWS\WinCook.d23
2008-07-15 22:57 . 2007-11-28 15:23 1,586 --a------ C:\MSReport.d22
2008-07-15 22:57 . 2008-07-13 14:53 1,490 -r-hs---- C:\Documents and Settings\Melody\Application Data\MSDatCln.vbe
2008-07-15 22:57 . 2008-07-13 14:53 763 --a------ C:\Documents and Settings\Melody\Application Data\Closer.vbe
2008-07-15 22:57 . 2008-07-13 14:53 520 -r-hs---- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
2008-07-15 22:57 . 2007-01-19 13:32 418 --a------ C:\Documents and Settings\Melody\Application Data\userRorret.bat
2008-07-15 22:57 . 2008-07-13 14:53 148 --------- C:\Documents and Settings\Melody\Application Data\userError.vbe
2008-06-30 12:08 . 2008-06-30 12:09 2,722 --a------ C:\WINDOWS\DevMgr.ini
2008-06-30 12:07 . 2005-07-29 15:58 90,112 --a------ C:\WINDOWS\system32\hpocon09.exe
2008-06-30 12:07 . 2005-07-29 15:58 22,139 --a------ C:\WINDOWS\system32\hpocoi08.dll
2008-06-30 12:07 . 2008-06-30 12:07 20 --a------ C:\WINDOWS\Hposcv07.INI
2008-06-30 12:03 . 2008-06-30 12:06 <DIR> d-------- C:\WINDOWS\AiOTemp
2008-06-30 12:03 . 2005-07-29 15:58 38,912 --a------ C:\WINDOWS\system32\hh.exe
2008-06-27 09:32 . 2008-06-27 09:32 268 --ah----- C:\sqmdata00.sqm
2008-06-27 09:32 . 2008-06-27 09:32 244 --ah----- C:\sqmnoopt00.sqm
2008-06-26 19:13 . 2008-06-27 09:33 <DIR> d-------- C:\Documents and Settings\Melody\Contacts
2008-06-26 19:08 . 2008-06-26 19:11 <DIR> d-------- C:\Program Files\Windows Live
2008-06-26 19:08 . 2008-06-26 19:11 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-26 19:07 . 2008-06-26 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-26 14:20 . 2008-06-26 14:47 23 --a------ C:\WINDOWS\popcinfot.dat
2008-06-24 12:21 . 2008-06-24 12:21 0 --a------ C:\WINDOWS\pcfriend.INI
2008-06-24 12:20 . 2008-06-24 12:21 <DIR> d-------- C:\Program Files\PCFriendly
2008-06-23 14:16 . 2008-06-23 14:16 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-20 13:41 . 2008-06-20 13:41 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 01:10 . 2008-06-20 01:11 <DIR> d-------- C:\Program Files\CDisplay
2008-06-19 16:44 . 2008-06-19 16:44 <DIR> d-------- C:\Program Files\DNA
2008-06-19 16:44 . 2008-06-19 16:44 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-19 16:44 . 2008-07-16 18:59 <DIR> d-------- C:\Documents and Settings\Melody\Application Data\DNA
2008-06-19 09:22 . 2008-06-19 09:22 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-19 09:22 . 2008-06-19 09:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-17 23:04 . 2008-06-17 23:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-17 23:04 . 2008-06-17 23:04 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 22:39 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-16 05:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-16 05:19 --------- d-----w C:\Documents and Settings\Melody\Application Data\AdobeUM
2008-07-12 21:57 --------- d-----w C:\Program Files\Diablo II
2008-07-08 23:57 --------- d-----w C:\Documents and Settings\Melody\Application Data\BitTorrent
2008-07-08 20:39 --------- d-----w C:\Program Files\Counter-Strike 1.6
2008-07-03 17:25 --------- d-----w C:\Documents and Settings\Melody\Application Data\gtk-2.0
2008-06-30 16:06 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-21 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 13:24 --------- d-----w C:\Program Files\QuickTime
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 18:57 --------- d-----w C:\Program Files\Metal Gear Solid
2008-06-09 16:15 --------- d-----w C:\Documents and Settings\Melody\Application Data\Orbit
2008-06-04 18:29 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-06-04 18:02 --------- d-----w C:\Documents and Settings\Melody\Application Data\Uniblue
2008-06-03 07:16 --------- d-----w C:\Program Files\Zone.com Deluxe Games
2008-06-02 21:17 --------- d-----w C:\Documents and Settings\Melody\Application Data\U3
2008-05-20 05:30 --------- d-----w C:\Program Files\Starcraft
2008-05-18 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sprint Mobile Broadband (Pantech)
2008-05-18 22:40 --------- d-----w C:\Program Files\Sprint
2008-05-18 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\eboostr
2008-05-14 15:52 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-14 15:49 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-05-14 15:49 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-05-14 15:49 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-05-14 14:49 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-05-14 14:49 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-29 23:56 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2008-04-29 23:56 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-04-29 23:39 70,144 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-29 23:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-29 23:39 35,328 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-29 23:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-17 23:11 1,112,288 ----a-w C:\WINDOWS\system32\WdfCoInstaller01007.dll
2008-02-04 06:55 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-28 04:47 3,672 -c--a-w C:\Documents and Settings\Melody\Application Data\wklnhst.dat
2005-05-13 22:12 217,073 -csha-r C:\WINDOWS\meta4.exe
2005-10-24 16:13 66,560 -csha-r C:\WINDOWS\MOTA113.exe
2005-10-14 02:27 422,400 -csha-r C:\WINDOWS\x2.64.exe
2005-10-08 00:14 308,224 -csha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 17:31 27,648 -csha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32 616,448 -csha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37 45,568 -csha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 05:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 15:24 2,945,024 -csha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 18:16 240,128 -csha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 05:00 70,656 -csha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-19 16:44 289088]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 14:40 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 14:38 688218]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 16:24 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-11-05 16:52 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 16:54 253952]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 09:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 09:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 09:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 09:00 455168]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 22:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-08-03 11:48 124656]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"ASetupClean"="C:\Documents and Settings\Melody\Application Data\WinSetCl.vbe" [2008-07-13 14:53 10262]
"BSetupClean"="C:\Documents and Settings\Melody\Application Data\MSDatCln.vbe" [2008-07-13 14:53 1490]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 94208 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\Melody\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
HPAiODevice(hp officejet g series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 17:15:00 151552]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-10-03 06:39:00 593920]
restore.bat [2008-03-28 17:09:02 131]
UsrWinDat.vbe [2008-07-13 14:53:08 6248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableTaskMgr"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\hrusso\\half-life\\hl.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\hrusso\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\hrusso\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\hrusso\\half-life 2\\hl2.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\hrusso\\source sdk base\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\eSignal\\winros.exe"=
"C:\\Program Files\\Toblo\\Toblo 1.2.exe"=
"C:\\Program Files\\Marathon\\M1A1\\AlephOne.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Program Files\\Marathon\\Marathon Infinity\\AlephOne.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\hrusso\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo no cd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6999:TCP"= 6999:TCP:Blizzard Downloader
"8594:TCP"= 8594:TCP:BitComet 8594 TCP
"8594:UDP"= 8594:UDP:BitComet 8594 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
S3 incominglove;incominglove;C:\Program Files\incoming love\lala []
S3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP);C:\WINDOWS\system32\DRIVERS\PTDCBus.sys [2007-01-11 04:30]
S3 PTDCMdm;PANTECH PC Card Drivers (UDP);C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys [2007-01-11 04:30]
S3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP);C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys [2007-01-11 04:30]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2cb7e68-b15c-11dc-88b8-00c09fbd5655}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef1af5a4-f015-11db-87b0-00c09fbd5655}]
\Shell\AutoRun\command - E:\LaunchU3.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 22:00:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-16 22:36:30 C:\WINDOWS\Tasks\At1.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:40:13 C:\WINDOWS\Tasks\At10.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:40:13 C:\WINDOWS\Tasks\At11.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:40:13 C:\WINDOWS\Tasks\At12.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:40:13 C:\WINDOWS\Tasks\At13.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:40:13 C:\WINDOWS\Tasks\At14.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:40:13 C:\WINDOWS\Tasks\At15.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:40:13 C:\WINDOWS\Tasks\At16.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:45:06 C:\WINDOWS\Tasks\At17.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:40:14 C:\WINDOWS\Tasks\At18.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:36:31 C:\WINDOWS\Tasks\At2.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:36:31 C:\WINDOWS\Tasks\At3.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:36:31 C:\WINDOWS\Tasks\At4.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:36:31 C:\WINDOWS\Tasks\At5.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:36:31 C:\WINDOWS\Tasks\At6.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:36:31 C:\WINDOWS\Tasks\At7.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:45:03 C:\WINDOWS\Tasks\At8.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 22:36:31 C:\WINDOWS\Tasks\At9.job"
- C:\Documents and Settings\Melody\Application Data\ntuser64.vbe
"2008-07-16 23:05:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{79423A2B-CF5D-4505-BF21-D2A0D0C5DFC0}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Steam - (no file)
HKCU-Run-Aim6 - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 19:04:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????8?2?3?4??P???? ?,?B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\incominglove]
"ImagePath"="\??\C:\Program Files\incoming love\lala"
.
Completion time: 2008-07-16 19:05:46
ComboFix-quarantined-files.txt 2008-07-16 23:05:40

Pre-Run: 19,371,479,040 bytes free
Post-Run: 23,315,894,272 bytes free

304 --- E O F --- 2008-07-09 15:31:35

BC AdBot (Login to Remove)

 


#2 zootycoon

zootycoon
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 16 July 2008 - 06:31 PM

wait, when should i post a combofix log?

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:57 PM

Posted 05 August 2008 - 01:54 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:57 PM

Posted 12 August 2008 - 05:59 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users