Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Closing Randomly


  • This topic is locked This topic is locked
1 reply to this topic

#1 vodkajerry10

vodkajerry10

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 25 September 2008 - 07:33 PM

I recently got my computer infected and after trying various things to get rid of it with no success.

I keep getting random pop ups when imnot even using the internet but am connected andmy IE just closes randomly. I also get the microsoft phishing filter just randomly pop up. I have tried adaware and it said it got rid of some stuff but to noavailmy problems persist. I also downloaded super anti-spyware andwas not successfull in cleaning my computer. Last thing i tried was combofix and here are the result. Any help is greatly appreciated!

ComboFix 08-09-24.01 - Gerardo Noriega 2008-09-24 12:52:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1323 [GMT -5:00]
Running from: C:\Documents and Settings\Gerardo Noriega\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gerardo Noriega\Cookies\gerardo_noriega@turn[2].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\vFoM4Nmq.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.

2008-09-23 23:51 . 2008-09-23 23:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-23 23:51 . 2008-09-23 23:51 <DIR> d-------- C:\Documents and Settings\Gerardo Noriega\Application Data\SUPERAntiSpyware.com
2008-09-23 23:51 . 2008-09-23 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-23 20:24 . 2008-09-23 20:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-23 20:24 . 2008-09-23 20:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-23 20:23 . 2008-09-23 23:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-23 18:23 . 2008-09-23 18:23 0 --a------ C:\WINDOWS\system32\2f8mJn10.exe.a_a
2008-09-22 18:29 . 2008-09-24 01:29 39,426 --a------ C:\WINDOWS\system32\2f8mJn10.exe
2008-09-22 00:02 . 2008-09-22 00:01 30,272 --a------ C:\WINDOWS\system32\Em5uPvXn.exe
2008-09-22 00:02 . 2008-09-22 00:02 0 --a------ C:\WINDOWS\system32\Em5uPvXn.exe.a_a
2008-08-25 20:45 . 2008-07-30 17:25 <DIR> d-------- C:\Program Files\VDJPRO.S.GR_v5.2
2008-08-25 18:02 . 2008-01-25 12:31 80,384 --a------ C:\WINDOWS\system32\HerculesDJDevices.dll
2008-08-25 18:01 . 2008-08-25 18:01 <DIR> d-------- C:\Program Files\Hercules
2008-08-25 18:01 . 2007-11-06 17:52 102,400 --a------ C:\WINDOWS\system32\HDJSeries.cpl
2008-08-25 17:53 . 2008-04-15 12:10 131,456 --a------ C:\WINDOWS\system32\drivers\HDJAsioK.sys
2008-08-25 17:53 . 2008-06-02 11:48 82,304 --a------ C:\WINDOWS\system32\drivers\HDJMidi.sys
2008-08-25 17:53 . 2008-01-25 12:37 73,728 --a------ C:\WINDOWS\system32\HDJAsioCpl.dll
2008-08-25 17:53 . 2008-05-07 13:56 54,784 --a------ C:\WINDOWS\system32\HDJAsiou.dll
2008-08-25 17:53 . 2008-08-25 17:53 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-25 17:53 . 2008-08-25 17:53 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_HDJBulk_01005.Wdf
2008-08-25 17:53 . 2008-08-25 17:53 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_HDJAsioK_01005.Wdf
2008-08-25 17:52 . 2006-11-02 08:09 1,419,232 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-08-25 17:52 . 2008-01-23 12:24 29,312 --a------ C:\WINDOWS\system32\drivers\HDJBulk.sys
2008-08-25 17:51 . 2008-08-25 17:51 <DIR> d-------- C:\Program Files\Guillemot
2008-08-25 17:51 . 2008-05-26 15:19 188,416 --a------ C:\WINDOWS\system32\HDJAPI.dll
2008-08-25 17:51 . 2008-05-26 15:19 106,496 --a------ C:\WINDOWS\system32\HRFDongle.dll
2008-08-25 17:51 . 2008-04-28 11:29 27,136 --a------ C:\WINDOWS\system32\HDJSAPI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 17:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-18 00:28 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2008-09-01 21:11 --------- d-----w C:\Program Files\Soulseek
2008-08-26 02:07 --------- d-----w C:\Program Files\VirtualDJ
2008-08-25 23:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-25 23:01 --------- d-----w C:\Documents and Settings\Gerardo Noriega\Application Data\InstallShield
2008-08-21 00:37 --------- d-----w C:\Program Files\Axis Communications
2008-08-20 21:05 --------- d-----w C:\Program Files\Download Direct
2008-08-20 20:21 --------- d-----w C:\Program Files\My-Proxy
2008-08-11 01:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-04 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-31 06:12 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-30 22:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 22:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 22:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-30 01:27 16,694,531 ----a-w C:\Program Files\virtualdj.exe
2008-07-27 19:50 --------- d-----w C:\Program Files\Ares
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 23:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 15:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-25 03:42 0 ----a-w C:\Documents and Settings\Gerardo Noriega\Application Data\wklnhst.dat
2007-05-21 02:45 441,768 -c--a-w C:\Program Files\switchsetup.exe
2007-05-21 02:38 2,228,534 -c--a-w C:\Program Files\audacity-win-1.2.6.exe
2007-05-20 20:46 6,221,304 -c--a-w C:\Program Files\winamp535_full_emusic-7plus.exe
2007-04-04 00:17 73,368 ----a-w C:\Program Files\MySpaceIM_Setup.exe
2007-03-14 02:32 11,522,378 -c--a-w C:\Program Files\RS2PP7.rar
2007-03-14 01:21 1,035,271 -c--a-w C:\Program Files\wrar362.exe
2007-03-09 00:09 896,469 -c--a-w C:\Program Files\ie3270xp.exe
2007-03-08 03:10 1,606,064 -c--a-w C:\Program Files\googletalk-setup.exe
2007-02-14 20:36 520,976 -c--a-w C:\Program Files\setup.exe
2007-02-06 20:39 15,505,200 -c--a-w C:\Program Files\IE7-WindowsXP-x86-enu.exe
2007-01-19 09:52 6,059,008 -c--a-w C:\Program Files\mp3mymp3install2.exe
2007-01-17 02:37 66,960 ----a-w C:\Documents and Settings\Gerardo Noriega\Application Data\GDIPFONTCACHEV1.DAT
2007-01-17 01:58 2,237,968 -c--a-w C:\Program Files\nipp.exe
2006-11-29 00:42 39,629,592 -c--a-w C:\Program Files\Xenomorph_slim.exe
2006-11-29 00:24 17,177,896 -c--a-w C:\Program Files\Install_Messenger.exe
2006-11-29 00:09 433,192 -c--a-w C:\Program Files\msgr8us.exe
2006-11-28 00:30 6,653,000 -c--a-w C:\Program Files\winamp532_full_emusic-7plus.exe
2006-10-03 07:43 2,402,550 -c--a-w C:\WINDOWS\inf\SET859.tmp
2006-03-16 04:00 1,431,144 -c--a-w C:\WINDOWS\inf\SET8CC.tmp
.

((((((((((((((((((((((((((((( snapshot@2008-08-17_18.51.01.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-16 00:19:39 167,936 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-09-10 22:52:21 167,936 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-08-16 00:19:39 2,560 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-09-10 22:52:21 2,560 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-08-16 00:19:38 34,304 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-09-10 22:52:21 34,304 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-08-16 00:19:39 8,192 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-09-10 22:52:21 8,192 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-08-16 00:19:39 3,584 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-09-10 22:52:21 3,584 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-08-16 00:19:39 114,688 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-09-10 22:52:21 114,688 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-08-16 00:19:38 16,384 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-09-10 22:52:21 16,384 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-08-16 00:19:38 30,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-09-10 22:52:21 30,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-08-16 00:19:39 22,528 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-09-10 22:52:21 22,528 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-08-16 00:19:38 45,056 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-09-10 22:52:21 45,056 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-08-16 00:19:38 90,112 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-09-10 22:52:21 90,112 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2008-08-16 00:18:51 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-09-10 22:53:51 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-08-16 00:18:51 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-09-10 22:53:51 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-16 00:18:51 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-09-10 22:53:51 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-08-16 00:18:51 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-09-10 22:53:51 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-08-16 00:18:51 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-09-10 22:53:51 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-08-16 00:18:51 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-09-10 22:53:52 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-08-16 00:18:51 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-09-10 22:53:51 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-16 00:18:51 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-09-10 22:53:52 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-08-16 00:18:51 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-09-10 22:53:51 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-08-16 00:18:50 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-09-10 22:53:51 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-09-24 04:51:45 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-24 04:51:45 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-09-24 01:14:31 96,256 ----a-w C:\WINDOWS\Installer\atl80.dll
+ 2008-09-24 01:14:32 159,168 ----a-w C:\WINDOWS\Installer\libexpat.dll
+ 2008-09-24 01:14:32 1,101,824 ----a-w C:\WINDOWS\Installer\mfc80.dll
+ 2008-09-24 01:14:32 1,093,120 ----a-w C:\WINDOWS\Installer\mfc80u.dll
+ 2008-09-24 01:14:32 69,632 ----a-w C:\WINDOWS\Installer\mfcm80.dll
+ 2008-09-24 01:14:32 57,856 ----a-w C:\WINDOWS\Installer\mfcm80u.dll
+ 2008-09-24 01:14:32 479,232 ----a-w C:\WINDOWS\Installer\msvcm80.dll
+ 2008-09-24 01:14:32 548,864 ----a-w C:\WINDOWS\Installer\msvcp80.dll
+ 2008-09-24 01:14:32 626,688 ----a-w C:\WINDOWS\Installer\msvcr80.dll
+ 2008-09-24 01:14:32 24,576 ----a-w C:\WINDOWS\Installer\nlsdl.dll
+ 2008-09-24 01:14:35 126,208 ----a-w C:\WINDOWS\Installer\TmDbg32.dll
- 2004-08-04 07:56:44 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ksuser.dll
+ 2004-08-04 05:56:44 4,096 ----a-w C:\WINDOWS\system32\dllcache\ksuser.dll
+ 2008-04-29 16:19:50 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
+ 2008-04-29 16:19:54 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
+ 2008-04-29 16:20:00 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2006-11-02 12:22:54 492,000 ------w C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2006-11-02 12:22:52 32,224 ------w C:\WINDOWS\system32\drivers\wdfldr.sys
+ 2008-01-25 17:37:14 73,728 -c--a-w C:\WINDOWS\system32\DRVSTORE\HDJAsioK_B24E834DE39995D6A1398B31A4D5C67014A16877\x86\HDJAsioCpl.dll
+ 2008-04-15 17:10:54 131,456 -c--a-w C:\WINDOWS\system32\DRVSTORE\HDJAsioK_B24E834DE39995D6A1398B31A4D5C67014A16877\x86\HDJAsioK.sys
+ 2008-05-07 18:56:46 54,784 -c--a-w C:\WINDOWS\system32\DRVSTORE\HDJAsioK_B24E834DE39995D6A1398B31A4D5C67014A16877\x86\HDJAsiou.dll
+ 2008-01-25 17:31:46 80,384 -c--a-w C:\WINDOWS\system32\DRVSTORE\HDJAsioK_B24E834DE39995D6A1398B31A4D5C67014A16877\x86\HerculesDJDevices.dll
+ 2006-11-02 13:09:50 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\HDJAsioK_B24E834DE39995D6A1398B31A4D5C67014A16877\x86\WdfCoInstaller01005.dll
+ 2008-01-23 17:24:28 29,312 -c--a-w C:\WINDOWS\system32\DRVSTORE\HDJBulk_B24E834DE39995D6A1398B31A4D5C67014A16877\x86\HDJBulk.sys
+ 2006-11-02 13:09:50 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\HDJBulk_B24E834DE39995D6A1398B31A4D5C67014A16877\x86\WdfCoInstaller01005.dll
+ 2008-06-02 16:48:50 82,304 -c--a-w C:\WINDOWS\system32\DRVSTORE\HDJMidi_B24E834DE39995D6A1398B31A4D5C67014A16877\x86\HDJMidi.sys
- 2004-08-04 07:56:44 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2004-08-04 05:56:44 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2008-05-16 16:58:04 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
- 2008-08-05 18:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-10-16 22:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-09 02:51:14 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-12-02 03:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 05:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 05:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 05:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 15360]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 961536]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"AOL Fast Start"="C:\PROGRA~1\AMERIC~2.0\AOL.EXE" [2005-07-12 50776]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"iPrint Tray"="C:\WINDOWS\system32\iprntctl.exe" [2006-05-25 40960]
"iPrint Event Monitor"="C:\WINDOWS\system32\iprntlgn.exe" [2006-05-25 45056]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-08 185896]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Hercules DJ Series"="C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe" [2008-06-04 476456]
"MsmqIntCert"="mqrt.dll" [2007-07-06 C:\WINDOWS\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

C:\Documents and Settings\Gerardo Noriega\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Alienware Dock.lnk - C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe [2006-11-28 2074360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2006-11-25 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-12 07:17 50776 C:\PROGRA~1\AMERIC~2.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 07:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-07-16 16:54 961536 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 19:52 50736 C:\Program Files\Common Files\AOL\1164844561\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-06-19 13:33 163840 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-07-19 17:14 102400 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-04-08 18:49 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 17:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 nipplpt2;Novell iCapture Lpt Redirector 2;C:\WINDOWS\system32\drivers\nipplpt.sys [2006-06-14 34671]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 61952]
S3 Bulk;HDJBulk;C:\WINDOWS\system32\Drivers\HDJBulk.sys [2008-01-23 29312]
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys [2004-09-07 828224]
S3 HDJAsioK;HDJAsioK;C:\WINDOWS\system32\Drivers\HDJAsioK.sys [2008-04-15 131456]
S3 HDJMidi;Hercules DJ Console Rmx MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2008-06-02 82304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2390bd41-1e2e-11dd-9fe5-00038a000015}]
\Shell\AutoRun\command - wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2859c85b-bd3e-11db-9f08-00038a000015}]
\Shell\AutoRun\command - F:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{807587f8-4bc3-11dd-a016-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b050b168-f642-11dc-9f8f-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b050b169-f642-11dc-9f8f-00038a000015}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c758d630-47df-11dd-a012-00038a000015}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DLD.EXE - C:\Program Files\Download Direct\DLD.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Gerardo Noriega\Application Data\Mozilla\Firefox\Profiles\jb567mp1.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 12:57:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???@^??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-24 13:00:19
ComboFix-quarantined-files.txt 2008-09-24 17:59:36
ComboFix2.txt 2008-08-17 23:52:01

Pre-Run: 46,169,653,248 bytes free
Post-Run: 46,788,808,704 bytes free

360 --- E O F --- 2008-09-10 22:57:22

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:12:01 AM

Posted 25 September 2008 - 09:58 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users