Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Peltodgx


  • This topic is locked This topic is locked
1 reply to this topic

#1 redback71

redback71

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 01 October 2008 - 08:12 AM

hi im new here this is my first post.
to begin with i have collected a doozey which i found out to be peltodgx and it caused all havoc with my pc and internect connection. My start programs dissapered my administration setting were changed, i had a new tool bar and then i had no access to my cd drive or my C harddrive there were 3 new programs on my desktop System Error Fixer, Malware Defender and Protect your Privacy. I tried spybot and my avg virus scanner which both identifyed the problems but failed to remove them. I did my research on the offending bugs learnt all about them and what they do and came accross Combofix which was a drawn out process installing on my pc as was windows xp recovery console. one thing i had up my sleeve and thank God for that was my wife has her on user account on the infected pc but she had no addministration but i was able to download both programs to her account then copy them to a usb drive and them copy then to the desktop of my account and then presto i was in action ( believe me that was the only way around it). Any way the pc was restored to normal Ive got the file log which is as follows but I also used microsoft serach and did a search for the PELTODGX file and the System Error Fixer, Malware Defender and Protect your Privacy files and the were still on my pc so I deleted them emptied the trash can cleared all my Internet history and cookies etc and now i cam on here to make a report to see if i did a good job and if anything else need to be done.

The Combofix log is as follows and thanks for a great program and all your help in advance.

ComboFix 08-09-30.03 - David Cefai 2008-10-01 18:57:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2548 [GMT 10:00]
Running from: C:\Documents and Settings\David Cefai\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\David Cefai\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\David Cefai\Application Data\inst.exe
C:\Documents and Settings\Lisa Cefai\Cookies\lisa_cefai@adsfac[1].txt
C:\Documents and Settings\Lisa Cefai\Cookies\lisa_cefai@ths.news.com[1].txt
C:\Documents and Settings\Lisa Cefai\Cookies\lisa_cefai@wt.aafp[1].txt
C:\Documents and Settings\Lisa Cefai\Cookies\lisa_cefai@www.ac.vic.gov[1].txt
C:\Program Files\Need2Find
C:\Program Files\Need2Find\bar\History\search
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\sc.html
C:\WINDOWS\bobsaver.scr
C:\WINDOWS\dfmlxbpktfo.dll
C:\WINDOWS\elsv.exe
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\rwlfsdmk.dll
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\awttUoOG.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\fccdddET.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\Memman.vxd
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\skinboxer43.dll
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\TEdddccf.ini
C:\WINDOWS\system32\TEdddccf.ini2
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wdionmyi.ini
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.

2008-10-01 19:09 . 2008-10-01 19:09 121 ---hs---- C:\WINDOWS\system32\wdionmyi.ini
2008-10-01 17:23 . 2008-10-01 17:23 <DIR> d-------- C:\Documents and Settings\Lisa Cefai\Application Data\Windows Search
2008-09-30 18:50 . 2008-09-30 18:50 79,488 --a------ C:\WINDOWS\system32\iymnoidw.dll
2008-09-30 18:42 . 2008-09-30 18:42 94,208 --a------ C:\WINDOWS\system32\ingrwzqd.exe
2008-09-30 18:40 . 2008-09-30 14:13 86,016 --a------ C:\WINDOWS\fbxrqtwn.exe
2008-09-28 13:35 . 2008-09-28 13:35 <DIR> d-------- C:\Documents and Settings\David Cefai\Application Data\NCH Software
2008-09-28 13:32 . 2008-09-28 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-09-28 13:31 . 2008-09-28 13:35 <DIR> d-------- C:\Program Files\NCH Software
2008-09-23 19:06 . 2008-09-23 19:06 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-23 18:14 . 2008-09-23 18:14 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-09-23 18:14 . 2008-09-30 18:20 <DIR> d-------- C:\Documents and Settings\David Cefai\Application Data\Vso
2008-09-23 18:14 . 2008-09-23 18:14 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-23 18:14 . 2008-09-23 18:14 47,360 --a------ C:\Documents and Settings\David Cefai\Application Data\pcouffin.sys
2008-09-20 16:22 . 2008-09-20 16:34 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-09-20 16:22 . 2008-09-20 16:23 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{436FF568-C03A-41B5-B97A-23CADCB7E6C9}
2008-09-20 15:17 . 2008-09-20 15:17 <DIR> d-------- C:\Program Files\iTunes
2008-09-20 15:17 . 2008-09-20 15:17 <DIR> d-------- C:\Program Files\iPod
2008-09-20 15:17 . 2008-09-20 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-20 15:01 . 2008-09-20 15:01 <DIR> d-------- C:\Program Files\Safari
2008-09-20 14:58 . 2008-09-20 14:58 <DIR> d-------- C:\Program Files\Bonjour
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-04 11:18 . 2008-09-04 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 08:52 --------- d-----w C:\Documents and Settings\David Cefai\Application Data\Skype
2008-10-01 02:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-01 00:26 --------- d-----w C:\Program Files\SpywareBlaster
2008-09-28 15:39 --------- d-----w C:\Documents and Settings\David Cefai\Application Data\uTorrent
2008-09-28 03:11 --------- d-----w C:\Documents and Settings\David Cefai\Application Data\Azureus
2008-09-23 09:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-20 05:38 --------- d-----w C:\Program Files\Apple Software Update
2008-09-20 05:34 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-09-20 05:20 --------- d-----w C:\Documents and Settings\David Cefai\Application Data\Apple Computer
2008-09-20 05:15 --------- d-----w C:\Program Files\QuickTime
2008-09-20 05:15 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-13 08:06 --------- d-----w C:\Program Files\DivX
2008-09-12 14:24 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-23 16:56 --------- d-----w C:\Program Files\Starcraft
2008-08-20 05:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-19 01:19 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 07:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-12 11:39 --------- d-----w C:\Documents and Settings\Lisa Cefai\Application Data\Windows Desktop Search
2008-08-12 05:11 --------- d-----w C:\Program Files\XviD
2008-08-11 14:23 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-08-10 04:31 --------- d-----w C:\Program Files\Conduit
2008-08-10 04:11 --------- d-----w C:\Program Files\Yahoo!
2008-08-10 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-10 02:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-09 03:28 --------- d-----w C:\Documents and Settings\David Cefai\Application Data\Windows Search
2008-08-09 03:27 --------- d-----w C:\Documents and Settings\David Cefai\Application Data\Windows Desktop Search
2008-08-09 03:25 --------- d-----w C:\Program Files\Windows Desktop Search
2008-08-08 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-08-07 14:02 --------- d-----w C:\Program Files\RealArcade
2008-08-02 13:26 --------- d-----w C:\Program Files\uTorrent
2008-02-15 12:37 36,872 ----a-w C:\Documents and Settings\Lisa Cefai\Application Data\GDIPFONTCACHEV1.DAT
2008-01-18 01:35 36,872 ----a-w C:\Documents and Settings\David Cefai\Application Data\GDIPFONTCACHEV1.DAT
2006-07-08 02:59 349 ----a-w C:\Program Files\INSTALL.LOG
2006-03-01 05:45 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2003-12-18 01:33 20,102 ----a-w C:\Program Files\Readme.txt
2003-09-02 21:46 10,960 ----a-w C:\Program Files\EULA.txt
2007-02-22 13:02 56 --sh--r C:\WINDOWS\system32\761E0CA6DC.sys
2007-02-22 13:02 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cacheman"="C:\PROGRA~1\Cacheman\Cacheman.exe" [2003-07-31 1290752]
"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"shapp"="C:\WINDOWS\system32\ingrwzqd.exe" [2008-09-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2005-08-30 106496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]
"fcbe75f2"="C:\WINDOWS\system32\iymnoidw.dll" [2008-09-30 79488]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe]
"WinFast2KLoadDefault"="wf2kcpl.dll" [2005-08-24 C:\WINDOWS\system32\WF2KCPL.dll]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\David Cefai\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-03-03 45056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.dvsd"= pdvcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^David Cefai^Start Menu^Programs^Startup^Webshots.lnk]
backup=C:\WINDOWS\pss\Webshots.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mp4 Player

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 22:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2003-10-31 18:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-25 13:28 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-15 17:59 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2008-08-16 00:52 267056 C:\Program Files\uTorrent\utorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2005-08-15 16:43 319488 C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFoxV2]
--a------ 2005-08-26 08:38 1310720 C:\WINDOWS\system32\Wf2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
--a------ 2008-08-16 00:52 267056 C:\Program Files\uTorrent\utorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\My Games\\Final Fighter\\FinalFighter.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4 Demo\\Civilization4.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 UGURU;UGURU;C:\WINDOWS\system32\drivers\uGuru.sys [2005-03-31 14848]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-13 97928]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-13 231704]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-12 2304]
R4 WINFOXIO;WINFOXIO;C:\WINDOWS\system32\Drivers\WINFOXIO.SYS [2005-03-25 9600]
S3 jnv4_mib;jnv4_mib;C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\jnv4_mib.sys [ ]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [ ]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{84329D0B-677A-4C77-B492-9A1EDCAAB9CC} - C:\WINDOWS\system32\fccdddET.dll
BHO-{C2503670-6D0E-4662-AC65-EFA76E33056C} - C:\WINDOWS\system32\awttUoOG.dll
Toolbar-{C01D990F-AB58-4AB5-B617-C2E4E7961434} - C:\WINDOWS\peltodgx.dll
ShellExecuteHooks-{C2503670-6D0E-4662-AC65-EFA76E33056C} - C:\WINDOWS\system32\awttUoOG.dll
MSConfigStartUp-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://au.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: &Webshots Photo Search - C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 19:09:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\wdionmyi.ini 121 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\iymnoidw.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-10-01 19:15:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-01 09:15:07

Pre-Run: 69,610,766,336 bytes free
Post-Run: 69,843,988,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

341 --- E O F --- 2008-09-12 13:36:04

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:06:40 PM

Posted 01 October 2008 - 08:33 AM

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users