Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected to ecata.info


  • This topic is locked This topic is locked
2 replies to this topic

#1 anshome

anshome

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 09 January 2009 - 04:23 PM

Hi Im having problems with my computer, Everytime I use Internet explorer eg Google and do a search it takes me off though some other website called ecata.info and I can end up anywhere, I have been trying to run all diffrant programs to get rid of it but nothing seems to pick it up. I have been trying to read up about it on the net and I found a post on your website about the same thing, I did the same steps as you told the other person and I have now got a log report from comboFix, Can anyone see anything rong with it.

ComboFix 09-01-08.05 - Andy 2009-01-09 20:59:32.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.425 [GMT 0:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\program files\videosoft
c:\program files\videosoft\Uninstall.exe
C:\resycled
c:\resycled\boot.com
c:\windows\system32\drivers\msqpdxnsibmnre.sys
c:\windows\system32\msqpdxetecfqxy.dll
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS
-------\Service_MSQPDXSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-09 08:28 . 2009-01-09 08:28 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-09 08:28 . 2009-01-09 08:28 <DIR> d-------- c:\documents and settings\Andy\Application Data\SUPERAntiSpyware.com
2009-01-09 08:27 . 2009-01-09 08:27 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-08 14:28 . 2009-01-08 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-07 19:40 . 2009-01-07 19:40 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-05 20:41 . 2009-01-05 20:41 <DIR> d-------- c:\documents and settings\Andy\.housecall6.6
2009-01-05 20:33 . 2009-01-05 20:33 <DIR> d-------- c:\documents and settings\Andy\Application Data\HouseCall 6.6
2009-01-05 20:31 . 2009-01-05 20:31 <DIR> d-------- c:\windows\Sun
2008-12-30 20:50 . 2003-12-12 16:06 1,693,696 --a------ c:\windows\system32\ltclr13n.dll
2008-12-30 20:50 . 2003-11-04 15:11 155,648 --a------ c:\windows\system32\lftif13n.dll
2008-12-30 20:50 . 2003-11-04 15:10 98,304 --a------ c:\windows\system32\lffax13n.dll
2008-12-30 20:49 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-30 20:49 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-30 20:49 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-30 20:49 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-30 20:49 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-30 20:49 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-30 20:49 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-30 20:49 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-30 11:35 . 2008-12-30 11:35 <DIR> d-------- c:\program files\Common Files\snp2uvc
2008-12-30 11:21 . 2008-04-13 18:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-30 11:21 . 2008-04-13 18:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-12-30 11:20 . 2008-12-30 11:20 <DIR> d-------- c:\windows\SUYIN NB Cam
2008-12-30 11:20 . 2008-12-30 11:20 <DIR> d-------- c:\documents and settings\Andy\Application Data\InstallShield
2008-12-30 11:20 . 2007-02-07 18:35 1,729,152 --a------ c:\windows\system32\drivers\snp2uvc.sys
2008-12-30 11:20 . 2006-11-07 15:17 286,720 --a------ c:\windows\system32\vsnp2uvc.dll
2008-12-30 11:20 . 2007-04-02 18:40 172,032 --a------ c:\windows\system32\rsnp2uvc.dll
2008-12-30 11:20 . 2005-11-23 13:55 53,248 --a------ c:\windows\system32\csnp2uvc.dll
2008-12-30 11:20 . 2007-04-24 11:49 45,056 --a------ c:\windows\PLFSet.dll
2008-12-30 11:20 . 2006-12-28 11:21 27,904 --a------ c:\windows\system32\drivers\sncduvc.sys
2008-12-29 19:45 . 2008-12-29 19:45 <DIR> d-------- c:\documents and settings\Andy\Application Data\Skinux
2008-12-29 19:41 . 2008-12-29 19:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-29 19:37 . 2008-12-29 19:37 <DIR> d-------- c:\program files\Kodak
2008-12-29 19:37 . 2008-12-29 19:37 <DIR> d-------- c:\program files\Common Files\Kodak
2008-12-29 19:33 . 2008-12-29 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kodak
2008-12-28 17:49 . 2008-12-28 17:49 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-24 21:07 . 2008-12-24 21:07 <DIR> d-------- c:\documents and settings\Andy\Application Data\Canon
2008-12-24 21:05 . 2008-12-24 21:05 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2008-12-24 21:05 . 2008-12-24 21:05 <DIR> d-------- c:\documents and settings\Andy\Application Data\ScanSoft
2008-12-24 21:05 . 2008-12-24 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2008-12-24 21:05 . 2008-12-24 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-12-24 21:05 . 2008-12-24 21:05 412 --a------ c:\windows\MAXLINK.INI
2008-12-24 21:04 . 2008-12-24 21:04 <DIR> d-------- c:\program files\ScanSoft
2008-12-24 20:58 . 2008-12-24 20:58 <DIR> d-------- c:\program files\Canon
2008-12-22 21:00 . 2008-12-22 21:00 <DIR> d-------- c:\program files\Google
2008-12-21 00:24 . 2008-12-21 00:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-21 00:11 . 2008-12-21 00:11 <DIR> d-------- c:\program files\Bonjour
2008-12-21 00:00 . 2008-12-21 00:00 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-18 23:06 . 2008-12-18 23:06 <DIR> d--hs---- c:\windows\ftpcache
2008-12-18 23:06 . 2008-12-18 23:06 <DIR> d-------- c:\program files\Rapid PHP 2008
2008-12-18 23:06 . 2008-12-18 23:06 <DIR> d-------- c:\documents and settings\Andy\Application Data\Blumentals
2008-12-18 22:03 . 2008-12-18 22:03 <DIR> d-------- c:\documents and settings\Andy\Application Data\CoreFTP
2008-12-18 22:00 . 2008-12-18 22:00 <DIR> d-------- c:\program files\CoreFTP
2008-12-16 11:25 . 2008-12-16 11:25 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2008-12-16 11:24 . 2007-03-18 20:00 215,040 --a------ c:\windows\system32\CNMLM8T.DLL
2008-12-16 11:23 . 2008-04-13 18:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-16 11:23 . 2008-04-13 18:47 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-12-16 11:22 . 2008-04-13 18:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-16 11:22 . 2008-04-13 18:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-12-16 11:20 . 2004-08-10 20:00 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-12-16 11:20 . 2004-08-10 20:00 31,616 --a------ c:\windows\system32\dllcache\usbccgp.sys
2008-12-14 13:32 . 2008-12-14 13:33 <DIR> d-------- c:\program files\SonicWallES
2008-12-14 09:42 . 2009-01-08 18:51 7,733 --a------ C:\rollback.ini
2008-12-14 05:31 . 2008-12-30 11:36 1,245,184 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-14 05:31 . 2008-12-30 11:36 3,404 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-14 05:28 . 2008-12-14 05:28 <DIR> d-------- c:\program files\Zone Labs
2008-12-14 05:28 . 2008-12-14 05:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\MailFrontier
2008-12-14 05:27 . 2008-12-14 05:27 <DIR> d-------- c:\windows\Internet Logs
2008-12-14 05:24 . 2008-12-14 05:24 <DIR> d--hs---- C:\Recycled
2008-12-14 05:19 . 2008-12-14 05:19 2 --a------ c:\windows\msoffice.ini
2008-12-14 05:12 . 2008-12-14 05:12 92 --a------ c:\windows\GridV.UNI
2008-12-14 05:08 . 2006-06-13 14:42 602,112 --a------ c:\windows\system32\Acer.Empowering.Windows.Forms_v820.dll
2008-12-14 05:07 . 2006-06-01 20:47 1,168,896 --a------ c:\windows\system32\ERUpdateHidden.EXE
2008-12-14 05:07 . 2006-03-23 12:02 258,048 --a------ c:\windows\system32\Uninstall_eRecovery.exe
2008-12-14 05:07 . 2006-03-30 13:06 258,048 --a------ c:\windows\system32\CheckD2DSystem.exe
2008-12-14 05:07 . 2004-11-03 09:06 159,744 --a------ c:\windows\system32\CloseProcessWindow.dll
2008-12-14 05:07 . 2005-12-09 09:12 16,384 --a------ c:\windows\system32\ClearEvent.exe
2008-12-14 05:07 . 2006-02-24 11:28 552 --a------ c:\windows\system32\setup.iss
2008-12-14 04:54 . 2008-12-14 04:54 <DIR> d-------- c:\program files\Launch Manager
2008-12-14 04:54 . 2008-12-14 04:54 83 --a------ c:\windows\LManager.UNI
2008-12-14 04:53 . 2008-12-14 04:53 <DIR> d-------- c:\program files\Synaptics
2008-12-14 04:53 . 2006-03-03 12:52 192,672 --a------ c:\windows\system32\drivers\SynTP.sys
2008-12-14 04:53 . 2006-03-03 12:55 114,688 --a------ c:\windows\system32\SynCtrl.dll
2008-12-14 04:53 . 2006-03-03 12:55 94,298 --a------ c:\windows\system32\SynTPAPI.dll
2008-12-14 04:53 . 2006-03-03 12:55 82,013 --a------ c:\windows\system32\SynCOM.dll
2008-12-14 04:53 . 2006-03-03 13:10 81,920 --a------ c:\windows\system32\SynTPCo2.dll
2008-12-14 04:53 . 2006-03-03 13:08 69,722 --a------ c:\windows\system32\SynTPFcs.dll
2008-12-14 04:49 . 2005-09-14 17:03 53,248 --a------ c:\windows\system32\acpimof.dll
2008-12-14 04:49 . 2006-02-16 15:39 45,056 --a------ c:\windows\system32\Epm-Po.dll
2008-12-14 04:48 . 2006-05-16 03:04 2,879,488 --a------ c:\windows\SkyTel.exe
2008-12-14 04:48 . 2005-10-31 03:17 135,168 --a------ c:\windows\system32\RtlCPAPI.dll
2008-12-14 04:48 . 2005-05-03 03:43 69,632 --a------ c:\windows\Alcmtr.exe
2008-12-14 04:47 . 2006-09-28 12:58 <DIR> d-------- c:\documents and settings\Andy\Application Data\You've Got Pictures Screensaver
2008-12-14 04:47 . 2006-06-01 16:41 <DIR> d-------- c:\documents and settings\Andy\Application Data\ATI
2008-12-14 04:47 . 2006-09-28 12:58 <DIR> d-------- c:\documents and settings\Andy\Application Data\AOL
2008-12-14 04:47 . 2008-12-14 04:47 <DIR> d-------- c:\documents and settings\Andy
2008-12-14 04:46 . 2006-09-28 12:58 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-12-14 04:46 . 2006-06-01 16:41 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\ATI
2008-12-14 04:46 . 2006-09-28 12:58 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AOL
2008-12-14 02:39 . 2008-12-14 02:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-14 02:38 . 2008-12-14 02:38 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-12-14 02:31 . 2008-12-14 02:31 <DIR> d-------- c:\program files\Elaborate Bytes
2008-12-14 02:20 . 2008-12-14 02:20 <DIR> d-------- c:\program files\Windows Defender
2008-12-14 02:10 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-12-14 02:10 . 2008-12-14 02:13 376 --a------ c:\windows\ODBC.INI
2008-12-14 02:09 . 2008-12-14 02:09 <DIR> d-------- c:\windows\SHELLNEW
2008-12-14 02:09 . 2008-12-14 02:09 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-14 02:09 . 2008-12-14 02:09 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-12-14 01:51 . 2008-12-14 01:51 <DIR> d-------- c:\documents and settings\Andy\Application Data\Azureus
2008-12-14 01:51 . 2008-12-14 01:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-12-14 01:50 . 2008-12-14 01:51 <DIR> d-------- c:\program files\Vuze
2008-12-14 01:50 . 2008-12-14 01:50 <DIR> d-------- c:\program files\Java
2008-12-14 01:50 . 2009-01-07 19:40 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-14 01:22 . 2008-12-14 01:22 <DIR> d-------- c:\documents and settings\Andy\Application Data\MailFrontier
2008-12-14 01:15 . 2008-10-09 14:25 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2008-12-14 01:08 . 2008-12-14 01:08 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-14 01:06 . 2008-12-14 01:06 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-14 01:06 . 2008-12-14 01:06 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-14 00:47 . 2008-10-16 20:38 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-12-14 00:47 . 2008-10-16 20:38 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-14 00:46 . 2008-10-16 20:38 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-12-14 00:46 . 2007-04-17 09:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-14 00:46 . 2007-03-08 05:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-14 00:46 . 2008-10-16 20:38 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-14 00:46 . 2008-10-16 20:38 267,776 --------- c:\windows\system32\dllcache\iertutil.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 13:39 154,897 ------w c:\windows\Internet Logs\vsmon_2nd_2008_12_29_13_39_18_small.dmp.zip
2008-12-21 15:11 157,436 ------w c:\windows\Internet Logs\vsmon_2nd_2008_12_21_15_11_42_small.dmp.zip
2008-12-14 20:16 402,432 ------w c:\windows\Internet Logs\xDB2.tmp
2008-12-14 02:59 562,176 ------w c:\windows\Internet Logs\xDB1.tmp
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:12 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-09 14:25 73,104 ----a-w c:\windows\zllsputility.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 421888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Andy^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Andy\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 c:\acer\Empowering Technology\ePresentation\ePresentation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 11:12 90112 c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2006-04-14 22:35 53248 c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
--a------ 2006-03-15 22:12 579584 c:\acer\Empowering Technology\ePower\Boot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2007-04-03 16:50 1603152 c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 13:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-06-01 14:40 413696 c:\acer\Empowering Technology\eRecovery\eRAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-10 20:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-06-23 06:59 602112 c:\progra~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-10 20:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2007-02-04 12:02 79400 c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-10 20:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-10 20:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-09-28 12:57 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 09:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-07 19:40 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-03 13:07 761946 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2005-04-12 15:27 45056 c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 03:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-27 23:54 16248320 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 03:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S4 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S4 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a2ff348-c999-11dd-8432-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a2ff349-c999-11dd-8432-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
\Shell\Open\command - d:\resycled\boot.com d:
.
Contents of the 'Scheduled Tasks' folder

2008-12-29 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-14 00:12]

2009-01-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 21:07:04
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Andy\LOCALS~1\Temp\msqpdx000 0 bytes
c:\docume~1\Andy\LOCALS~1\Temp\WER9abe.dir00\`   c 7569408 bytes
c:\docume~1\Andy\LOCALS~1\Temp\WER9abe.dir00\t 7307264 bytes
c:\docume~1\Andy\LOCALS~1\Temp\WER9abe.dir00\n 3375104 bytes
c:\docume~1\Andy\LOCALS~1\Temp\WER9abe.dir00\d 3637248 bytes
c:\docume~1\Andy\LOCALS~1\Temp\WER9abe.dir00\a 3833856 bytes
c:\docume~1\Andy\LOCALS~1\Temp\WER9abe.dir00\h   " 6914048 bytes
c:\docume~1\Andy\LOCALS~1\Temp\WER9abe.dir00\c 7176192 bytes
c:\docume~1\Andy\LOCALS~1\Temp\WER9abe.dir00\e 6062080 bytes
c:\docume~1\Andy\LOCALS~1\Temp\WER9abe.dir00\n 6782976 bytes
c:\docume~1\Andy\LOCALS~1\Temp\WER9abe.dir00\o 557056 bytes
c:\docume~1\Andy\LOCALS~1\Temp\WER9abe.dir00\


Regards Andy.

BC AdBot (Login to Remove)

 


#2 anshome

anshome
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 09 January 2009 - 04:27 PM

Im really sorry I just saw it said do not post the log without being told to, Sorry hope I have not anoyed anyone.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:09:53 PM

Posted 09 January 2009 - 06:40 PM

We need to start you over again. One should not use or post a combofix unless directed to do so.
There are multiple warning about doing so. Hopefully, you haven't damaged your system.

Please start here and follow all instructions as appropriate.
We are looking for a DDS scan and files.
Techs will direct you otherwise.

I will be closing this thread shortly.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users