Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

request for review of combofix log file


  • This topic is locked This topic is locked
1 reply to this topic

#1 purdytimid

purdytimid

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:09 PM

Posted 29 January 2009 - 01:02 PM

I've recently upgraded my internet service to include internet security. since this upgrade, I've experienced a horrendous amount of popups even with the popup blocker activated and the antispyware and antivirus having been run daily with appropriate deletions of found spyware and virus items. After running antispyware through AT&T Internet Security Suite today, I googled just one of the spyware items to get a better description. This was an application file, Vundo CAR. In doing so, I was directed to this site, and read that I should download Combofix. I've done that and run the program, receiving a log file which I've been directed to give you for further instructions. Please assist, as I'm rather non-versed in computer maintenance and repair.

Thanks in advance for your time and knowledge.

ComboFix 09-01-21.04 - Tammy 2009-01-29 10:54:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.759 [GMT -6:00]
Running from: c:\documents and settings\Tammy\Desktop\ComboFix.exe
AV: AT&T Internet Security Suite AT&T Anti-Virus *On-access scanning disabled* (Updated)
FW: AT&T Internet Security Suite AT&T Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\AntiSpyCheck 2.1
c:\program files\GetModule
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\INSTALL.LOG
c:\program files\Web Technologies
c:\windows\cookies.ini
c:\windows\system32\~.exe
c:\windows\system32\aaqieryc.dll
c:\windows\system32\auoxiuyc.ini
c:\windows\system32\BdKQrBeg.ini
c:\windows\system32\BdKQrBeg.ini2
c:\windows\system32\bjbcnobp.ini
c:\windows\system32\bkiiaiiu.dll
c:\windows\system32\bnfdksmo.ini
c:\windows\system32\bpnxxuxp.ini
c:\windows\system32\brgksa.dll
c:\windows\system32\bsymgigi.ini
c:\windows\system32\cdeabcgr.dll
c:\windows\system32\CeKmWvut.ini
c:\windows\system32\CeKmWvut.ini2
c:\windows\system32\cewfqr.dll
c:\windows\system32\cilywaxr.ini
c:\windows\system32\cjknpz.dll
c:\windows\system32\cmnfgg.dll
c:\windows\system32\cofpltbe.ini
c:\windows\system32\ctspiqsv.ini
c:\windows\system32\ddegQXbc.ini
c:\windows\system32\ddegQXbc.ini2
c:\windows\system32\deqbxdnf.ini
c:\windows\system32\dfkrnfnk.ini
c:\windows\system32\djqihbiv.ini
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekapnsnamrq.sys
c:\windows\system32\drivers\senekaunjetawo.sys
c:\windows\system32\dvwcgpbl.ini
c:\windows\system32\edzzfi.dll
c:\windows\system32\eeijjqll.ini
c:\windows\system32\ekkruhir.ini
c:\windows\system32\evanfq.dll
c:\windows\system32\exaujanf.dll
c:\windows\system32\exwrxccd.ini
c:\windows\system32\eyvdrfip.dll
c:\windows\system32\ffbodv.dll
c:\windows\system32\fkpgoc.dll
c:\windows\system32\fpaxvefg.ini
c:\windows\system32\fvkhjqpl.ini
c:\windows\system32\fwlybihx.ini
c:\windows\system32\fylrxhch.dll
c:\windows\system32\gfwxxmkj.dll
c:\windows\system32\gjclwihu.ini
c:\windows\system32\gocsqbsy.ini
c:\windows\system32\hadjhm.dll
c:\windows\system32\heijzj.dll
c:\windows\system32\hgfdge4unjdfdg.dll
c:\windows\system32\hgGvwxUm.dll
c:\windows\system32\hgqsee.dll
c:\windows\system32\hhfewkdg.dll
c:\windows\system32\hhtetitb.dll
c:\windows\system32\hlhgvjns.dll
c:\windows\system32\hvdkhmfy.ini
c:\windows\system32\ieupdates.exe.tmp
c:\windows\system32\inimyfdm.ini
c:\windows\system32\iqfidwai.ini
c:\windows\system32\iugrye.dll
c:\windows\system32\iwifyqqb.ini
c:\windows\system32\iwunevjg.ini
c:\windows\system32\jolkhdfp.ini
c:\windows\system32\jxdswqum.ini
c:\windows\system32\kcwftqde.ini
c:\windows\system32\kgfkfxpu.ini
c:\windows\system32\kicykt.dll
c:\windows\system32\kiubtvvq.ini
c:\windows\system32\knnpsjnc.ini
c:\windows\system32\knqitiox.ini
c:\windows\system32\kssnbs.dll
c:\windows\system32\lbyhpjbc.dll
c:\windows\system32\lcifbc.dll
c:\windows\system32\ldylnsqs.dll
c:\windows\system32\lgemxusk.ini
c:\windows\system32\ljJYOgee.dll
c:\windows\system32\lrqcsmpm.ini
c:\windows\system32\LRrXxGgh.ini
c:\windows\system32\LRrXxGgh.ini2
c:\windows\system32\lteidert.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mUxwvGgh.ini
c:\windows\system32\mUxwvGgh.ini2
c:\windows\system32\MWDKmnpo.ini
c:\windows\system32\MWDKmnpo.ini2
c:\windows\system32\napzdv.dll
c:\windows\system32\nbfjnpvy.dll
c:\windows\system32\oaknklpw.dll
c:\windows\system32\oggpqlre.ini
c:\windows\system32\oglhkrhd.dll
c:\windows\system32\ojudgwia.ini
c:\windows\system32\opnkkLFw.dll
c:\windows\system32\ovmmedrl.ini
c:\windows\system32\ovrvquku.ini
c:\windows\system32\oxagdwms.ini
c:\windows\system32\oxtgqkji.ini
c:\windows\system32\pcabilur.ini
c:\windows\system32\pdxocwxd.dll
c:\windows\system32\peaomcwd.ini
c:\windows\system32\peazap.dll
c:\windows\system32\pepwagry.ini
c:\windows\system32\pgynxxnu.ini
c:\windows\system32\pifrdvye.ini
c:\windows\system32\pjbymjhn.ini
c:\windows\system32\plgbfeeo.ini
c:\windows\system32\psutfk.dll
c:\windows\system32\qahiqkuc.ini
c:\windows\system32\qeawmrnw.ini
c:\windows\system32\qgdbegpn.ini
c:\windows\system32\qhjluxuf.ini
c:\windows\system32\qlyoet.dll
c:\windows\system32\qoMcaYsT.dll
c:\windows\system32\qoMfcBUL.dll
c:\windows\system32\rdnboqrk.ini
c:\windows\system32\rdnustlt.ini
c:\windows\system32\rdtjkbhl.ini
c:\windows\system32\rgcbaedc.ini
c:\windows\system32\rndqvdca.dll
c:\windows\system32\rtkprqor.ini
c:\windows\system32\SAddefii.ini
c:\windows\system32\SAddefii.ini2
c:\windows\system32\sblenhyt.ini
c:\windows\system32\scwtjoxj.dll
c:\windows\system32\senekadf.dat
c:\windows\system32\senekahqbexubv.dll
c:\windows\system32\senekakpylqppf.dat
c:\windows\system32\senekalmctqohm.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekaoeqgbyor.dll
c:\windows\system32\senekapaeawsmd.dll
c:\windows\system32\senekapwfvlifi.dll
c:\windows\system32\senekarnupvkta.dat
c:\windows\system32\senekatkpmnvsp.dll
c:\windows\system32\srnqqnst.dll
c:\windows\system32\stocsnpg.dll
c:\windows\system32\sxluim.dll
c:\windows\system32\thfnbkcn.dll
c:\windows\system32\tjsrwfbh.ini
c:\windows\system32\tltsundr.dll
c:\windows\system32\tredietl.ini
c:\windows\system32\txjlpgiv.dll
c:\windows\system32\tyhnelbs.dll
c:\windows\system32\uniq.tll
c:\windows\system32\uukuzp.dll
c:\windows\system32\uxauufmy.dll
c:\windows\system32\uyqrehby.dll
c:\windows\system32\vgvfhanx.ini
c:\windows\system32\vogjxcao.dll
c:\windows\system32\vtUonlMG.dll
c:\windows\system32\vvbrvf.dll
c:\windows\system32\wbvjqj.dll
c:\windows\system32\whqfgajd.ini
c:\windows\system32\xibhttxx.ini
c:\windows\system32\xowoao.dll
c:\windows\system32\xxyxUoMc.dll
c:\windows\system32\yhuqhwfl.ini
c:\windows\system32\yoyvwydk.ini
c:\windows\system32\zadxoz.dll
c:\windows\Tasks\adzntnze.job
c:\windows\Tasks\hgqrvrch.job
c:\windows\Tasks\nkzfcsqq.job
c:\windows\Tasks\pzgjeeui.job
c:\windows\wiaserviv.log

----- BITS: Possible infected sites -----

hxxp://www.graboid.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA
-------\Service_yzbgqap


((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.

2010-01-16 06:50 . 2010-01-16 06:50 134,656 --a------ c:\windows\ucelazex.dll
2010-01-16 05:54 . 2010-01-16 05:54 124,928 --a------ c:\windows\system32\jrfjhbth.dll
2010-01-16 05:38 . 2010-01-16 06:50 <DIR> d-------- c:\program files\AWS
2009-12-31 17:43 . 2009-01-16 15:09 <DIR> d-------- C:\Temp
2009-12-14 17:43 . 2009-12-14 17:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-12-13 21:25 . 2009-01-22 20:24 <DIR> d-------- c:\program files\EditStudio6
2009-12-12 04:52 . 2009-12-12 04:52 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-12-08 18:58 . 2009-01-26 01:50 <DIR> d-------- c:\program files\LimeWire
2009-12-05 13:53 . 2009-12-05 13:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Launcher
2009-12-05 01:28 . 2009-12-05 01:28 <DIR> d-------- c:\program files\Common Files\Software Update Utility
2009-12-05 00:51 . 2009-12-05 00:51 <DIR> d-------- c:\program files\AVG
2009-12-05 00:51 . 2009-01-16 07:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-12-05 00:33 . 2009-12-05 00:33 410,984 --a------ c:\windows\system32\deploytk.dll
2009-12-05 00:23 . 2009-01-16 12:13 <DIR> d-------- c:\program files\Symantec
2009-01-28 18:58 . 2009-01-28 18:58 <DIR> d-------- c:\program files\Common Files\Nova Development
2009-01-28 18:56 . 2009-01-28 18:56 <DIR> d-------- c:\program files\Creative Home
2009-01-28 18:56 . 2009-01-28 18:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Creative Home
2009-01-28 16:08 . 2009-01-28 16:08 104,960 --a------ c:\windows\system32\ngujdgfa.dll
2009-01-28 16:05 . 2009-01-28 16:05 296,448 --a------ c:\windows\system32\hgGxVMEX.dll.vir
2009-01-27 15:10 . 2009-01-27 15:10 <DIR> d-------- c:\documents and settings\Tammy\Application Data\Apple Computer
2009-01-27 06:45 . 2009-01-27 06:45 295,424 --a------ c:\windows\system32\geBrQKdB.dll
2009-01-27 06:32 . 2009-01-27 06:32 126,464 --a------ c:\windows\system32\clsqkije.dll
2009-01-27 06:32 . 2009-01-27 06:32 86,528 --a------ c:\windows\system32\xxtthbix.dll
2009-01-26 09:09 . 2009-01-26 09:09 <DIR> d-------- c:\documents and settings\Tammy\Application Data\vlc
2009-01-26 07:03 . 2009-01-28 16:55 <DIR> d-------- c:\documents and settings\Tammy\Application Data\LimeWire
2009-01-26 02:51 . 2009-01-26 02:51 <DIR> d-------- c:\program files\uTorrent
2009-01-26 02:50 . 2009-01-28 21:03 <DIR> d-------- c:\documents and settings\Tammy\Application Data\uTorrent
2009-01-25 05:50 . 2009-01-25 05:51 <DIR> d-------- C:\tammybackup
2009-01-24 10:20 . 2009-01-24 10:34 <DIR> d-------- c:\documents and settings\Guest\Application Data\ATTTOOLBAR
2009-01-24 10:19 . 2009-01-24 10:19 <DIR> d-------- c:\documents and settings\Guest
2009-01-23 10:33 . 2009-01-23 10:34 292,352 --a------ c:\windows\system32\tuvWmKeC.dll
2009-01-23 05:26 . 2009-01-23 05:26 <DIR> d-------- C:\04d0005cd16e431fd8f925e052
2009-01-22 15:41 . 2009-01-22 15:41 0 --a------ C:\yjqcq.exe
2009-01-22 15:41 . 2009-01-22 15:41 0 --a------ C:\saann.exe
2009-01-22 15:41 . 2009-01-22 15:41 0 --a------ C:\okpomq.exe
2009-01-22 15:41 . 2009-01-22 15:41 0 --a------ C:\mywyxngk.exe
2009-01-22 14:44 . 2009-01-29 04:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATTToolbar
2009-01-22 14:43 . 2009-01-22 14:44 <DIR> d-------- c:\program files\ATTToolbar
2009-01-22 14:43 . 2009-01-22 14:43 <DIR> d-------- c:\documents and settings\Tammy\Application Data\ATTToolbar
2009-01-22 14:37 . 2009-01-22 14:40 <DIR> d-------- c:\program files\ATT-SST
2009-01-22 14:22 . 2009-01-22 14:33 <DIR> d-------- c:\documents and settings\Tammy\Application Data\Motive
2009-01-22 14:17 . 2009-01-22 14:17 <DIR> d-------- c:\program files\ATT-HSI
2009-01-21 10:35 . 2009-01-21 10:35 <DIR> d-------- c:\documents and settings\Tammy\Application Data\DivX
2009-01-21 10:35 . 2009-01-21 10:35 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-19 12:13 . 2009-01-19 12:13 <DIR> d-------- c:\documents and settings\Tammy\Application Data\Corel
2009-01-18 17:36 . 2009-01-27 16:59 <DIR> d-------- c:\documents and settings\Tammy\Tracing
2009-01-18 17:33 . 2009-01-18 17:33 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-01-18 17:31 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-01-18 17:30 . 2009-01-18 17:30 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-01-18 17:30 . 2009-01-18 17:30 20 --a------ c:\windows\
2009-01-18 17:27 . 2009-01-18 17:27 <DIR> d-------- c:\program files\Microsoft
2009-01-18 17:26 . 2009-01-18 17:26 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-18 16:58 . 2009-01-18 16:58 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-17 14:31 . 2009-01-17 14:31 125,952 --a------ c:\windows\system32\sxbqqxwi.dll
2009-01-17 14:29 . 2009-01-17 14:29 81,920 --a------ c:\windows\system32\oeefbglp.dll
2009-01-16 15:10 . 2009-01-16 15:10 9,062 --a------ c:\windows\system32\small1.ico
2009-01-16 15:10 . 2009-01-16 15:10 9,062 --a------ c:\windows\system32\small.ico
2009-01-16 15:09 . 2009-01-16 15:25 <DIR> d-------- c:\program files\ATT Internet Tools
2009-01-16 14:27 . 2009-01-16 14:27 <DIR> d-------- c:\documents and settings\Tammy\Application Data\AT&T
2009-01-16 14:26 . 2009-01-29 11:06 <DIR> d-------- c:\documents and settings\Tammy
2009-01-16 11:24 . 2009-01-16 11:24 <DIR> d-------- c:\program files\Raxco
2009-01-16 11:24 . 2009-01-16 11:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Raxco
2009-01-16 10:49 . 2009-01-16 11:23 53,192 --a------ c:\windows\system32\drivers\rp_skt32.sys
2009-01-16 10:48 . 2009-01-16 10:48 <DIR> d-------- c:\program files\Common Files\Authentium
2009-01-16 10:48 . 2007-04-19 11:24 48,384 --a------ c:\windows\system32\drivers\rp_pkt32.sys
2009-01-16 10:46 . 2009-01-16 17:06 <DIR> d-------- c:\program files\Common Files\Scanner
2009-01-16 10:46 . 2009-01-16 10:46 <DIR> d-------- c:\program files\CA
2009-01-16 08:04 . 2009-01-16 08:04 46,640 --a------ c:\windows\system32\msln.exe
2009-01-16 07:53 . 2009-01-16 07:53 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-01-16 07:37 . 2009-01-16 07:37 124,928 --a------ c:\windows\system32\eywexmrd.dll
2009-01-16 07:36 . 2009-01-16 07:36 81,920 --a------ c:\windows\system32\roqrpktr.dll
2009-01-16 07:33 . 2009-01-16 07:33 124,928 --a------ c:\windows\system32\ptqibryi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 12:31 --------- d-----w c:\program files\VS Revo Group
2009-12-16 12:59 --------- d-----w c:\program files\Applications
2009-12-15 21:28 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-12-15 05:31 --------- d-----w c:\program files\Common Files\AOL
2009-12-05 19:47 --------- d-----w c:\program files\VideoLAN
2009-12-05 07:27 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-12-05 06:37 --------- d-----w c:\program files\Pivot Stickfigure Animator
2009-12-05 06:33 --------- d-----w c:\program files\Java
2009-12-05 06:28 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-12-05 06:19 --------- d-----w c:\program files\Image-Line
2009-01-26 23:41 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-26 21:10 --------- d-----w c:\program files\lx_cats
2009-01-23 11:50 --------- d-----w c:\program files\Common Files\Motive
2009-01-23 02:25 --------- d-----w c:\program files\Microsoft Works
2009-01-21 14:15 --------- d-----w c:\program files\DivX
2009-01-18 23:34 --------- d-----w c:\program files\Windows Live Toolbar
2009-01-18 23:34 --------- d-----w c:\program files\Windows Live
2009-01-16 20:24 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-16 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-16 16:45 --------- d-----w c:\program files\AT&T
2009-01-16 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\AT&T
2009-01-16 16:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 04:55 307,560 ----a-w c:\windows\WLXPGSS.SCR
2004-07-26 11:26 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012004072620040727\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77AB5974-55A3-4737-9FD5-B93C64307F78}]
2009-01-28 16:08 104960 --a------ c:\windows\system32\ngujdgfa.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]

c:\documents and settings\Tammy\Start Menu\Programs\Startup\
ExpressPLNRnote.lnk - c:\program files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe [2006-01-16 28200]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-04-25 483328]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2009-12-04 09:36 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2006-12-11 10:11 82864 c:\program files\Lexmark 2400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2006-12-11 10:12 295856 c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
--a------ 2007-01-11 12:57 291760 c:\program files\Lexmark 2400 Series\lxcrmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2003-10-31 18:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\FINAL FANTASY XI\\polboot.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\FINAL FANTASY XI\\ToolsUS\\FINAL FANTASY XI Config.exe"=
"c:\\Program Files\\Lexmark 2400 Series\\LXCRaiox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [2008-05-27 14092]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-08-23 24652]
S3 PAC207;Basic Webcam;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]
S3 Radialpoint Security Services;AT&T Internet Security Suite;c:\windows\system32\dllhost.exe [2008-10-28 5120]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-29 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE []

2009-01-29 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2004-08-04 04:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - c:\documents and settings\chris\Local Settings\Application Data\CyberDefender\cdmyidd.dll
BHO-{CA0617C7-C528-4D5D-B6D2-85619339B231} - c:\windows\system32\hgGvwxUm.dll
BHO-{E1FAB6BD-4A34-47ce-82AF-50B16A6BE77E} - c:\program files\aspch\ThreatWarning.dll
Toolbar-{94A5C93F-BD18-4C46-B777-C94C145C3CAB} - c:\program files\Applications\iebr.dll
Toolbar-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - c:\documents and settings\chris\Local Settings\Application Data\CyberDefender\cdmyidd.dll
SharedTaskScheduler-{d3b82107-f8fa-4ef3-8066-136e22872d4e} - c:\windows\system32\sjrggq.dll
ShellExecuteHooks-{88EBBE0B-5FF8-4B84-B043-71A216374A5B} - (no file)
Notify-rqRHyxxx - rqRHyxxx.dll
Notify-ssqPgFyx - ssqPgFyx.dll
Notify-urqNDWPG - urqNDWPG.dll
MSConfigStartUp-HelpCenter4 - c:\program files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.att.net
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://home.bellsouth.net/bislmpuc
mSearchURL = hxxp://internetsearchservice.com
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
Trusted Zone: motive.com\patttbc.att
FF - ProfilePath - c:\documents and settings\Tammy\Application Data\Mozilla\Firefox\Profiles\kqf4hvoy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 11:06:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AT&T\AT&T Internet Security Suite\Fws.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxcrcoms.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-29 11:10:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-29 17:10:30

Pre-Run: 5,353,152,512 bytes free
Post-Run: 6,288,478,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

439 --- E O F --- 2004-07-26 11:22:48

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:09 PM

Posted 29 January 2009 - 04:20 PM

Hello purdytimid,

ComboFix should not to be discussed outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users