Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP USB Drives


  • This topic is locked This topic is locked
1 reply to this topic

#1 D.Gray

D.Gray

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 03 March 2009 - 02:12 PM

So my computer was acting incredibly slow for some unknown reason. Malwarebytes wasn't finding any problems, and none of my other antivirus or spyware programs were finding anything. ComboFix found a RootKit last time I used it and cleared my computer right up, so I decided to use it again to see if it could get rid of the problem.

It got rid of whatever it was, my computer is acting like normal again, but now I'm having a big problem with my USB ports. My mouse randomnly stops working and you'll hear the USB disconnect and reconnect sound from windows. Sometimes my mouse and keyboard both stop working all together and I have to get up and unplug/replug them, which is becoming a real pain.

So far I've tried to uninstall the USBs from the Device Manager and let windows reinstall them when I reboot, and also updating my mobos VIA drivers. Any help would be nice.

(here is the Log)

--------------------------------------------------------------------------------------------------------------

ComboFix 09-03-02.01 - Keeland Bankhead 2009-03-02 15:34:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1325 [GMT -5:00]
Running from: c:\documents and settings\Keeland Bankhead\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Keeland Bankhead\Application Data\ASKS~1
c:\documents and settings\Keeland Bankhead\Application Data\ICROSO~1
c:\documents and settings\Keeland Bankhead\Application Data\SMANTE~1
c:\documents and settings\Keeland Bankhead\Application Data\SSTEM~1
c:\documents and settings\Keeland Bankhead\Application Data\WNSXS~1
c:\documents and settings\Keeland Bankhead\My Documents\ICROSO~1.NET
c:\documents and settings\Keeland Bankhead\My Documents\WNSXS~1
c:\program files\Common Files\dobe~1
c:\program files\Common Files\fnts~1
c:\program files\Common Files\ystem3~1
c:\program files\INSTALL.LOG
c:\program files\mcroso~1.net
c:\program files\racle~1
c:\program files\sks~1
c:\program files\ystem3~1
c:\windows\mantec~1
c:\windows\sks~1
c:\windows\sks~2
c:\windows\system32\acxgosmm.ini
c:\windows\system32\adpqpbiu.ini
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\asks~1
c:\windows\system32\bmmromec.ini
c:\windows\system32\ciukucws.ini
c:\windows\system32\ckyhgwfu.ini
c:\windows\system32\cqifnsmt.ini
c:\windows\system32\dbxhqwwx.ini
c:\windows\system32\dobe~1
c:\windows\system32\duiijmxi.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\fNVwDJlm.ini
c:\windows\system32\fNVwDJlm.ini2
c:\windows\system32\fohjiesk.ini
c:\windows\system32\ggkyieyw.ini
c:\windows\system32\hcxlhmvb.ini
c:\windows\system32\heyewera.ini
c:\windows\system32\IEDFix.exe
c:\windows\system32\jhbfcvhe.ini
c:\windows\system32\kqbbpjmv.ini
c:\windows\system32\krllkkaa.ini
c:\windows\system32\linexhma.ini
c:\windows\system32\lsbsqche.ini
c:\windows\system32\mhtikxxy.ini
c:\windows\system32\Process.exe
c:\windows\system32\pynrhqcf.ini
c:\windows\system32\qfqcloji.ini
c:\windows\system32\radxxphi.ini
c:\windows\system32\smante~1
c:\windows\system32\smbols~1
c:\windows\system32\sptusyyk.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tkadbumb.ini
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\uviyijos.ini
c:\windows\system32\uyayuhav.ini
c:\windows\system32\uzotuluh.ini
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vphiwjqw.ini
c:\windows\system32\waatskff.ini
c:\windows\system32\weynykty.ini
c:\windows\system32\WS2Fix.exe
c:\windows\system32\xuavtdqk.ini
c:\windows\system32\ysprldpl.ini
c:\windows\Tasks\amvulyzt.job
c:\windows\wnsxs~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CORE
-------\Legacy_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-02-24 16:11 . 2009-01-09 14:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-18 18:10 . 2009-02-18 18:10 <DIR> d-------- c:\program files\Curse
2009-02-17 22:05 . 2009-03-02 16:09 256 --a------ c:\windows\system32\pool.bin
2009-02-17 22:04 . 2009-02-17 22:04 <DIR> d-------- c:\documents and settings\Keeland Bankhead\Application Data\Research In Motion
2009-02-17 22:01 . 2009-02-17 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-02-17 22:00 . 2009-02-17 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2009-02-17 21:58 . 2009-02-17 21:59 <DIR> d-------- c:\program files\Roxio
2009-02-17 21:58 . 2009-02-17 21:58 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2009-02-17 21:58 . 2009-02-17 21:58 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2009-02-17 21:58 . 2009-02-17 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2009-02-17 21:51 . 2009-02-17 21:51 <DIR> d-------- c:\program files\Research In Motion
2009-02-17 21:51 . 2009-02-17 21:52 <DIR> d-------- c:\program files\Common Files\Research In Motion
2009-02-17 00:32 . 2009-02-17 00:32 <DIR> d--hs---- c:\documents and settings\Keeland Bankhead\IETldCache
2009-02-15 23:22 . 2009-02-15 23:22 <DIR> d--hs---- c:\documents and settings\Dorian Gray\IETldCache
2009-02-15 23:16 . 2009-02-15 23:17 <DIR> d--h-c--- c:\windows\ie8
2009-02-15 23:12 . 2009-01-11 00:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-02-14 19:27 . 2009-02-14 19:27 <DIR> d-------- c:\documents and settings\Dorian Gray\Application Data\MySpace
2009-02-14 17:47 . 2009-02-14 17:48 <DIR> d-------- c:\documents and settings\Dorian Gray\Application Data\QQ Games Plugin
2009-02-14 17:47 . 2009-02-14 17:47 <DIR> d-------- c:\documents and settings\Dorian Gray\Application Data\acccore
2009-02-14 14:43 . 2009-02-14 14:43 <DIR> d-------- c:\program files\Mozilla ActiveX Control v1.7.12
2009-02-14 11:36 . 2009-02-14 11:37 <DIR> d-------- C:\Netgear
2009-02-02 19:57 . 2009-02-02 20:04 139,264 --a------ c:\windows\War3Unin.exe
2009-02-02 19:57 . 2009-02-02 20:04 55,034 --a------ c:\windows\War3Unin.dat
2009-02-02 19:57 . 2009-02-02 20:04 2,829 --a------ c:\windows\War3Unin.pif
2009-02-02 19:54 . 2009-02-05 15:57 <DIR> d-------- c:\program files\Warcraft III
2009-02-02 00:41 . 2009-02-02 00:41 <DIR> d-------- c:\program files\Ventrilo
2009-02-02 00:41 . 2009-02-02 00:41 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 21:09 --------- d-----w c:\program files\DNA
2009-03-02 21:09 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\DNA
2009-03-02 21:08 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\WTablet
2009-03-02 20:44 --------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-02-26 00:12 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\BitTorrent
2009-02-22 00:31 --------- d-----w c:\program files\Common Files\Adobe
2009-02-19 06:37 --------- d-----w c:\program files\Graboid
2009-02-18 23:15 --------- d-----w c:\program files\World of Warcraft
2009-02-18 17:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 03:19 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\Ventrilo
2009-02-18 02:58 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-18 02:35 --------- d-----w c:\documents and settings\Dorian Gray\Application Data\WTablet
2009-02-11 05:50 --------- d-----w c:\documents and settings\Maes Hughes\Application Data\WTablet
2009-02-02 05:41 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-01 18:43 --------- d-----w c:\program files\Ares
2009-02-01 09:43 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-01 09:43 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-01 08:50 --------- d-----w c:\program files\DivX
2009-02-01 08:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-01 08:16 --------- d-----w c:\documents and settings\Dorian Gray\Application Data\Malwarebytes
2009-02-01 06:08 --------- d-----w c:\program files\Google
2009-02-01 04:32 --------- d-----w c:\documents and settings\Dorian Gray\Application Data\InterVideo
2009-01-31 08:52 --------- d-----w c:\program files\a-squared Free
2009-01-30 13:07 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-30 00:53 --------- d-----w c:\documents and settings\All Users\Application Data\AT&T
2009-01-28 23:26 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\AT&T
2009-01-28 23:25 --------- d-----w c:\documents and settings\NetworkService\Application Data\Bytemobile
2009-01-28 23:22 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\DBUpdater
2009-01-28 23:22 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\Bytemobile
2009-01-28 23:17 --------- d-----w c:\program files\Option
2009-01-28 23:17 --------- d-----w c:\program files\Common Files\Motorola Shared
2009-01-28 23:16 26,504 ----a-w c:\windows\system32\drivers\swmsflt.sys
2009-01-28 23:15 --------- d-----w c:\program files\Sierra Wireless Inc
2009-01-28 23:15 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\Sierra Wireless
2009-01-28 05:18 --------- d-----w c:\documents and settings\Dorian Gray\Application Data\DivX
2009-01-27 18:44 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-01-27 18:43 --------- d-----w c:\program files\NCH Swift Sound
2009-01-14 23:04 --------- d-----w c:\program files\CoffeeCup Software
2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-14 19:09 --------- d-----w c:\documents and settings\Dorian Gray\Application Data\vlc
2009-01-14 18:49 --------- d-----w c:\documents and settings\Dorian Gray\Application Data\MozillaControl
2009-01-14 18:37 --------- d-----w c:\documents and settings\Dorian Gray\Application Data\Creative
2009-01-14 18:32 --------- d-----w c:\documents and settings\Maes Hughes\Application Data\vlc
2009-01-14 18:29 --------- d-----w c:\documents and settings\Maes Hughes\Application Data\MozillaControl
2009-01-14 09:28 --------- d-----w c:\documents and settings\Maes Hughes\Application Data\Creative
2009-01-14 08:36 --------- d-----w c:\documents and settings\All Users\Application Data\Apowersoft
2009-01-14 06:12 --------- d-----w c:\documents and settings\Dash Lugan\Application Data\vlc
2009-01-14 06:07 --------- d-----w c:\documents and settings\Dash Lugan\Application Data\MozillaControl
2009-01-14 05:56 --------- d-----w c:\documents and settings\Dash Lugan\Application Data\Creative
2009-01-14 05:55 --------- d-----w c:\documents and settings\Dash Lugan\Application Data\WTablet
2009-01-14 01:55 --------- d-----w c:\documents and settings\Vincent Burris\Application Data\vlc
2009-01-14 01:22 --------- d-----w c:\documents and settings\Vincent Burris\Application Data\Malwarebytes
2009-01-13 19:21 --------- d-----w c:\documents and settings\Vincent Burris\Application Data\MozillaControl
2009-01-13 19:10 --------- d-----w c:\documents and settings\Vincent Burris\Application Data\Creative
2009-01-11 02:09 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\Move Networks
2009-01-10 19:06 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\Graboid Inc
2009-01-09 22:09 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\vlc
2009-01-09 21:41 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-01-09 21:40 --------- d-----w c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2009-01-09 09:17 --------- d-----w c:\documents and settings\All Users\Application Data\Launcher
2009-01-09 07:34 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\MozillaControl
2009-01-09 07:34 --------- d-----w c:\documents and settings\All Users\Application Data\Graboid Inc
2009-01-09 07:33 --------- d-----w c:\program files\VideoLAN
2009-01-07 04:37 --------- d-----w c:\documents and settings\Keeland Bankhead\Application Data\Image Zone Express
2009-01-06 01:55 --------- d-----w c:\program files\SUPERAntiSpyware
2007-11-17 01:35 22,328 -c--a-w c:\documents and settings\Keeland Bankhead\Application Data\PnkBstrK.sys
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2008-08-14 20:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081420080815\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2008-11-10 5347672]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-12-01 4662776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2006-06-29 707376]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2006-03-10 543232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 269104]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-01 1601304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
"CTHelper"="CTHELPER.EXE" [2008-02-20 c:\windows\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 c:\windows\system32\Ctxfihlp.exe]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2008-02-20 c:\windows\system32\mididef.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-09-19 1545488]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-10-17 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-05 20:55 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-01 04:43 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"SENTINEL"= snti386.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\windows\system32\nuhzbgey.exe c:\windows\system32\nuhzbgey.exe:changelist\0c:\windows\system32\ostfnnem.exe c:\windows\system32\ostfnnem.exe:changelist\0autocheck autochk *\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Keeland Bankhead^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Keeland Bankhead\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Keeland Bankhead^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=c:\documents and settings\Keeland Bankhead\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=c:\windows\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dkomexa]
c:\windows\W?nSxS\t?skmgr.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hatptokk]
c:\documents and settings\Keeland Bankhead\Application Data\S?mantec\d?dplay.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2009-01-27 03:24 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 14:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2009-02-03 08:22 1004544 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2008-12-16 15:16 637232 c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 15:03 36864 c:\program files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 17:23 102400 c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
--a------ 2009-03-01 23:10 1563648 c:\program files\Curse\CurseClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 18:05 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-06-29 18:54 269104 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-12-12 13:46 9555968 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 22:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a--c--- 2007-08-25 17:21 1258744 c:\program files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-05 20:55 1830128 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-07 21:45 185632 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 09:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
--a------ 2008-11-03 17:45 3522296 c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2006-06-29 18:42 707376 c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-12-01 00:49 4662776 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2008-02-20 19:58 19456 c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2008-02-20 19:58 19968 c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"TrkWks"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"c:\\Program Files\\Alias\\Maya8.0\\bin\\maya.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\Tablet.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\WMP54Gv4.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-23 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-23 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-23 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-23 298264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-19 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S0 fjkqmge;fjkqmge;c:\windows\system32\drivers\yquafqb.sys --> c:\windows\system32\drivers\yquafqb.sys [?]
S1 ad1b8f71;ad1b8f71;c:\windows\system32\drivers\ad1b8f71.sys --> c:\windows\system32\drivers\ad1b8f71.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-01-10 165248]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-01-10 142976]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fb56973-92ac-11dc-86a5-001a70b0334b}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c34882d-9018-11da-88ca-001a70b0334b}]
\Shell\AutoRun\command - e:\win\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c98df5-7232-11dd-88f6-001a70b0334b}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-03-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-03-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)
Notify-byXQIAsR - byXQIAsR.dll
Notify-ssqOGvUm - ssqOGvUm.dll
Notify-xxyxVoMe - xxyxVoMe.dll
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
MSConfigStartUp-fwjylyhc - c:\documents and settings\All Users\Application Data\fwjylyhc.exe
MSConfigStartUp-setup - c:\windows\system32\uibpqpda.dll
MSConfigStartUp-Uops - c:\progra~1\COMMON~1\RACLE~1\services.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?.home=ytie
uInternet Settings,ProxyOverride = local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Keeland Bankhead\Application Data\Mozilla\Firefox\Profiles\zvp13ypf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\Keeland Bankhead\Application Data\Mozilla\Firefox\Profiles\zvp13ypf.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Keeland Bankhead\Application Data\Mozilla\Firefox\Profiles\zvp13ypf.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 16:10:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-2147157035-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ef,71,36,bd,9d,87,0e,f9,01,9f,f4,b3,d7,cc,1a,2a,d0,15,31,9e,4f,ee,fb,
bd,53,7d,a3,7d,05,a3,0d,eb,8d,41,af,0e,d8,c0,3c,63,98,96,d2,24,cd,2d,d2,0b,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft LifeCam\MSCamSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\Tablet.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\CTxfispi.exe
c:\windows\system32\rundll32.exe
c:\program files\Creative\ShareDLL\CADI\NotiMan.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-03-02 16:14:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-02 21:14:17

Pre-Run: 4,030,717,952 bytes free
Post-Run: 5,407,404,032 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,4,5,6
488 --- E O F --- 2009-02-28 05:03:29

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:50 PM

Posted 03 March 2009 - 02:18 PM

Hello D.Gray,

ComboFix should not to be discussed outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users