Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various Strange exe's running in task manager all of a sudden


  • This topic is locked This topic is locked
1 reply to this topic

#1 Kamui

Kamui

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:06:40 AM

Posted 01 May 2009 - 01:26 AM

i should start saying i was having this problem and i ran that combofix program you guys supply, i know i wasn't supposed to without someone telling me too anyway i have the log file from it if that helps.

Oh and i think what caused this was running a WGA removal app i found, I scanned it before running and my antivirus said it was clean but now i have some strange things in the task manager mainly alg.exe dllhost.exe jqs.exe and hasp-upd.exe.

Also those are in the Reg and slated to start up with my pc in msconfig and my startup folder if you guys don't support somone who openly admits to using wga removal tools i understand just thought i would be honest about what started this.

i disabled them from starting up in msconfig and i ran Spybot search and destroy which found nothing and i ran a program called CCleaner clears all the temp files and helps clean the reg. plus my antivirus (Eset) when i scanned the app in question said no viruses. Anyway here is the log report.

ComboFix 09-04-30.05 - Kamui 04/30/2009 22:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1557 [GMT -7:00]
Running from: d:\documents and settings\Kamui\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-05-01 05:41 . 2009-05-01 05:41 -------- d-----w d:\program files\Enigma Software Group
2009-05-01 03:30 . 2009-05-01 03:30 -------- d-----w d:\windows\WGA Killer
2009-05-01 03:30 . 2009-05-01 03:30 -------- d-----w d:\program files\WGA Killer
2009-05-01 03:29 . 2009-05-01 03:37 -------- d-----w d:\program files\HASP
2009-05-01 03:29 . 2009-05-01 03:29 147456 ----a-w d:\windows\system32\hasp-upd.exe
2009-04-28 13:30 . 2009-05-01 03:39 -------- d-----w d:\documents and settings\Kamui\Application Data\Bioshock
2009-04-24 03:25 . 2009-05-01 03:39 -------- d-----w d:\program files\Steam
2009-04-18 11:52 . 2009-04-18 11:52 -------- d-----w d:\program files\ESET
2009-04-17 06:02 . 2009-03-06 14:22 284160 ------w d:\windows\system32\dllcache\pdh.dll
2009-04-17 06:02 . 2009-02-06 10:39 35328 ------w d:\windows\system32\dllcache\sc.exe
2009-04-17 06:02 . 2009-02-09 12:10 401408 ------w d:\windows\system32\dllcache\rpcss.dll
2009-04-17 06:02 . 2009-02-06 11:11 110592 ------w d:\windows\system32\dllcache\services.exe
2009-04-17 06:02 . 2009-02-09 12:10 473600 ------w d:\windows\system32\dllcache\fastprox.dll
2009-04-17 06:02 . 2009-02-06 10:10 227840 ------w d:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 06:02 . 2009-02-09 12:10 453120 ------w d:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 06:02 . 2009-02-09 12:10 729088 ------w d:\windows\system32\dllcache\lsasrv.dll
2009-04-17 06:02 . 2009-02-09 12:10 617472 ------w d:\windows\system32\dllcache\advapi32.dll
2009-04-17 06:02 . 2009-02-09 12:10 714752 ------w d:\windows\system32\dllcache\ntdll.dll
2009-04-17 06:02 . 2008-05-03 11:55 2560 ------w d:\windows\system32\xpsp4res.dll
2009-04-17 06:02 . 2008-04-21 12:08 215552 ------w d:\windows\system32\dllcache\wordpad.exe
2009-04-10 11:14 . 2009-04-10 11:14 -------- d-----w d:\program files\IrfanView
2009-04-10 10:46 . 2009-04-27 08:06 -------- d-----w d:\documents and settings\Kamui\Application Data\GrabIt
2009-04-10 10:38 . 2009-04-10 10:38 -------- d-----w d:\program files\GrabIt
2009-04-09 07:28 . 2009-04-09 07:28 -------- d-----w d:\documents and settings\All Users\Application Data\Azureus
2009-04-09 07:28 . 2009-04-24 14:01 -------- d-----w d:\documents and settings\Kamui\Application Data\Azureus
2009-04-09 07:27 . 2009-04-15 02:17 -------- d-----w d:\program files\Vuze
2009-04-09 07:06 . 2009-04-09 07:06 -------- d-----w d:\windows\Sun
2009-04-08 08:03 . 2009-04-08 08:03 -------- d-----w d:\documents and settings\Kamui\Local Settings\Application Data\Blizzard Entertainment
2009-04-08 07:58 . 2007-09-04 16:56 164352 ----a-w d:\windows\system32\unrar.dll
2009-04-08 07:58 . 2004-01-25 16:18 217088 ----a-w d:\windows\system32\yv12vfw.dll
2009-04-08 07:58 . 2008-01-10 12:15 755027 ----a-w d:\windows\system32\xvidcore.dll
2009-04-08 07:58 . 2008-01-10 12:16 159839 ----a-w d:\windows\system32\xvidvfw.dll
2009-04-08 07:58 . 2008-05-22 22:22 3596288 ----a-w d:\windows\system32\qt-dx331.dll
2009-04-08 07:58 . 2008-05-22 22:19 81920 ----a-w d:\windows\system32\dpl100.dll
2009-04-08 07:57 . 2008-05-30 23:22 683520 ----a-w d:\windows\system32\divx.dll
2009-04-08 07:57 . 2008-06-12 18:36 7680 ----a-w d:\windows\system32\ff_vfw.dll
2009-04-08 07:57 . 2009-04-08 07:58 -------- d-----w d:\program files\K-Lite Codec Pack
2009-04-08 07:53 . 2009-04-08 07:53 410984 ----a-w d:\windows\system32\deploytk.dll
2009-04-08 07:53 . 2009-04-08 07:53 -------- d-----w d:\program files\Java
2009-04-08 07:51 . 2009-04-08 07:51 -------- d-----w d:\program files\MMOInterface
2009-04-08 06:25 . 2009-04-08 06:25 -------- d-----w d:\documents and settings\Kamui\Local Settings\Application Data\ESET
2009-04-08 06:14 . 2009-04-08 06:14 -------- d-----w d:\program files\OO Software
2009-04-08 04:30 . 2009-04-08 04:30 -------- d-----w d:\documents and settings\All Users\Application Data\Blizzard
2009-04-08 03:36 . 2009-04-08 03:36 -------- d-----w d:\program files\Common Files\Blizzard Entertainment
2009-04-08 03:36 . 2009-04-29 04:58 -------- d-----w d:\program files\World of Warcraft
2009-04-08 03:26 . 2009-04-08 03:26 -------- d-----w d:\documents and settings\Kamui\Local Settings\Application Data\DFX
2009-04-08 03:24 . 2009-04-08 03:24 -------- d-----w d:\documents and settings\All Users\Application Data\DFX
2009-04-08 03:24 . 2009-04-08 03:24 -------- d-----w d:\program files\Common Files\DFX
2009-04-08 03:24 . 2009-04-08 03:24 -------- d-----w d:\program files\DFX
2009-04-08 03:20 . 2009-04-08 03:20 -------- d-----w d:\documents and settings\Kamui\Local Settings\Application Data\O&O
2009-04-07 10:24 . 2009-04-07 10:24 -------- d-----w d:\documents and settings\Kamui\Application Data\ESET
2009-04-07 10:23 . 2009-04-07 10:23 -------- d-----w d:\documents and settings\All Users\Application Data\ESET
2009-04-07 10:09 . 2009-05-01 05:52 -------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-07 10:09 . 2009-04-07 10:11 -------- d-----w d:\program files\Spybot - Search & Destroy
2009-04-07 09:39 . 2009-04-07 09:39 -------- d-----w d:\documents and settings\Kamui\Application Data\Creative
2009-04-07 09:39 . 2009-04-07 10:06 -------- d-----w d:\windows\system32\data
2009-04-07 09:29 . 2008-04-14 06:09 5504 ----a-w d:\windows\system32\drivers\MSTEE.sys
2009-04-07 09:29 . 2008-04-14 06:15 6272 ----a-w d:\windows\system32\drivers\splitter.sys
2009-04-07 09:29 . 2008-04-14 06:47 83072 ----a-w d:\windows\system32\drivers\wdmaud.sys
2009-04-07 09:29 . 2008-04-14 06:15 52864 ----a-w d:\windows\system32\drivers\DMusic.sys
2009-04-07 09:29 . 2008-04-14 06:15 56576 ----a-w d:\windows\system32\drivers\swmidi.sys
2009-04-07 09:29 . 2008-04-14 04:09 142592 ----a-w d:\windows\system32\drivers\aec.sys
2009-04-07 09:29 . 2008-04-14 06:15 172416 ----a-w d:\windows\system32\drivers\kmixer.sys
2009-04-07 09:29 . 2008-04-14 06:15 2944 ----a-w d:\windows\system32\drivers\drmkaud.sys
2009-04-07 09:29 . 2008-04-14 06:45 60800 ----a-w d:\windows\system32\drivers\sysaudio.sys
2009-04-07 09:29 . 2008-04-14 06:09 7552 ----a-w d:\windows\system32\drivers\MSKSSRV.sys
2009-04-07 09:29 . 2008-04-14 06:09 4992 ----a-w d:\windows\system32\drivers\MSPQM.sys
2009-04-07 09:29 . 2008-04-14 06:09 5376 ----a-w d:\windows\system32\drivers\MSPCLOCK.sys
2009-04-07 09:27 . 2009-04-07 09:27 -------- d-----w d:\documents and settings\Kamui\Application Data\ATI
2009-04-07 09:27 . 2009-04-07 09:27 -------- d-----w d:\documents and settings\All Users\Application Data\ATI
2009-04-07 09:27 . 2009-04-07 09:27 -------- d-----w d:\documents and settings\Kamui\Local Settings\Application Data\ATI
2009-04-07 09:27 . 2009-04-07 09:27 0 ----a-w d:\windows\ativpsrm.bin
2009-04-07 09:25 . 2009-02-04 02:31 170496 ----a-w d:\windows\system32\drivers\atinavt2.sys
2009-04-07 09:25 . 2009-02-25 22:15 593920 ------w d:\windows\system32\ati2sgag.exe
2009-04-07 09:25 . 2009-04-07 09:26 -------- d-----w d:\program files\ATI Technologies
2009-04-07 09:25 . 2009-04-07 10:06 -------- d--h--w d:\program files\InstallShield Installation Information
2009-04-07 09:25 . 2009-04-07 09:25 -------- d-----w d:\program files\Common Files\InstallShield
2009-04-07 09:24 . 2009-04-07 09:24 -------- d-----w D:\ATI
2009-04-07 09:09 . 2009-02-20 18:09 6068736 ------w d:\windows\system32\dllcache\ieframe.dll
2009-04-07 09:09 . 2009-02-28 04:54 636088 ------w d:\windows\system32\dllcache\iexplore.exe
2009-04-07 09:09 . 2009-02-21 07:39 3596800 ------w d:\windows\system32\dllcache\mshtml.dll
2009-04-07 09:09 . 2008-10-03 10:02 247326 ------w d:\windows\system32\dllcache\strmdll.dll
2009-04-07 09:09 . 2008-10-15 16:34 337408 ------w d:\windows\system32\dllcache\netapi32.dll
2009-04-07 09:09 . 2008-09-04 17:15 1106944 ------w d:\windows\system32\dllcache\msxml3.dll
2009-04-07 09:09 . 2009-04-07 09:09 -------- d-----w d:\documents and settings\Kamui\Application Data\Media Player Classic
2009-04-07 09:09 . 2009-04-17 10:00 -------- d--h--w d:\windows\$hf_mig$
2009-04-07 09:08 . 2009-02-09 11:13 1846784 ------w d:\windows\system32\dllcache\win32k.sys
2009-04-07 09:02 . 2009-04-07 09:02 -------- d-----w d:\program files\Microsoft WSE
2009-04-07 09:02 . 2009-04-07 09:02 -------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 01:48 . 2009-04-07 10:35 -------- d-----w d:\program files\Winamp
2009-04-09 12:12 . 2009-04-07 08:53 86327 ----a-w d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-07 10:06 . 2009-04-07 10:06 -------- d-----w d:\program files\OpenAL
2009-04-07 10:06 . 2009-04-07 09:39 444952 ----a-w d:\windows\system32\wrap_oal.dll
2009-04-07 10:06 . 2009-04-07 09:39 109080 ----a-w d:\windows\system32\OpenAL32.dll
2009-04-07 10:05 . 2009-04-07 09:58 -------- d-----w d:\program files\Creative
2009-04-07 10:02 . 2009-04-07 10:02 -------- d-----w d:\program files\Common Files\Creative Labs Shared
2009-04-07 09:53 . 2009-04-07 08:46 -------- d-----w d:\program files\CCleaner
2009-04-07 09:43 . 2009-04-07 09:43 0 ----a-w d:\windows\nsreg.dat
2009-04-07 09:23 . 2009-04-07 08:56 -------- d-----w d:\program files\PowerCmd
2009-04-07 09:11 . 2009-04-07 08:46 -------- d-----w d:\program files\RocketDock
2009-04-07 09:10 . 2009-04-07 08:56 -------- d-----w d:\program files\LClock
2009-04-07 09:06 . 2009-04-07 09:01 15184 ----a-w d:\documents and settings\Kamui\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-07 09:01 . 2009-04-07 09:01 68936 ----a-w d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-07 09:01 . 2009-04-07 09:01 -------- d-----w d:\program files\MSBuild
2009-04-07 09:01 . 2009-04-07 09:01 -------- d-----w d:\program files\Reference Assemblies
2009-04-07 09:01 . 2009-04-07 09:01 -------- d-----w d:\program files\MSXML 6.0
2009-04-07 08:56 . 2009-04-07 09:00 71680 ----a-w d:\documents and settings\Kamui\GLB251E.tmp
2009-04-07 08:56 . 2009-04-07 08:57 71680 ----a-w d:\windows\system32\config\systemprofile\GLB251E.tmp
2009-04-07 08:56 . 2009-04-07 08:56 71680 ----a-w d:\documents and settings\Default User\GLB251E.tmp
2009-04-07 08:56 . 2009-04-07 08:56 -------- d-----w d:\program files\Sysinternals
2009-04-07 08:54 . 2008-04-14 12:00 67 --sha-w d:\windows\Fonts\desktop.ini
2009-04-07 08:51 . 2009-04-07 08:51 21640 ----a-w d:\windows\system32\emptyregdb.dat
2009-04-07 08:46 . 2009-04-07 08:46 -------- d-----w d:\program files\Desktop
2009-04-07 08:45 . 2009-04-07 08:45 -------- d-----w d:\program files\Stanimir Stoyanov
2009-04-07 08:45 . 2009-04-07 08:45 -------- d-----w d:\program files\Windows Media Connect 2
2009-03-19 18:45 . 2009-03-19 18:45 55768 ----a-w d:\windows\system32\drivers\epfwtdi.sys
2009-03-19 18:45 . 2009-03-19 18:45 33096 ----a-w d:\windows\system32\drivers\epfwndis.sys
2009-03-19 18:45 . 2009-03-19 18:45 131976 ----a-w d:\windows\system32\drivers\epfw.sys
2009-03-19 18:44 . 2009-03-19 18:44 107256 ----a-w d:\windows\system32\drivers\ehdrv.sys
2009-03-19 18:41 . 2009-03-19 18:41 113960 ----a-w d:\windows\system32\drivers\eamon.sys
2009-03-09 12:03 . 2009-04-07 01:36 121984 ----a-w d:\windows\system32\drivers\Rtnicxp.sys
2009-03-06 14:22 . 2008-04-14 12:00 284160 ----a-w d:\windows\system32\pdh.dll
2009-03-03 19:18 . 2009-03-03 19:18 73728 ----a-w d:\windows\system32\RtNicProp32.dll
2009-03-03 00:17 . 2008-05-18 11:03 828416 ----a-w d:\windows\system32\wininet.dll
2009-02-26 04:59 . 2009-02-26 04:59 1316096 ----a-w d:\windows\system32\ooscrsav.scr
2009-02-26 04:59 . 2009-02-26 04:59 730368 ----a-w d:\windows\system32\oodsvct.exe
2009-02-26 04:59 . 2009-02-26 04:59 1352960 ----a-w d:\windows\system32\oodag.exe
2009-02-26 04:58 . 2009-02-26 04:58 2553088 ----a-w d:\windows\system32\oodtray.exe
2009-02-26 04:57 . 2009-02-26 04:57 194816 ----a-w d:\windows\system32\oodbs.exe
2009-02-26 04:53 . 2009-02-26 04:53 951552 ----a-w d:\windows\system32\oodtrrs.dll
2009-02-26 04:53 . 2009-02-26 04:53 541952 ----a-w d:\windows\system32\oodssrs.dll
2009-02-26 04:53 . 2009-02-26 04:53 9984 ----a-w d:\windows\system32\oodbsrs.dll
2009-02-26 04:53 . 2009-02-26 04:53 8448 ----a-w d:\windows\system32\OODAGRS.DLL
2009-02-26 04:52 . 2009-02-26 04:52 15616 ----a-w d:\windows\system32\OODAGMG.DLL
2009-02-25 22:58 . 2009-02-25 22:58 3565568 ----a-w d:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w d:\windows\system32\ATIDEMGX.dll
2009-02-25 21:41 . 2009-02-25 21:41 325120 ----a-w d:\windows\system32\ati2dvag.dll
2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w d:\windows\system32\atioglxx.dll
2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w d:\windows\system32\atipdlxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w d:\windows\system32\Oemdspif.dll
2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w d:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w d:\windows\system32\ati2edxx.dll
2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w d:\windows\system32\ati2evxx.dll
2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w d:\windows\system32\ati2evxx.exe
2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w d:\windows\system32\ATIDDC.DLL
2009-02-25 21:16 . 2009-02-25 21:16 3817984 ----a-w d:\windows\system32\ati3duag.dll
2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w d:\windows\system32\atiiiexx.dll
2009-02-25 20:59 . 2009-02-25 20:59 2670080 ----a-w d:\windows\system32\ativvaxx.dll
2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w d:\windows\system32\ativva6x.dat
2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w d:\windows\system32\ativva5x.dat
2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w d:\windows\system32\amdpcom32.dll
2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w d:\windows\system32\atikvmag.dll
2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w d:\windows\system32\atiadlxx.dll
2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w d:\windows\system32\atitvo32.dll
2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w d:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w d:\windows\system32\atiok3x2.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w d:\windows\system32\aticalrt.dll
2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w d:\windows\system32\aticalcl.dll
2009-02-25 20:32 . 2009-02-25 20:32 626688 ----a-w d:\windows\system32\ati2cqag.dll
2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w d:\windows\system32\aticaldd.dll
2009-02-24 03:05 . 2009-02-24 03:05 37896 ----a-w d:\windows\system32\drivers\oobctm.sys
2009-02-24 03:03 . 2009-02-24 03:03 15104 ----a-w d:\windows\system32\ootmapi.dll
2009-02-20 18:09 . 2008-05-18 11:03 78336 ----a-w d:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2008-04-14 12:00 729088 ----a-w d:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 12:00 714752 ----a-w d:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-04-14 12:00 617472 ----a-w d:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 12:00 401408 ----a-w d:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-04-14 12:00 1846784 ----a-w d:\windows\system32\win32k.sys
2009-02-06 11:11 . 2008-04-14 12:00 110592 ----a-w d:\windows\system32\services.exe
2009-02-06 11:06 . 2008-05-10 12:49 2145280 ----a-w d:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-04-14 12:00 35328 ----a-w d:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-13 23:01 2023936 ----a-w d:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2008-04-14 12:00 56832 ----a-w d:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"VolPanel"="d:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"OODefragTray"="d:\windows\system32\oodtray.exe" [2009-02-26 2553088]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"hasp-upd"="d:\windows\system32\hasp-upd.exe" [2009-05-01 147456]
"MSConfig"="d:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"CTHelper"="CTHELPER.EXE" - d:\windows\system32\CtHelper.exe [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - d:\windows\system32\Ctxfihlp.exe [2008-10-08 23552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - d:\windows\system32\advpack.dll [2009-02-20 124928]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^bf.exe]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\bf.exe
backup=d:\windows\pss\bf.exeCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^deploy.exe]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\deploy.exe
backup=d:\windows\pss\deploy.exeCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^pi.exe]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\pi.exe
backup=d:\windows\pss\pi.exeCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Kamui^Start Menu^Programs^Startup^bf.exe]
path=d:\documents and settings\Kamui\Start Menu\Programs\Startup\bf.exe
backup=d:\windows\pss\bf.exeStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Kamui^Start Menu^Programs^Startup^deploy.exe]
path=d:\documents and settings\Kamui\Start Menu\Programs\Startup\deploy.exe
backup=d:\windows\pss\deploy.exeStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Kamui^Start Menu^Programs^Startup^pi.exe]
path=d:\documents and settings\Kamui\Start Menu\Programs\Startup\pi.exe
backup=d:\windows\pss\pi.exeStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15594:TCP"= 15594:TCP:Torrents TCP
"15594:UDP"= 15594:UDP:Torrents UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;d:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-04-07 79360]
R3 CT20XUT;CT20XUT;d:\windows\system32\drivers\CT20XUT.SYS [2008-10-08 171032]
R3 CTEXFIFX;CTEXFIFX;d:\windows\system32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
R3 CTHWIUT;CTHWIUT;d:\windows\system32\drivers\CTHWIUT.SYS [2008-10-08 72728]
S1 ehdrv;ehdrv;d:\windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]
S2 ekrn;ESET Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [2009-03-19 731840]
S3 Alpham1;Ideazon ZBoard USB Human Interface Device;d:\windows\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]
S3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;d:\windows\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;d:\windows\system32\drivers\AtiHdmi.sys [2007-07-21 84992]
S3 CT20XUT.SYS;CT20XUT.SYS;d:\windows\System32\drivers\CT20XUT.SYS [2008-10-08 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;d:\windows\System32\drivers\CTEXFIFX.SYS [2008-10-08 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;d:\windows\System32\drivers\CTHWIUT.SYS [2008-10-08 72728]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MCHINJDRV
*NewlyCreated* - SRSERVICE
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1F1D60D0-5006-EF7B-6B1B-3093B83657EA}]
d:\windows\system32\hasp-upd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ABEE4349-A2C7-B91C-A18E-B1EDF97B9E5E}]
d:\program files\HASP\hasp-key.exe s
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-LClock - d:\program files\LClock\LClock.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - d:\documents and settings\Kamui\Application Data\Mozilla\Firefox\Profiles\y1hn9jbe.default\
FF - prefs.js: browser.startup.homepage - hxxp://gamefaqs.com
FF - plugin: d:\documents and settings\Kamui\Application Data\Mozilla\Firefox\Profiles\y1hn9jbe.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 22:59
Windows 5.1.2600 Service Pack 3, v.5755 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
hasp-upd = d:\windows\system32\hasp-upd.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="D958F7C32797721CE61F2AA56990BAC0392B9C277C23EA273215D164AB91C93F27E9783C7DB7E9EAA8D57BB4AA359DA09AD45AD9D631371B9E805B40269F23214D5F80091E2C4952BA4E5C84529E428D527A2856655D5CE07C5F3230DF7D6E0F1DE81E1F47DA7F1F540DE8E51552B6009A8D4DE3F4F0253AAA36ED9556505534393B5218CB6D32057B96ADC9BA983DD2800586EF5FF4104ADB8C97F41A86319D1A0F9332105039990F73B0471D82CAC6E65C830994BACE9995ECAAF8CFCF123C8BA1CC4F8FB4A257BE33681AADE009FC0312E8631AD3C995B3E7986BB220BBE42DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933163B9F61CFA8A7E050BA814AC21F525BA281F3A979A9A7E4A3F4409B1EC0EA3B06B856E04721DFABA10F86298820CB0B86A1C83713D08BF9A6859CCCDFFC32870A9DEF71ED60BD0E9740977F184757F4683A600269692CB43119246B1626C5AE384674116F0706D8D9F5597CF91023B2216097100A693E906DD08C71705384B42B0497CCBA66DF33144E96E6802BBD2E0D9DF1FB45005C5F0AC5B06E614D32ED0199A94B82045A1775593B18BFFA9F288D7014F2B08D86C6B60190861D11F4065D3FA5C4BE1CE3D5B21D577C909720B407CBC7B8A4241D3D2904CEEE1FD0DA7865A026042B9CD18F821221150D4CFDBAE115FB22BF8E68101EBF32F526725199C5DEE96AC428DCBC2126F0F89519D8770A25429A614991E1CE9B2578B28EAB0D2B0ED6EBD0959F27CEB943CFCF30B87872CB509FB003A6258072386A8CF3A1CDC9B47411556D1CEE4D21B957A3FA05A20DC9004495221BA477941CD33D22CE2858CFED759DF1B58566A599E03C130CAFD4D6CEAD3D3E45FBFBC328CE1251B340104F134BB812B6B1E3854AD00B4A7D27451B5F969925DE1C5EB7580B1E68B189AF1758547A76C88E967059A242A171EC5EB477CD5ED5864AEE1BCBCB3807914F7C7F566AF978FE8C510C78615C52DFB2263680B586053F1E828D43E9F8FC7DAE3954477991274B6AEC717BAF94472680A4A609444D9B6E867421A84DBFD0861A34D68B0160C50843C4AD5C426A2186B1667E438335B65F4221DD0478AD3B1ED5B938A7174B4870003741B6E1A1B025777C2C049103A5BFE6EABD06FDA92B9DFC9CA3C3E1765DA55EA822CC6DC3808BD4FA1346A0BFEE22DBB6B081035D42BFFD34B2AA1F505F2CF2823803541DCAA720FA0726F7B9C77EE0EE996B453753A319DBF5CD1F05636BA3ACE0E11DBC7F4C089853687100A0AC04814FE113E9EA4CE37072BE458A2FB02B1BEC96E07741AB0AF4B66FF96917ECAB5F1CA1CFEAC4224A56A0380A163E2C183EA2F0CCE467E1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
d:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2464)
d:\program files\ESET\ESET Smart Security\eplgHooks.dll
d:\windows\system32\wpdshserviceobj.dll
d:\windows\system32\portabledevicetypes.dll
d:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-05-01 22:59
ComboFix-quarantined-files.txt 2009-05-01 05:59

Pre-Run: 279,759,245,312 bytes free
Post-Run: 279,770,923,008 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff

309 --- E O F --- 2009-04-30 10:00

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:07:40 AM

Posted 01 May 2009 - 01:58 AM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I infected? What do I do? forum, explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users