Tech Support Forum - View Single Post

EastSport · 08-07-2007, 10:00 PM

ComboFix 07-08-07.6 - "User" 2007-08-07 22:48:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.101 [GMT -5:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\OpenOffice.org 2.2\homeqyx4444.dll
C:\Program Files\OpenOffice.org 2.2\homeqyx83122.dll
C:\Program Files\TTC.dll
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F3
C:\WINDOWS\TTC-4444.exe

((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))

2007-08-07 22:47 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 22:47 1,411,770 --a------ C:\ComboFix.exe
2007-08-07 22:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-07 22:16 812,344 --a------ C:\HJTInstall.exe
2007-08-07 21:27 164 --a------ C:\install.dat
2007-08-07 21:25 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\GetRightToGo
2007-08-07 16:15 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-08-07 16:15 249,072 --a------ C:\WINDOWS\UNINST16.EXE
2007-08-07 15:44 <DIR> d-------- C:\BEST250
2007-08-07 15:43 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL
2007-08-07 15:43 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2007-08-07 15:43 356,992 --a------ C:\WINDOWS\system\VBRUN200.DLL
2007-08-07 15:43 283,648 --a------ C:\WINDOWS\uninst.exe
2007-08-07 15:43 28,433 --a------ C:\WINDOWS\SETUP1.EXE
2007-08-07 15:43 271,264 --a------ C:\WINDOWS\system\VBRUN100.DLL
2007-08-07 15:43 <DIR> d-------- C:\DOCUME~1\User\WINDOWS
2007-08-06 18:31 <DIR> d-------- C:\Program Files\KONAMI
2007-08-05 16:38 <DIR> d-------- C:\Program Files\MTV Networks
2007-08-05 16:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-08-05 16:34 524,288 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-08-05 16:13 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-05 16:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-05 16:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-05 16:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-05 15:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-05 14:37 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-05 14:37 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-05 14:37 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-05 14:32 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-05 14:32 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-04 17:07 <DIR> d-------- C:\Program Files\Project64 1.6
2007-08-04 17:04 <DIR> d-------- C:\Program Files\7-Zip
2007-08-04 17:00 <DIR> d-------- C:\WINDOWS\system32\f02WtR
2007-08-04 17:00 <DIR> d-------- C:\WINDOWS\system32\configs
2007-08-04 17:00 <DIR> d-------- C:\Temp\fse
2007-08-04 17:00 <DIR> d-------- C:\Temp\1cb
2007-08-04 17:00 <DIR> d-------- C:\Temp
2007-08-04 13:03 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Google
2007-08-04 13:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-04 13:00 <DIR> d-------- C:\Program Files\Google
2007-08-04 12:18 12,219,983 --------- C:\AVG7QT.DAT

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 22:50 --------- d-------- C:\Program Files\OpenOffice.org 2.2
2007-08-07 22:14 --------- d-------- C:\Program Files\Online Services
2007-08-07 22:13 --------- d-------- C:\DOCUME~1\User\APPLIC~1\OpenOffice.org2
2007-08-06 19:54 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-06 18:32 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 15:54 --------- d-------- C:\Program Files\Messenger
2007-05-16 10:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 04:24 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2002-10-11 00:39 C:\WINDOWS\system32\pctspk.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-04 12:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 13:18]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:56]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]

S3 wlluc48;Wireless LAN PC Card Driver;C:\WINDOWS\system32\DRIVERS\wlluc48.sys

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 22:52:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 22:54:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-07 22:54

--- E O F ---

I have Windows XP in case that makes a difference.

08-07-2007, 10:00 PM	#3 (permalink)
EastSport Registered User Join Date: Aug 2007 Location: Alabama Posts: 60 OS: Windows XP sp 3	Re: "Trojan Horse Generic" ComboFix 07-08-07.6 - "User" 2007-08-07 22:48:21.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.101 [GMT -5:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe C:\Program Files\OpenOffice.org 2.2\homeqyx4444.dll C:\Program Files\OpenOffice.org 2.2\homeqyx83122.dll C:\Program Files\TTC.dll C:\WINDOWS\system32\driver C:\WINDOWS\system32\F2 C:\WINDOWS\system32\F3 C:\WINDOWS\TTC-4444.exe ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 ))))))))))))))))))))))))))))))) 2007-08-07 22:47 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-07 22:47 1,411,770 --a------ C:\ComboFix.exe 2007-08-07 22:17 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-07 22:16 812,344 --a------ C:\HJTInstall.exe 2007-08-07 21:27 164 --a------ C:\install.dat 2007-08-07 21:25 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\GetRightToGo 2007-08-07 16:15 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL 2007-08-07 16:15 249,072 --a------ C:\WINDOWS\UNINST16.EXE 2007-08-07 15:44 <DIR> d-------- C:\BEST250 2007-08-07 15:43 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL 2007-08-07 15:43 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL 2007-08-07 15:43 356,992 --a------ C:\WINDOWS\system\VBRUN200.DLL 2007-08-07 15:43 283,648 --a------ C:\WINDOWS\uninst.exe 2007-08-07 15:43 28,433 --a------ C:\WINDOWS\SETUP1.EXE 2007-08-07 15:43 271,264 --a------ C:\WINDOWS\system\VBRUN100.DLL 2007-08-07 15:43 <DIR> d-------- C:\DOCUME~1\User\WINDOWS 2007-08-06 18:31 <DIR> d-------- C:\Program Files\KONAMI 2007-08-05 16:38 <DIR> d-------- C:\Program Files\MTV Networks 2007-08-05 16:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-08-05 16:34 524,288 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT 2007-08-05 16:13 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-08-05 16:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-08-05 16:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-08-05 16:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-08-05 15:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage 2007-08-05 14:37 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-08-05 14:37 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-08-05 14:37 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-08-05 14:32 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-08-05 14:32 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-08-04 17:07 <DIR> d-------- C:\Program Files\Project64 1.6 2007-08-04 17:04 <DIR> d-------- C:\Program Files\7-Zip 2007-08-04 17:00 <DIR> d-------- C:\WINDOWS\system32\f02WtR 2007-08-04 17:00 <DIR> d-------- C:\WINDOWS\system32\configs 2007-08-04 17:00 <DIR> d-------- C:\Temp\fse 2007-08-04 17:00 <DIR> d-------- C:\Temp\1cb 2007-08-04 17:00 <DIR> d-------- C:\Temp 2007-08-04 13:03 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Google 2007-08-04 13:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google 2007-08-04 13:00 <DIR> d-------- C:\Program Files\Google 2007-08-04 12:18 12,219,983 --------- C:\AVG7QT.DAT (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-07 22:50 --------- d-------- C:\Program Files\OpenOffice.org 2.2 2007-08-07 22:14 --------- d-------- C:\Program Files\Online Services 2007-08-07 22:13 --------- d-------- C:\DOCUME~1\User\APPLIC~1\OpenOffice.org2 2007-08-06 19:54 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-08-06 18:32 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-05 15:54 --------- d-------- C:\Program Files\Messenger 2007-05-16 10:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 10:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 10:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 10:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 10:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-08 04:24 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCTVOICE"="pctspk.exe" [2002-10-11 00:39 C:\WINDOWS\system32\pctspk.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-04 12:18] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 13:18] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:56] C:\Documents and Settings\User\Start Menu\Programs\Startup\ OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56] S3 wlluc48;Wireless LAN PC Card Driver;C:\WINDOWS\system32\DRIVERS\wlluc48.sys ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-07 22:52:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-07 22:54:29 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-07 22:54 --- E O F --- I have Windows XP in case that makes a difference.