Tech Support Forum - View Single Post

mohanlal2000 · 10-04-2007, 05:26 PM

Hi,

Here's the update:

(1) Ran fix.bat ----It ran for a minute or so.(said it cannot find the file) and then closed out. It no longer shows on my desktop

(2) Ran cfscript

Output of ComboFix.txt

ComboFix 07-10-04.5 - Administrator 10/04/2007 17:52:14.5 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.79 [GMT -4:00]
Running from: G:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: G:\Documents and Settings\Administrator\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\WINNT\system32\bivscagx.dll
G:\WINNT\system32\lypndyud.dll
G:\WINNT\system32\mkhxwxpf.dll
G:\WINNT\system32\rtvndrsa.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 18:00 16,384 --a----t- G:\WINNT\system32\Perflib_Perfdata_4b0.dat
2007-10-04 00:26 51,200 --a------ G:\WINNT\NirCmd.exe
2007-10-01 22:05 87,104 --------- G:\WINNT\system32\yyggsufs.dll
2007-10-01 22:05 87,104 --------- G:\WINNT\system32\lsuclnfq.dll
2007-10-01 22:02 87,104 --------- G:\WINNT\system32\wriwqpnl.dll
2007-10-01 22:02 87,104 --------- G:\WINNT\system32\cnqftivq.dll
2007-10-01 21:59 87,104 --------- G:\WINNT\system32\roivkwhv.dll
2007-10-01 21:59 87,104 --------- G:\WINNT\system32\iygqbexj.dll
2007-10-01 21:56 87,104 --------- G:\WINNT\system32\qhqrdatp.dll
2007-10-01 21:56 87,104 --------- G:\WINNT\system32\qeduvhdb.dll
2007-10-01 21:53 87,104 --------- G:\WINNT\system32\offglegc.dll
2007-10-01 21:53 87,104 --------- G:\WINNT\system32\gjatfvum.dll
2007-10-01 21:50 87,104 --------- G:\WINNT\system32\kyevgupy.dll
2007-10-01 21:50 87,104 --------- G:\WINNT\system32\gwodgcbg.dll
2007-10-01 21:47 87,104 --------- G:\WINNT\system32\quuwjwfo.dll
2007-10-01 21:47 87,104 --------- G:\WINNT\system32\bhjfpsan.dll
2007-10-01 21:44 87,104 --------- G:\WINNT\system32\hruthwsn.dll
2007-10-01 21:44 87,104 --------- G:\WINNT\system32\fvavyqds.dll
2007-10-01 21:42 87,104 --------- G:\WINNT\system32\lusrxvfn.dll
2007-10-01 21:42 87,104 --------- G:\WINNT\system32\lgtsgidi.dll
2007-10-01 21:38 87,104 --------- G:\WINNT\system32\eurtyesj.dll
2007-10-01 21:35 87,104 --------- G:\WINNT\system32\litpykwx.dll
2007-10-01 21:35 87,104 --------- G:\WINNT\system32\hvxooxgp.dll
2007-10-01 21:31 87,104 --------- G:\WINNT\system32\qvjkeosm.dll
2007-10-01 21:31 87,104 --------- G:\WINNT\system32\bvuhlaee.dll
2007-10-01 21:28 87,104 --------- G:\WINNT\system32\yjvmxdas.dll
2007-10-01 21:28 87,104 --------- G:\WINNT\system32\inyqvjov.dll
2007-10-01 21:25 87,104 --------- G:\WINNT\system32\xavsbaov.dll
2007-10-01 21:25 87,104 --------- G:\WINNT\system32\ptmkrnhd.dll
2007-10-01 21:22 87,104 --------- G:\WINNT\system32\nymqpqrg.dll
2007-10-01 21:22 87,104 --------- G:\WINNT\system32\fkrglfbr.dll
2007-10-01 21:19 87,104 --------- G:\WINNT\system32\txlyfbef.dll
2007-10-01 21:19 87,104 --------- G:\WINNT\system32\qfjavudw.dll
2007-10-01 21:16 87,104 --------- G:\WINNT\system32\ohghquvr.dll
2007-10-01 21:16 87,104 --------- G:\WINNT\system32\cmmpabwe.dll
2007-10-01 21:13 87,104 --------- G:\WINNT\system32\tpnhrdrl.dll
2007-10-01 21:13 87,104 --------- G:\WINNT\system32\gaiwgjma.dll
2007-10-01 21:10 87,104 --------- G:\WINNT\system32\ujvrdkrc.dll
2007-10-01 21:10 87,104 --------- G:\WINNT\system32\jalbbgib.dll
2007-10-01 21:07 87,104 --------- G:\WINNT\system32\xxteuidn.dll
2007-10-01 21:07 87,104 --------- G:\WINNT\system32\svrxqcgd.dll
2007-10-01 21:04 87,104 --------- G:\WINNT\system32\oipvkcea.dll
2007-10-01 21:04 87,104 --------- G:\WINNT\system32\oibgggbn.dll
2007-10-01 21:01 87,104 --------- G:\WINNT\system32\fhbblpuy.dll
2007-10-01 21:01 87,104 --------- G:\WINNT\system32\aklqnrje.dll
2007-10-01 20:58 87,104 --------- G:\WINNT\system32\psklumhh.dll
2007-10-01 20:58 87,104 --------- G:\WINNT\system32\ivociwvj.dll
2007-10-01 20:55 87,104 --------- G:\WINNT\system32\htevgmkp.dll
2007-10-01 20:55 87,104 --------- G:\WINNT\system32\ghopinwc.dll
2007-10-01 20:52 87,104 --------- G:\WINNT\system32\opeqouao.dll
2007-10-01 20:52 87,104 --------- G:\WINNT\system32\gdtjifyx.dll
2007-10-01 20:49 87,104 --------- G:\WINNT\system32\icsrebhe.dll
2007-10-01 20:49 87,104 --------- G:\WINNT\system32\hxefxvpq.dll
2007-10-01 20:46 87,104 --------- G:\WINNT\system32\shwxvsre.dll
2007-10-01 20:46 87,104 --------- G:\WINNT\system32\qwnvhrnm.dll
2007-10-01 20:43 87,104 --------- G:\WINNT\system32\nqtobhxe.dll
2007-10-01 20:43 87,104 --------- G:\WINNT\system32\ctxxdnhg.dll
2007-10-01 20:40 87,104 --------- G:\WINNT\system32\xcjmqrsa.dll
2007-10-01 20:40 87,104 --------- G:\WINNT\system32\hhkcxcmf.dll
2007-10-01 20:37 87,104 --------- G:\WINNT\system32\xdmypggo.dll
2007-10-01 20:37 87,104 --------- G:\WINNT\system32\vgjjtbyv.dll
2007-10-01 20:34 87,104 --------- G:\WINNT\system32\tchepvri.dll
2007-10-01 20:34 87,104 --------- G:\WINNT\system32\hikhvhab.dll
2007-10-01 20:31 87,104 --------- G:\WINNT\system32\ppjaaong.dll
2007-10-01 20:31 87,104 --------- G:\WINNT\system32\htgkstjr.dll
2007-10-01 20:31 87,104 --------- G:\WINNT\system32\cuuswqsk.dll
2007-10-01 20:28 87,104 --------- G:\WINNT\system32\ruaqdlka.dll
2007-10-01 20:25 87,104 --------- G:\WINNT\system32\xwylcxuo.dll
2007-10-01 20:22 87,104 --------- G:\WINNT\system32\gjbwjsgu.dll
2007-10-01 20:19 87,104 --------- G:\WINNT\system32\iamuhakk.dll
2007-10-01 20:16 87,104 --------- G:\WINNT\system32\riemfeeh.dll
2007-10-01 20:13 87,104 --------- G:\WINNT\system32\ewcotnkr.dll
2007-10-01 20:10 87,104 --------- G:\WINNT\system32\mfskrytk.dll
2007-10-01 20:07 87,104 --------- G:\WINNT\system32\wlqvlcju.dll
2007-10-01 20:04 87,104 --------- G:\WINNT\system32\vdlctiow.dll
2007-10-01 20:01 87,104 --------- G:\WINNT\system32\jsatqwtb.dll
2007-10-01 19:58 87,104 --------- G:\WINNT\system32\erjtxuup.dll
2007-10-01 19:55 87,104 --------- G:\WINNT\system32\txxdnexa.dll
2007-10-01 19:52 87,104 --------- G:\WINNT\system32\ghpoindo.dll
2007-10-01 19:49 87,104 --------- G:\WINNT\system32\ekuvipoi.dll
2007-10-01 19:46 87,104 --------- G:\WINNT\system32\dpahtugk.dll
2007-10-01 19:43 87,104 --------- G:\WINNT\system32\cwhgscpj.dll
2007-10-01 19:40 87,104 --------- G:\WINNT\system32\xhvlulcf.dll
2007-10-01 19:37 87,104 --------- G:\WINNT\system32\sxlnoynq.dll
2007-10-01 19:34 87,104 --------- G:\WINNT\system32\ruiaxmev.dll
2007-10-01 19:31 87,104 --------- G:\WINNT\system32\qnhmfklh.dll
2007-10-01 19:28 87,104 --------- G:\WINNT\system32\nidetfyv.dll
2007-10-01 19:25 87,104 --------- G:\WINNT\system32\rmqvvjxt.dll
2007-10-01 19:22 87,104 --------- G:\WINNT\system32\ydlgvdms.dll
2007-10-01 19:19 87,104 --------- G:\WINNT\system32\vvlsrtde.dll
2007-10-01 19:16 87,104 --------- G:\WINNT\system32\ftagujyy.dll
2007-10-01 19:13 87,104 --------- G:\WINNT\system32\nnqlaftj.dll
2007-10-01 19:10 87,104 --------- G:\WINNT\system32\nwvcglok.dll
2007-10-01 19:10 87,104 --------- G:\WINNT\system32\cftohyqf.dll
2007-10-01 19:07 87,104 --------- G:\WINNT\system32\yfluxlpb.dll
2007-10-01 19:07 87,104 --------- G:\WINNT\system32\tebvclxe.dll
2007-10-01 19:04 87,104 --------- G:\WINNT\system32\hpctiefw.dll
2007-10-01 18:39 87,104 --a------ G:\WINNT\system32\hbhawbnq.dll
2007-10-01 18:27 87,104 --a------ G:\WINNT\system32\vcysvdux.dll
2007-10-01 18:27 87,104 --a------ G:\WINNT\system32\kmkxjgbv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
07-10-04 17:44 --------- d-------- G:\Program Files\Common Files\Symantec Shared
07-10-04 00:12 --------- d-------- G:\Program Files\eMule
07-10-03 19:57 --------- d-------- G:\Documents and Settings\Administrator\Application Data\uTorrent
07-10-02 22:52 --------- d-------- G:\Program Files\vso
07-10-02 22:52 --------- d-------- G:\Program Files\RogueRemover FREE
07-10-01 12:26 --------- d-------- G:\Documents and Settings\Administrator\Application Data\RipIt4Me
07-09-28 17:26 --------- d-------- G:\Program Files\Media
07-09-28 17:18 --------- d-a------ G:\Program Files\Lycos
07-09-28 17:18 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Lycos
07-09-21 23:06 --------- d-------- G:\Documents and Settings\All Users\Application Data\DVD Shrink
07-09-08 09:08 --------- d-------- G:\Documents and Settings\Administrator\Application Data\SopCast
07-08-29 22:33 --------- d-------- G:\Program Files\SopCast
07-08-29 22:30 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Azureus
07-08-12 01:10 --------- d-------- G:\Program Files\SatFinder
07-07-16 17:54 73216 --a------ G:\WINNT\ST6UNST.EXE
07-07-16 17:54 249856 --------- G:\WINNT\Setup1.exe
03-01-04 20:18 271 ---h----- G:\Program Files\desktop.ini
03-01-04 20:18 21952 ---h----- G:\Program Files\folder.htt
02-04-16 09:17 61440 --a------ G:\WINNT\inf\i386\twotUSD.dll
02-04-16 09:16 61440 --a------ G:\WINNT\inf\i386\onetUSD.dll
02-04-16 09:16 57344 --a------ G:\WINNT\inf\i386\twotCPL.dll
01-08-15 15:21 15716 --a------ G:\WINNT\inf\i386\Pmxscan.sys
00-07-26 08:00 32528 --a------ G:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [00-07-26 08:00 G:\WINNT\system32\mobsync.exe]
"AVG7_CC"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-09-14 09:58 ]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [06-12-15 04:23 ]
"PrinTray"="G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe" [01-01-09 13:47 ]
"PCTVOICE"="pctspk.exe" [01-08-30 15:33 G:\WINNT\system32\pctspk.exe]
"Advanced Tools Check"="G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [02-08-26 22:35 ]
"StrgSync.exe"="G:\Storage Sync\StrgSync.exe" [05-10-07 23:01 ]
"OneTouch Monitor"="G:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [02-04-16 09:12 ]
"ccRegVfy"="G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [03-07-17 11:16 ]
"ccApp"="G:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-07-17 11:16 ]
"UnlockerAssistant"="G:\Program Files\Unlocker\UnlockerAssistant.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="G:\Program Files\Yahoo!\Messenger\ypager.exe" [05-12-08 14:55 ]
"PopUpStopperFreeEdition"="G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03-04-29 11:40 ]
"Uniblue RegistryBooster 2"="G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00]

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R1 Avg7RsNT;AVG7 Rezident Driver;G:\WINNT\system32\Drivers\avg7rsnt.sys
R2 ppsio2;PPDevice;G:\WINNT\system32\drivers\ppsio2.sys
R3 allegro;ESS Allegro Audio Driver (WDM);G:\WINNT\system32\drivers\es198x.sys
R3 NeroCd2k;NeroCd2k;G:\WINNT\system32\drivers\NeroCd2k.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\G:\WINNT\System32\Drivers\NPDRIVER.SYS
S1 EACMOS;EACMOS;G:\WINNT\system32\drivers\EACMOS.SYS
S3 EN1207D;Accton EN1207D/EN2242A Series PCI Fast Ethernet Adapter Win2000 Driver;G:\WINNT\system32\DRIVERS\ACC07D5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 11:11:17 G:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-10-04 22:01:48 G:\WINNT\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 18:00:35
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-04 18:03:36 - machine was rebooted
G:\ComboFix-quarantined-files.txt ... 07-10-04 18:02
G:\ComboFix2.txt ... 07-10-04 07:23
.
--- E O F ---

Also attaching the zipped file: [4]-Submit_Thu 10-04-2007@17.52.zip

Thanks for all your ongoing help!!

10-04-2007, 05:26 PM	#13 (permalink)
mohanlal2000 Registered User Join Date: Oct 2007 Posts: 13 OS: WIN 2000	Re: Machine Slow Down and Popups galore Hi, Here's the update: (1) Ran fix.bat ----It ran for a minute or so.(said it cannot find the file) and then closed out. It no longer shows on my desktop (2) Ran cfscript Output of ComboFix.txt ComboFix 07-10-04.5 - Administrator 10/04/2007 17:52:14.5 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.79 [GMT -4:00] Running from: G:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: G:\Documents and Settings\Administrator\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . G:\WINNT\system32\bivscagx.dll G:\WINNT\system32\lypndyud.dll G:\WINNT\system32\mkhxwxpf.dll G:\WINNT\system32\rtvndrsa.dll . ((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))) . 2007-10-04 18:00 16,384 --a----t- G:\WINNT\system32\Perflib_Perfdata_4b0.dat 2007-10-04 00:26 51,200 --a------ G:\WINNT\NirCmd.exe 2007-10-01 22:05 87,104 --------- G:\WINNT\system32\yyggsufs.dll 2007-10-01 22:05 87,104 --------- G:\WINNT\system32\lsuclnfq.dll 2007-10-01 22:02 87,104 --------- G:\WINNT\system32\wriwqpnl.dll 2007-10-01 22:02 87,104 --------- G:\WINNT\system32\cnqftivq.dll 2007-10-01 21:59 87,104 --------- G:\WINNT\system32\roivkwhv.dll 2007-10-01 21:59 87,104 --------- G:\WINNT\system32\iygqbexj.dll 2007-10-01 21:56 87,104 --------- G:\WINNT\system32\qhqrdatp.dll 2007-10-01 21:56 87,104 --------- G:\WINNT\system32\qeduvhdb.dll 2007-10-01 21:53 87,104 --------- G:\WINNT\system32\offglegc.dll 2007-10-01 21:53 87,104 --------- G:\WINNT\system32\gjatfvum.dll 2007-10-01 21:50 87,104 --------- G:\WINNT\system32\kyevgupy.dll 2007-10-01 21:50 87,104 --------- G:\WINNT\system32\gwodgcbg.dll 2007-10-01 21:47 87,104 --------- G:\WINNT\system32\quuwjwfo.dll 2007-10-01 21:47 87,104 --------- G:\WINNT\system32\bhjfpsan.dll 2007-10-01 21:44 87,104 --------- G:\WINNT\system32\hruthwsn.dll 2007-10-01 21:44 87,104 --------- G:\WINNT\system32\fvavyqds.dll 2007-10-01 21:42 87,104 --------- G:\WINNT\system32\lusrxvfn.dll 2007-10-01 21:42 87,104 --------- G:\WINNT\system32\lgtsgidi.dll 2007-10-01 21:38 87,104 --------- G:\WINNT\system32\eurtyesj.dll 2007-10-01 21:35 87,104 --------- G:\WINNT\system32\litpykwx.dll 2007-10-01 21:35 87,104 --------- G:\WINNT\system32\hvxooxgp.dll 2007-10-01 21:31 87,104 --------- G:\WINNT\system32\qvjkeosm.dll 2007-10-01 21:31 87,104 --------- G:\WINNT\system32\bvuhlaee.dll 2007-10-01 21:28 87,104 --------- G:\WINNT\system32\yjvmxdas.dll 2007-10-01 21:28 87,104 --------- G:\WINNT\system32\inyqvjov.dll 2007-10-01 21:25 87,104 --------- G:\WINNT\system32\xavsbaov.dll 2007-10-01 21:25 87,104 --------- G:\WINNT\system32\ptmkrnhd.dll 2007-10-01 21:22 87,104 --------- G:\WINNT\system32\nymqpqrg.dll 2007-10-01 21:22 87,104 --------- G:\WINNT\system32\fkrglfbr.dll 2007-10-01 21:19 87,104 --------- G:\WINNT\system32\txlyfbef.dll 2007-10-01 21:19 87,104 --------- G:\WINNT\system32\qfjavudw.dll 2007-10-01 21:16 87,104 --------- G:\WINNT\system32\ohghquvr.dll 2007-10-01 21:16 87,104 --------- G:\WINNT\system32\cmmpabwe.dll 2007-10-01 21:13 87,104 --------- G:\WINNT\system32\tpnhrdrl.dll 2007-10-01 21:13 87,104 --------- G:\WINNT\system32\gaiwgjma.dll 2007-10-01 21:10 87,104 --------- G:\WINNT\system32\ujvrdkrc.dll 2007-10-01 21:10 87,104 --------- G:\WINNT\system32\jalbbgib.dll 2007-10-01 21:07 87,104 --------- G:\WINNT\system32\xxteuidn.dll 2007-10-01 21:07 87,104 --------- G:\WINNT\system32\svrxqcgd.dll 2007-10-01 21:04 87,104 --------- G:\WINNT\system32\oipvkcea.dll 2007-10-01 21:04 87,104 --------- G:\WINNT\system32\oibgggbn.dll 2007-10-01 21:01 87,104 --------- G:\WINNT\system32\fhbblpuy.dll 2007-10-01 21:01 87,104 --------- G:\WINNT\system32\aklqnrje.dll 2007-10-01 20:58 87,104 --------- G:\WINNT\system32\psklumhh.dll 2007-10-01 20:58 87,104 --------- G:\WINNT\system32\ivociwvj.dll 2007-10-01 20:55 87,104 --------- G:\WINNT\system32\htevgmkp.dll 2007-10-01 20:55 87,104 --------- G:\WINNT\system32\ghopinwc.dll 2007-10-01 20:52 87,104 --------- G:\WINNT\system32\opeqouao.dll 2007-10-01 20:52 87,104 --------- G:\WINNT\system32\gdtjifyx.dll 2007-10-01 20:49 87,104 --------- G:\WINNT\system32\icsrebhe.dll 2007-10-01 20:49 87,104 --------- G:\WINNT\system32\hxefxvpq.dll 2007-10-01 20:46 87,104 --------- G:\WINNT\system32\shwxvsre.dll 2007-10-01 20:46 87,104 --------- G:\WINNT\system32\qwnvhrnm.dll 2007-10-01 20:43 87,104 --------- G:\WINNT\system32\nqtobhxe.dll 2007-10-01 20:43 87,104 --------- G:\WINNT\system32\ctxxdnhg.dll 2007-10-01 20:40 87,104 --------- G:\WINNT\system32\xcjmqrsa.dll 2007-10-01 20:40 87,104 --------- G:\WINNT\system32\hhkcxcmf.dll 2007-10-01 20:37 87,104 --------- G:\WINNT\system32\xdmypggo.dll 2007-10-01 20:37 87,104 --------- G:\WINNT\system32\vgjjtbyv.dll 2007-10-01 20:34 87,104 --------- G:\WINNT\system32\tchepvri.dll 2007-10-01 20:34 87,104 --------- G:\WINNT\system32\hikhvhab.dll 2007-10-01 20:31 87,104 --------- G:\WINNT\system32\ppjaaong.dll 2007-10-01 20:31 87,104 --------- G:\WINNT\system32\htgkstjr.dll 2007-10-01 20:31 87,104 --------- G:\WINNT\system32\cuuswqsk.dll 2007-10-01 20:28 87,104 --------- G:\WINNT\system32\ruaqdlka.dll 2007-10-01 20:25 87,104 --------- G:\WINNT\system32\xwylcxuo.dll 2007-10-01 20:22 87,104 --------- G:\WINNT\system32\gjbwjsgu.dll 2007-10-01 20:19 87,104 --------- G:\WINNT\system32\iamuhakk.dll 2007-10-01 20:16 87,104 --------- G:\WINNT\system32\riemfeeh.dll 2007-10-01 20:13 87,104 --------- G:\WINNT\system32\ewcotnkr.dll 2007-10-01 20:10 87,104 --------- G:\WINNT\system32\mfskrytk.dll 2007-10-01 20:07 87,104 --------- G:\WINNT\system32\wlqvlcju.dll 2007-10-01 20:04 87,104 --------- G:\WINNT\system32\vdlctiow.dll 2007-10-01 20:01 87,104 --------- G:\WINNT\system32\jsatqwtb.dll 2007-10-01 19:58 87,104 --------- G:\WINNT\system32\erjtxuup.dll 2007-10-01 19:55 87,104 --------- G:\WINNT\system32\txxdnexa.dll 2007-10-01 19:52 87,104 --------- G:\WINNT\system32\ghpoindo.dll 2007-10-01 19:49 87,104 --------- G:\WINNT\system32\ekuvipoi.dll 2007-10-01 19:46 87,104 --------- G:\WINNT\system32\dpahtugk.dll 2007-10-01 19:43 87,104 --------- G:\WINNT\system32\cwhgscpj.dll 2007-10-01 19:40 87,104 --------- G:\WINNT\system32\xhvlulcf.dll 2007-10-01 19:37 87,104 --------- G:\WINNT\system32\sxlnoynq.dll 2007-10-01 19:34 87,104 --------- G:\WINNT\system32\ruiaxmev.dll 2007-10-01 19:31 87,104 --------- G:\WINNT\system32\qnhmfklh.dll 2007-10-01 19:28 87,104 --------- G:\WINNT\system32\nidetfyv.dll 2007-10-01 19:25 87,104 --------- G:\WINNT\system32\rmqvvjxt.dll 2007-10-01 19:22 87,104 --------- G:\WINNT\system32\ydlgvdms.dll 2007-10-01 19:19 87,104 --------- G:\WINNT\system32\vvlsrtde.dll 2007-10-01 19:16 87,104 --------- G:\WINNT\system32\ftagujyy.dll 2007-10-01 19:13 87,104 --------- G:\WINNT\system32\nnqlaftj.dll 2007-10-01 19:10 87,104 --------- G:\WINNT\system32\nwvcglok.dll 2007-10-01 19:10 87,104 --------- G:\WINNT\system32\cftohyqf.dll 2007-10-01 19:07 87,104 --------- G:\WINNT\system32\yfluxlpb.dll 2007-10-01 19:07 87,104 --------- G:\WINNT\system32\tebvclxe.dll 2007-10-01 19:04 87,104 --------- G:\WINNT\system32\hpctiefw.dll 2007-10-01 18:39 87,104 --a------ G:\WINNT\system32\hbhawbnq.dll 2007-10-01 18:27 87,104 --a------ G:\WINNT\system32\vcysvdux.dll 2007-10-01 18:27 87,104 --a------ G:\WINNT\system32\kmkxjgbv.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 07-10-04 17:44 --------- d-------- G:\Program Files\Common Files\Symantec Shared 07-10-04 00:12 --------- d-------- G:\Program Files\eMule 07-10-03 19:57 --------- d-------- G:\Documents and Settings\Administrator\Application Data\uTorrent 07-10-02 22:52 --------- d-------- G:\Program Files\vso 07-10-02 22:52 --------- d-------- G:\Program Files\RogueRemover FREE 07-10-01 12:26 --------- d-------- G:\Documents and Settings\Administrator\Application Data\RipIt4Me 07-09-28 17:26 --------- d-------- G:\Program Files\Media 07-09-28 17:18 --------- d-a------ G:\Program Files\Lycos 07-09-28 17:18 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Lycos 07-09-21 23:06 --------- d-------- G:\Documents and Settings\All Users\Application Data\DVD Shrink 07-09-08 09:08 --------- d-------- G:\Documents and Settings\Administrator\Application Data\SopCast 07-08-29 22:33 --------- d-------- G:\Program Files\SopCast 07-08-29 22:30 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Azureus 07-08-12 01:10 --------- d-------- G:\Program Files\SatFinder 07-07-16 17:54 73216 --a------ G:\WINNT\ST6UNST.EXE 07-07-16 17:54 249856 --------- G:\WINNT\Setup1.exe 03-01-04 20:18 271 ---h----- G:\Program Files\desktop.ini 03-01-04 20:18 21952 ---h----- G:\Program Files\folder.htt 02-04-16 09:17 61440 --a------ G:\WINNT\inf\i386\twotUSD.dll 02-04-16 09:16 61440 --a------ G:\WINNT\inf\i386\onetUSD.dll 02-04-16 09:16 57344 --a------ G:\WINNT\inf\i386\twotCPL.dll 01-08-15 15:21 15716 --a------ G:\WINNT\inf\i386\Pmxscan.sys 00-07-26 08:00 32528 --a------ G:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [00-07-26 08:00 G:\WINNT\system32\mobsync.exe] "AVG7_CC"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-09-14 09:58 ] "SunJavaUpdateSched"="G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [06-12-15 04:23 ] "PrinTray"="G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe" [01-01-09 13:47 ] "PCTVOICE"="pctspk.exe" [01-08-30 15:33 G:\WINNT\system32\pctspk.exe] "Advanced Tools Check"="G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [02-08-26 22:35 ] "StrgSync.exe"="G:\Storage Sync\StrgSync.exe" [05-10-07 23:01 ] "OneTouch Monitor"="G:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [02-04-16 09:12 ] "ccRegVfy"="G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [03-07-17 11:16 ] "ccApp"="G:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-07-17 11:16 ] "UnlockerAssistant"="G:\Program Files\Unlocker\UnlockerAssistant.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="G:\Program Files\Yahoo!\Messenger\ypager.exe" [05-12-08 14:55 ] "PopUpStopperFreeEdition"="G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03-04-29 11:40 ] "Uniblue RegistryBooster 2"="G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe G:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00] G:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R1 Avg7RsNT;AVG7 Rezident Driver;G:\WINNT\system32\Drivers\avg7rsnt.sys R2 ppsio2;PPDevice;G:\WINNT\system32\drivers\ppsio2.sys R3 allegro;ESS Allegro Audio Driver (WDM);G:\WINNT\system32\drivers\es198x.sys R3 NeroCd2k;NeroCd2k;G:\WINNT\system32\drivers\NeroCd2k.sys R3 NPDriver;Norton Unerase Protection Driver;\??\G:\WINNT\System32\Drivers\NPDRIVER.SYS S1 EACMOS;EACMOS;G:\WINNT\system32\drivers\EACMOS.SYS S3 EN1207D;Accton EN1207D/EN2242A Series PCI Fast Ethernet Adapter Win2000 Driver;G:\WINNT\system32\DRIVERS\ACC07D5.SYS . Contents of the 'Scheduled Tasks' folder "2007-10-02 11:11:17 G:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job" "2007-10-04 22:01:48 G:\WINNT\Tasks\Symantec NetDetect.job" . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-04 18:00:35 Windows 5.0.2195 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2007-10-04 18:03:36 - machine was rebooted G:\ComboFix-quarantined-files.txt ... 07-10-04 18:02 G:\ComboFix2.txt ... 07-10-04 07:23 . --- E O F --- Also attaching the zipped file: [4]-Submit_Thu 10-04-2007@17.52.zip Thanks for all your ongoing help!! Last edited by sUBs; 10-04-2007 at 05:34 PM.