thanks for your reply. yes i do see that the site is extremly busy but atleast you replied and thats great. here is what you requested for
This is the combofix txt:
ComboFix 07-12-02.6 - KeZiAh 2007-12-06 9:59:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.151 [GMT 13:00]
Running from: C:\Documents and Settings\KeZiAh\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\KeZiAh\Application Data\macromedia\Flash Player\#SharedObjects\V7B8Y6NZ\iforex.com
C:\Documents and Settings\KeZiAh\Application Data\macromedia\Flash Player\#SharedObjects\V7B8Y6NZ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\KeZiAh\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\KeZiAh\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\argdausm.ini
C:\WINDOWS\system32\fnfucbkd.dll
C:\WINDOWS\system32\gfohijca.dll
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini2
C:\WINDOWS\system32\msuadgra.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\x4
C:\WINDOWS\system32\z1
C:\WINDOWS\Fonts\'
.
((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.
2007-12-05 00:17 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-05 00:17 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-05 00:17 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-05 00:17 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-05 00:17 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-03 19:23 . 2007-12-04 00:01 787,144 --ahs---- C:\WINDOWS\system32\ssrscwtv.ini
2007-12-01 14:12 . 2007-12-01 14:12 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-01 14:09 . 2007-12-01 14:09 <DIR> d-------- C:\Deckard
2007-12-01 13:54 . 2007-12-01 13:54 <DIR> d-------- C:\ie-spyad_zo
2007-12-01 13:48 . 2007-12-03 21:06 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-01 12:26 . 2007-12-01 12:29 477,286,400 --a------ C:\34D.tmp
2007-12-01 11:58 . 2007-12-01 12:59 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-01 11:58 . 2007-12-01 12:59 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-01 10:01 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-01 10:01 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-01 10:01 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-01 00:08 . 2007-12-03 19:16 793,389 --ahs---- C:\WINDOWS\system32\vjflejul.ini
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-29 23:09 . 2007-11-29 23:03 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-29 23:03 . 2007-12-06 00:15 <DIR> d-------- C:\Documents and Settings\KeZiAh\.housecall6.6
2007-11-28 23:04 . 2007-11-30 23:58 792,965 --ahs---- C:\WINDOWS\system32\hpnpjluh.ini
2007-11-27 21:35 . 2007-11-27 21:35 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-27 20:47 . 2007-12-05 00:18 5,028 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-27 18:41 . 2007-11-27 18:41 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-11-27 12:54 . 2007-12-05 00:20 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-11-27 11:23 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2007-11-27 11:23 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2007-11-27 11:18 . 2007-11-27 11:20 16 --a------ C:\WINDOWS\system32\coh.cache
2007-11-27 11:02 . 2007-12-01 13:24 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-11-27 11:00 . 2007-12-05 23:32 <DIR> d-------- C:\Program Files\Symantec
2007-11-27 11:00 . 2007-12-05 23:31 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-27 11:00 . 2007-12-05 23:31 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-27 11:00 . 2007-12-05 23:32 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-27 11:00 . 2007-12-05 23:32 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-27 00:35 . 2007-11-27 00:35 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-27 00:32 . 2007-11-27 00:32 120 --a------ C:\n.bat
2007-11-27 00:30 . 2007-11-27 00:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 20:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-05 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-01 00:26 --------- d-----w C:\Program Files\Winamp
2007-12-01 00:24 --------- d-----w C:\Program Files\Protector Suite QL
2007-12-01 00:22 --------- d-----w C:\Program Files\iTunes
2007-12-01 00:21 --------- d-----w C:\Program Files\Google
2007-11-30 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-26 12:25 --------- d-----w C:\Program Files\QuickTime
2007-10-26 09:38 --------- d-----w C:\Program Files\Picasa2
2007-09-10 08:02 73,216 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2007-08-09 08:51 280 ----a-w C:\Documents and Settings\KeZiAh\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED4AB95E-5E4E-4526-349A-F4A5766F6195}]
C:\Program Files\Windows Media Player\zykiz.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 21:32]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 01:00]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-02-22 16:18]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 19:27]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-07-16 16:17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 11:29 C:\WINDOWS\agrsmmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 20:49 C:\WINDOWS\RTHDCPL.exe]
"NDSTray.exe"="NDSTray.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-07 02:20]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 13:13]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-12-01 09:25]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-06 11:02]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-03-12 12:03 C:\WINDOWS\system32\TDispVol.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 21:02]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 18:55]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 18:52]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 18:55]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-05-05 17:36]
"TPSMain"="TPSMain.exe" [2005-05-31 21:00 C:\WINDOWS\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-22 06:38]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-01 19:33]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 07:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 19:44]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-05 15:05]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-06-26 18:00]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" []
C:\Documents and Settings\KeZiAh\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-12 18:57:52]
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-08-18 08:44:26]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-03 19:19:10]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-23 00:27:56]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-03-07 11:58:25]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-05-05 17:48 40448 C:\WINDOWS\system32\psqlpwd.dll
.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 22:11:26 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - KeZiAh.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-12-06 10:10:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-12-06 10:12:30 - machine was rebooted
.
--- E O F ---
This is the VirusTotal Result:
File cadkasdeinst01e.exe received on 12.05.2007 22:15:00 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.12.6.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 -
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.05 -
BitDefender 7.2 2007.12.05 -
CAT-QuickHeal 9.00 2007.12.05 -
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.05 -
eSafe 7.0.15.0 2007.12.05 -
eTrust-Vet 31.3.5353 2007.12.05 -
Ewido 4.0 2007.12.05 -
FileAdvisor 1 2007.12.05 -
Fortinet 3.14.0.0 2007.12.05 -
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.05 -
Ikarus T3.1.1.12 2007.12.05 -
Kaspersky 7.0.0.125 2007.12.05 -
McAfee 5178 2007.12.05 -
Microsoft 1.3007 2007.12.05 -
NOD32v2 2701 2007.12.05 -
Norman 5.80.02 2007.12.05 -
Panda 9.0.0.4 2007.12.05 -
Prevx1 V2 2007.12.05 -
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 -
Sunbelt 2.2.907.0 2007.12.05 -
Symantec 10 2007.12.05 -
TheHacker 6.2.9.151 2007.12.05 -
VBA32 3.12.2.5 2007.12.05 -
VirusBuster 4.3.26:9 2007.12.05 -
Webwasher-Gateway 6.6.2 2007.12.05 -
Additional information
File size: 73216 bytes
MD5: 63af89ba5b6fa700416a71975c2078da
SHA1: 3ee249fd571df072f564f287b9de2ddf8c46231b
PEiD: -