Thread: ldcore.dll popups and slow system running
View Single Post
Old 12-11-2007, 07:37 PM   #7 (permalink)
danCBJ85
Registered User
 
Join Date: Dec 2007
Posts: 8
OS: xp


Re: ldcore.dll popups and slow system running
ComboFix 07-12-12.3 - Daniel Getson 2007-12-11 17:31:43.1 - NTFSx86
Running from: C:\Documents and Settings\Daniel Getson\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\bkR11
C:\WINDOWS\cookies.ini
C:\WINDOWS\df87173.exe
C:\WINDOWS\hg173.exe
C:\WINDOWS\system32\awtrqrs.dll
C:\WINDOWS\system32\daSgo02
C:\WINDOWS\system32\fjoaxncq.exe
C:\WINDOWS\system32\fokjdutv.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\hnyespow.dll
C:\WINDOWS\system32\ihotgrlr.dll
C:\WINDOWS\system32\ilbvilea.dll
C:\WINDOWS\system32\jgrveapj.ini
C:\WINDOWS\system32\jhgmftec.dll
C:\WINDOWS\system32\jpaevrgj.dll
C:\WINDOWS\system32\kcesagrl.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\lgtgsrqr.dll
C:\WINDOWS\system32\lrgaseck.ini
C:\WINDOWS\system32\nejimglu.ini
C:\WINDOWS\system32\opnllkh.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pwylpuxt.dll
C:\WINDOWS\system32\qtrxphww.ini
C:\WINDOWS\system32\rlrgtohi.ini
C:\WINDOWS\system32\srhqokyb.dll
C:\WINDOWS\system32\ulgmijen.dll
C:\WINDOWS\system32\vtudjkof.ini
C:\WINDOWS\system32\wwhpxrtq.dll
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini2
C:\WINDOWS\system32\yxrfdkdu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.

2007-12-12 17:40 . 2007-12-12 17:40 80,448 --a------ C:\WINDOWS\system32\erauvyco.dll
2007-12-12 17:34 . 2007-12-12 17:34 74,304 --a------ C:\WINDOWS\system32\woekihhg.exe
2007-12-11 14:53 . 2007-12-11 14:53 <DIR> d-------- C:\Deckard
2007-12-11 14:52 . 2007-12-11 14:52 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-09 13:57 . 2007-12-09 13:57 834,100 --ahs---- C:\WINDOWS\system32\lvdkahbw.ini
2007-12-06 00:52 . 2007-12-06 01:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-06 00:52 . 2007-12-06 00:52 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-06 00:52 . 2007-12-06 00:52 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-06 00:52 . 2007-12-06 00:52 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-05 17:27 . 2007-12-06 17:27 831,777 --ahs---- C:\WINDOWS\system32\apenrsab.ini
2007-12-05 00:14 . 2007-12-11 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 23:55 . 2007-12-04 23:55 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-04 14:25 . 2007-12-05 17:21 669,139 --ahs---- C:\WINDOWS\system32\upalfxmm.ini
2007-12-04 10:23 . 2007-12-04 10:24 <DIR> d-------- C:\WINDOWS\system32\daSgo06
2007-12-03 23:11 . 2007-12-11 14:45 <DIR> d-------- C:\Documents and Settings\Daniel Getson\Application Data\U3
2007-12-03 15:33 . 2007-12-05 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-03 14:16 . 2007-12-06 01:05 <DIR> d-------- C:\Program Files\Spruce
2007-12-03 14:14 . 2007-12-12 17:41 <DIR> d-------- C:\Temp
2007-11-18 21:13 . 2007-12-11 13:13 24,415 --a------ C:\WINDOWS\system32\Config.MPF
2007-11-18 21:11 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-11-18 21:09 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-11-18 21:09 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-11-18 21:09 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-11-18 21:09 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-11-18 21:09 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-11-18 21:09 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-11-18 21:08 . 2007-11-18 21:09 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-18 21:08 . 2007-11-18 21:09 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-11-18 20:57 . 2007-11-18 21:12 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-11-18 20:57 . 2007-11-18 20:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-18 20:56 . 2007-11-18 21:12 <DIR> d-------- C:\Documents and Settings\Daniel Getson\Application Data\SiteAdvisor
2007-11-18 14:09 . 2007-11-18 20:49 <DIR> d-------- C:\Documents and Settings\Daniel Getson\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 18:11 --------- d-----w C:\Program Files\McAfee
2007-12-10 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-06 06:07 --------- d-----w C:\Program Files\Windows Defender
2007-12-06 06:06 --------- d-----w C:\Program Files\iTunes
2007-12-06 06:06 --------- d-----w C:\Program Files\AIM6
2007-12-06 06:05 --------- d-----w C:\Program Files\Google
2007-12-06 06:05 --------- d-----w C:\Program Files\Digital Line Detect
2007-12-06 06:05 --------- d-----w C:\Program Files\DellSupport
2007-12-06 06:05 --------- d-----w C:\Program Files\BAE
2007-12-03 20:33 --------- d-----w C:\Program Files\rFactor
2007-11-19 02:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-25 05:25 --------- d-----w C:\Program Files\AIM
2007-10-24 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-20 03:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-05-16 01:21 34,312 ----a-w C:\Documents and Settings\Daniel Getson\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54DE7259-C729-45B1-BBD8-4BE9B5BD8248}]
2007-11-29 10:28 401408 --a------ C:\Program Files\Spruce\Spruce.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffa89c70-edea-4578-8a07-d1b27241a20c}]
2007-12-12 17:40 80448 --a------ C:\WINDOWS\system32\erauvyco.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 15:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 13:43]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 05:00 C:\WINDOWS\system32\rundll32.exe]
"CTHelper"="CTHELPER.EXE" [2005-11-08 05:30 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-01 21:00 C:\WINDOWS\system32\CTXFIHLP.EXE]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-22 17:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-11 00:37]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-13 13:05]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29]

C:\Documents and Settings\Daniel Getson\Start Menu\Programs\Startup\
Spruce - Auto Update.lnk - C:\Program Files\Spruce\Spruce.exe [2007-12-03 14:15:49]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-07-21 12:08:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-04 15:43:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-30 23:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DAN-Daniel Getson).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-11-19 02:09:15 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-12-01 06:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-12-11 18:14:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 17:45:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-12 17:48:18 - machine was rebooted
.
2007-12-05 22:26:48 --- E O F ---


I copied and pasted everything in the file, so I dunno. Everything seems to be working well now so I think it was taken care of.
danCBJ85 is offline