Tech Support Forum - View Single Post

traejaqun · 02-29-2008, 09:37 AM

Hello, my name is Trae and im having problems with my computer, spyware pop-ups wont stop, they make my computer run slower and close out my browser sometimes. I tried the combofix and it stopped for about a hour and restarted but this time its different anti spyware programs on my computer that wont let me delete them. They all tell me my computer has a infection and I need to register there program to get rid of it. Not sure what this means but this was the notepad from the combofix

ComboFix 08-02-25.3 - Owner 2002-05-04 4:09:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.215 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\SSTEM3~1
C:\Documents and Settings\Owner\Application Data\WNSXS~1
C:\Documents and Settings\Owner\My Documents\YSTEM~1
C:\Documents and Settings\Owner\My Documents\YSTEM~1\?hkntfs.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\asembl~1\n?pdb.exe
C:\Program Files\Common Files\iikw
C:\Program Files\Common Files\iikw\iikwa.exe
C:\Program Files\Common Files\iikw\iikwa.lck
C:\Program Files\Common Files\iikw\iikwd\class-barrel
C:\Program Files\Common Files\iikw\iikwd\iikwc.dll
C:\Program Files\Common Files\iikw\iikwd\vocabulary
C:\Program Files\Common Files\iikw\iikwh
C:\Program Files\Common Files\iikw\iikwl.exe
C:\Program Files\Common Files\iikw\iikwl.lck
C:\Program Files\Common Files\iikw\iikwm.exe
C:\Program Files\Common Files\iikw\iikwm.lck
C:\Program Files\Common Files\iikw\iikwp.exe
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\MTE3MTk6ODoxNg.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Online Services\nipys4444.dll
C:\Program Files\Online Services\nipys455101.dll
C:\Program Files\Online Services\nipys83122.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Router
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERIns.exe
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\Windows NT\rybimoc.dll
C:\Program Files\Windows NT\rybimoc594.dll
C:\Program Files\Windows NT\rybimoc68.dll
C:\Program Files\Windows NT\rybimoc816.dll
C:\Program Files\ystem~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b116.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\b154.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\fnts~1
C:\WINDOWS\iikw
C:\WINDOWS\iikw\iikw.dat
C:\WINDOWS\iikw\wu
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\NTE1MA\
C:\WINDOWS\NTE1MA\\asappsrv.dll
C:\WINDOWS\NTE1MA\\command.exe
C:\WINDOWS\NTE1MA\\hnHYgE.vbs
C:\WINDOWS\NTE1MA\command.exe
C:\WINDOWS\racle~1
C:\WINDOWS\racle~1\?racle\
C:\WINDOWS\racle~1\netdde.exe
C:\WINDOWS\sembly~1
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\aohiasxi.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\ddcbxxx.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\imagesrvv.sys
C:\WINDOWS\system32\eom.dll
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\eybptefa.ini
C:\WINDOWS\system32\fccaayx.dll
C:\WINDOWS\system32\fccyyxw.dll
C:\WINDOWS\system32\gebabca.dll
C:\WINDOWS\system32\gebxwxw.dll
C:\WINDOWS\system32\hgghiih.dll
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\ixsaihoa.ini
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.ini2
C:\WINDOWS\system32\jkkjiif.dll
C:\WINDOWS\system32\jkkljji.dll
C:\WINDOWS\system32\jkklllj.dll
C:\WINDOWS\system32\jrykubwu.dll
C:\WINDOWS\system32\khfeebc.dll
C:\WINDOWS\system32\khffgda.dll
C:\WINDOWS\system32\lcsbbeok.dll
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\nnnkklk.dll
C:\WINDOWS\system32\omotnbvs.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnnnkj.dll
C:\WINDOWS\system32\qbqitrxw.dll
C:\WINDOWS\system32\rqrsspo.dll
C:\WINDOWS\system32\rqrstrr.dll
C:\WINDOWS\system32\safwldbr.dll
C:\WINDOWS\system32\ssqpnon.dll
C:\WINDOWS\system32\ssqppmj.dll
C:\WINDOWS\system32\svbntomo.ini
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\urqopmj.dll
C:\WINDOWS\system32\vvimbce.dll
C:\WINDOWS\system32\wosapymw.ini
C:\WINDOWS\system32\wvutqqn.dll
C:\WINDOWS\system32\xcfgypkt.ini
C:\WINDOWS\system32\xxywwxw.dll
C:\WINDOWS\system32\xxyxwvt.dll
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_IMAGESRVV
-------\LEGACY_MSUPDATE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_POWERMANAGER
-------\cmdService
-------\imagesrvv
-------\msupdate
-------\PowerManager

((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-26 01:04 . 2008-02-26 01:04 <DIR> d-------- C:\Program Files\MapEDC
2008-02-24 08:57 . 2008-02-24 08:57 <DIR> d-------- C:\Program Files\NoDNS
2008-02-23 13:45 . 2008-02-23 13:45 12 --a------ C:\WINDOWS\system32\di1.gif
2008-02-21 14:01 . 2008-02-21 22:31 40,960 --a------ C:\WINDOWS\system32\fadgsd.exe
2008-02-21 14:01 . 2008-02-21 22:31 40,960 --a------ C:\WINDOWS\hfdgrhjkgh.exe
2008-02-20 21:10 . 2008-02-24 21:25 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-02-20 12:30 . 2008-02-20 12:30 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-02-20 04:03 . 2008-02-20 04:03 <DIR> d-------- C:\Program Files\JavaCore
2008-02-19 21:50 . 2008-02-24 09:18 36,864 --a------ C:\WINDOWS\17PHolmes572.exe.tmp
2008-02-19 09:28 . 2008-02-19 23:42 36,864 --a------ C:\WINDOWS\system32\fwehg.exe
2008-02-19 09:28 . 2008-02-19 23:42 36,864 --a------ C:\WINDOWS\gsdfr5yhgjng.exe
2008-02-07 16:36 . 2008-02-07 16:38 <DIR> d-------- C:\Program Files\Prime95
2008-02-07 16:36 . 2008-02-07 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-02-07 13:21 . 2008-02-07 13:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2008-02-06 21:20 . 2002-05-02 23:02 1,221,050 ---hs---- C:\WINDOWS\system32\ibpdvcnh.ini
2008-02-04 10:58 . 2002-05-07 05:57 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-02-04 00:32 . 2008-02-04 00:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-02-04 00:24 . 2008-02-04 00:26 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-04 00:24 . 2008-02-04 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-03 22:32 . 2008-02-03 22:33 <DIR> d-------- C:\Program Files\Instant CD & DVD Burner
2008-02-03 14:01 . 2002-05-07 06:38 <DIR> d-------- C:\Program Files\Free Easy Burner
2008-02-03 13:34 . 2002-05-05 17:04 <DIR> d-------- C:\Program Files\TradeTouch
2008-02-03 11:33 . 2002-05-05 17:03 <DIR> d-------- C:\Program Files\Cheetah Burner
2008-02-03 11:33 . 2005-11-14 04:23 1,228,800 --a------ C:\WINDOWS\system32\FoxBurner.ocx
2008-02-02 20:24 . 2008-02-02 20:24 <DIR> d-------- C:\WINDOWS\system32\9DA0A0A5AAABABA
2008-02-02 20:24 . 2007-12-14 04:40 120,832 --a------ C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe
2008-02-02 15:44 . 2008-02-02 16:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-02 15:44 . 2008-02-02 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-31 23:11 . 2008-01-31 23:11 <DIR> d-------- C:\Program Files\Pop up Blocker Pro
2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\tip4
2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\lis6
2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\kps5
2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\hs9
2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\Temp\gTiis19
2008-01-31 22:55 . 2008-02-27 12:28 37,376 -ra------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-31 22:54 . 2008-01-31 22:54 <DIR> d-------- C:\Temp\cXzz9
2008-01-31 22:54 . 2008-02-25 04:10 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 06:30 20,480 ----a-w C:\WINDOWS\quit.exe
2008-02-04 08:24 --------- d-----w C:\Program Files\Nero
2008-02-04 06:24 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-03 21:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-01 07:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-30 15:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2008-01-20 04:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\DivX
2008-01-19 23:00 --------- d-----w C:\Program Files\Garmin GPS Control
2008-01-13 00:47 --------- d-----w C:\Program Files\AbiSuite2
2008-01-10 03:09 --------- d-----w C:\Program Files\Google
2008-01-10 00:40 --------- d-----w C:\Program Files\Azureus
2008-01-10 00:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-01-09 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-07 18:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-05 21:10 --------- d-----w C:\Program Files\VstPlugins
2008-01-05 21:10 --------- d-----w C:\Program Files\Image-Line
2008-01-05 21:02 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-01-04 04:24 --------- d-----w C:\Program Files\Ares
2008-01-02 18:46 --------- d-----w C:\Program Files\LimeWire
2008-01-02 18:45 --------- d-----w C:\Program Files\Java
2008-01-02 18:44 --------- d-----w C:\Program Files\Common Files\Java
2008-01-02 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-01-02 18:38 --------- d-----w C:\Program Files\Ulead Systems
2008-01-02 18:38 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-02 03:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss
2008-01-02 02:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\vlc
2008-01-02 02:38 --------- d-----w C:\Program Files\VideoLAN
2007-12-25 00:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead
2007-12-14 03:09 1,008,424 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 17:59 1,008,424 ----a-w C:\WINDOWS\UNRecode.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221BBF54-3327-4548-9006-84385B1A5840}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pop up Blocker Pro"="C:\Program Files\Pop up Blocker Pro\pdie.exe" [2007-01-12 14:10 1309184]
"JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [2008-02-20 04:03 144896]
"Aiuh"="C:\WINDOWS\RACLE~1\netdde.exe" [ ]
"Eecu"="C:\Program Files\Common Files\a?sembly\n?pdb.exe" [ ]
"NoDNS"="C:\Program Files\\NoDNS\\NoDNS.exe" [2008-02-24 08:57 102400]
"MapEDC"="C:\Program Files\MapEDC\MapEDC.exe" [2008-02-26 01:04 57344]
"78bc0c10"="C:\WINDOWS\system32\wmypasow.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E4E7E7ECF1F2F2F0F"="A0A3A3A8ADAEAEA.exe" [2007-12-14 04:40 120832 C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"78bc0c10"="C:\WINDOWS\system32\wmypasow.dll" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2006-07-22 15:49 5376 C:\WINDOWS\system32\antiwpa.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\78bc0c10]
C:\WINDOWS\system32\omotnbvs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aiuh]
C:\WINDOWS\system32\ASEMBL~1\logonui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E4E7E7ECF1F2F2F0F]
--a------ 2007-12-14 04:40 120832 C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eozcqadz]
C:\Documents and Settings\Owner\My Documents\?ystem\?hkntfs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-06-06 10:41 155136 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-06-06 10:45 192000 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iikw]
C:\PROGRA~1\COMMON~1\iikw\iikwm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\kvmmed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-07-01 17:23 67584 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 168848 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsaya]
C:\Documents and Settings\Owner\Application Data\W?nSxS\?ti2evxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
--------- 2004-11-26 11:43 90112 C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=

S2 PowerManager;Power Manager;C:\WINDOWS\svchost.exe []
S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys []
S3 I97DRIVER;I97DRIVER;D:\Diagnostic\Eurosoft\QA+Win32\QA+Win32\dgs.sys []

*Newly Created Service* - POWERMANAGER
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 04:21:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NoDNS\NoDNS.exe
.
**************************************************************************
.
Completion time: 2008-02-25 4:23:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-25 12:22:59

Hope you can help!!

02-29-2008, 09:37 AM	#1 (permalink)
traejaqun Registered User Join Date: Feb 2008 Posts: 3 OS: xp	spyware pop ups wont stop Hello, my name is Trae and im having problems with my computer, spyware pop-ups wont stop, they make my computer run slower and close out my browser sometimes. I tried the combofix and it stopped for about a hour and restarted but this time its different anti spyware programs on my computer that wont let me delete them. They all tell me my computer has a infection and I need to register there program to get rid of it. Not sure what this means but this was the notepad from the combofix ComboFix 08-02-25.3 - Owner 2002-05-04 4:09:40.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.215 [GMT -7:00] Running from: C:\Documents and Settings\Owner\My Documents\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Owner\Application Data\SSTEM3~1 C:\Documents and Settings\Owner\Application Data\WNSXS~1 C:\Documents and Settings\Owner\My Documents\YSTEM~1 C:\Documents and Settings\Owner\My Documents\YSTEM~1\?hkntfs.exe C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk C:\Program Files\Common Files\asembl~1 C:\Program Files\Common Files\asembl~1\n?pdb.exe C:\Program Files\Common Files\iikw C:\Program Files\Common Files\iikw\iikwa.exe C:\Program Files\Common Files\iikw\iikwa.lck C:\Program Files\Common Files\iikw\iikwd\class-barrel C:\Program Files\Common Files\iikw\iikwd\iikwc.dll C:\Program Files\Common Files\iikw\iikwd\vocabulary C:\Program Files\Common Files\iikw\iikwh C:\Program Files\Common Files\iikw\iikwl.exe C:\Program Files\Common Files\iikw\iikwl.lck C:\Program Files\Common Files\iikw\iikwm.exe C:\Program Files\Common Files\iikw\iikwm.lck C:\Program Files\Common Files\iikw\iikwp.exe C:\Program Files\Common Files\Yazzle1281OinAdmin.exe C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe C:\Program Files\inetget2 C:\Program Files\inetget2\MTE3MTk6ODoxNg.exe C:\Program Files\Insider C:\Program Files\Insider\Insider.exe C:\Program Files\Insider\UnInstall.exe C:\Program Files\Online Services\nipys4444.dll C:\Program Files\Online Services\nipys455101.dll C:\Program Files\Online Services\nipys83122.dll C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\FF.dll C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\Terms.rtf C:\Program Files\Router C:\Program Files\Temporary C:\Program Files\Temporary\InsiDERIns.exe C:\Program Files\Temporary\kernInst.exe C:\Program Files\Windows NT\rybimoc.dll C:\Program Files\Windows NT\rybimoc594.dll C:\Program Files\Windows NT\rybimoc68.dll C:\Program Files\Windows NT\rybimoc816.dll C:\Program Files\ystem~1 C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\tn3 C:\WINDOWS\b103.exe C:\WINDOWS\b104.exe C:\WINDOWS\b111.exe C:\WINDOWS\b116.exe C:\WINDOWS\b122.exe C:\WINDOWS\b138.exe C:\WINDOWS\b147.exe C:\WINDOWS\b149.exe C:\WINDOWS\b151.exe C:\WINDOWS\b152.exe C:\WINDOWS\b153.exe C:\WINDOWS\b154.exe C:\WINDOWS\cookies.ini C:\WINDOWS\fnts~1 C:\WINDOWS\iikw C:\WINDOWS\iikw\iikw.dat C:\WINDOWS\iikw\wu C:\WINDOWS\mrofinu1000106.exe C:\WINDOWS\mrofinu572.exe C:\WINDOWS\NTE1MA\ C:\WINDOWS\NTE1MA\\asappsrv.dll C:\WINDOWS\NTE1MA\\command.exe C:\WINDOWS\NTE1MA\\hnHYgE.vbs C:\WINDOWS\NTE1MA\command.exe C:\WINDOWS\racle~1 C:\WINDOWS\racle~1\?racle\ C:\WINDOWS\racle~1\netdde.exe C:\WINDOWS\sembly~1 C:\WINDOWS\svchost.exe C:\WINDOWS\system32\aohiasxi.dll C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\conf.dat C:\WINDOWS\system32\ddcbxxx.dll C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\imagesrvv.sys C:\WINDOWS\system32\eom.dll C:\WINDOWS\system32\explorer.exe C:\WINDOWS\system32\eybptefa.ini C:\WINDOWS\system32\fccaayx.dll C:\WINDOWS\system32\fccyyxw.dll C:\WINDOWS\system32\gebabca.dll C:\WINDOWS\system32\gebxwxw.dll C:\WINDOWS\system32\hgghiih.dll C:\WINDOWS\system32\iexplorer.dll .dbt C:\WINDOWS\system32\ixsaihoa.ini C:\WINDOWS\system32\jjllm.ini C:\WINDOWS\system32\jjllm.ini2 C:\WINDOWS\system32\jkkjiif.dll C:\WINDOWS\system32\jkkljji.dll C:\WINDOWS\system32\jkklllj.dll C:\WINDOWS\system32\jrykubwu.dll C:\WINDOWS\system32\khfeebc.dll C:\WINDOWS\system32\khffgda.dll C:\WINDOWS\system32\lcsbbeok.dll C:\WINDOWS\system32\mlljj.dll C:\WINDOWS\system32\nGpxx01 C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe C:\WINDOWS\system32\nnnkklk.dll C:\WINDOWS\system32\omotnbvs.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pmnnnkj.dll C:\WINDOWS\system32\qbqitrxw.dll C:\WINDOWS\system32\rqrsspo.dll C:\WINDOWS\system32\rqrstrr.dll C:\WINDOWS\system32\safwldbr.dll C:\WINDOWS\system32\ssqpnon.dll C:\WINDOWS\system32\ssqppmj.dll C:\WINDOWS\system32\svbntomo.ini C:\WINDOWS\system32\tsuninst.exe C:\WINDOWS\system32\urqopmj.dll C:\WINDOWS\system32\vvimbce.dll C:\WINDOWS\system32\wosapymw.ini C:\WINDOWS\system32\wvutqqn.dll C:\WINDOWS\system32\xcfgypkt.ini C:\WINDOWS\system32\xxywwxw.dll C:\WINDOWS\system32\xxyxwvt.dll C:\WINDOWS\tk58.exe C:\WINDOWS\TTC-4444.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_IMAGESRVV -------\LEGACY_MSUPDATE -------\LEGACY_NETWORK_MONITOR -------\LEGACY_POWERMANAGER -------\cmdService -------\imagesrvv -------\msupdate -------\PowerManager ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))) . 2008-02-26 01:04 . 2008-02-26 01:04 <DIR> d-------- C:\Program Files\MapEDC 2008-02-24 08:57 . 2008-02-24 08:57 <DIR> d-------- C:\Program Files\NoDNS 2008-02-23 13:45 . 2008-02-23 13:45 12 --a------ C:\WINDOWS\system32\di1.gif 2008-02-21 14:01 . 2008-02-21 22:31 40,960 --a------ C:\WINDOWS\system32\fadgsd.exe 2008-02-21 14:01 . 2008-02-21 22:31 40,960 --a------ C:\WINDOWS\hfdgrhjkgh.exe 2008-02-20 21:10 . 2008-02-24 21:25 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico 2008-02-20 12:30 . 2008-02-20 12:30 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2008-02-20 04:03 . 2008-02-20 04:03 <DIR> d-------- C:\Program Files\JavaCore 2008-02-19 21:50 . 2008-02-24 09:18 36,864 --a------ C:\WINDOWS\17PHolmes572.exe.tmp 2008-02-19 09:28 . 2008-02-19 23:42 36,864 --a------ C:\WINDOWS\system32\fwehg.exe 2008-02-19 09:28 . 2008-02-19 23:42 36,864 --a------ C:\WINDOWS\gsdfr5yhgjng.exe 2008-02-07 16:36 . 2008-02-07 16:38 <DIR> d-------- C:\Program Files\Prime95 2008-02-07 16:36 . 2008-02-07 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad 2008-02-07 13:21 . 2008-02-07 13:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webroot 2008-02-06 21:20 . 2002-05-02 23:02 1,221,050 ---hs---- C:\WINDOWS\system32\ibpdvcnh.ini 2008-02-04 10:58 . 2002-05-07 05:57 4,286 --a------ C:\WINDOWS\system32\Jamster.ico 2008-02-04 00:32 . 2008-02-04 00:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nero 2008-02-04 00:24 . 2008-02-04 00:26 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-02-04 00:24 . 2008-02-04 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-02-03 22:32 . 2008-02-03 22:33 <DIR> d-------- C:\Program Files\Instant CD & DVD Burner 2008-02-03 14:01 . 2002-05-07 06:38 <DIR> d-------- C:\Program Files\Free Easy Burner 2008-02-03 13:34 . 2002-05-05 17:04 <DIR> d-------- C:\Program Files\TradeTouch 2008-02-03 11:33 . 2002-05-05 17:03 <DIR> d-------- C:\Program Files\Cheetah Burner 2008-02-03 11:33 . 2005-11-14 04:23 1,228,800 --a------ C:\WINDOWS\system32\FoxBurner.ocx 2008-02-02 20:24 . 2008-02-02 20:24 <DIR> d-------- C:\WINDOWS\system32\9DA0A0A5AAABABA 2008-02-02 20:24 . 2007-12-14 04:40 120,832 --a------ C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe 2008-02-02 15:44 . 2008-02-02 16:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-02-02 15:44 . 2008-02-02 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-31 23:11 . 2008-01-31 23:11 <DIR> d-------- C:\Program Files\Pop up Blocker Pro 2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\tip4 2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\lis6 2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\kps5 2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\WINDOWS\system32\hs9 2008-01-31 22:55 . 2008-01-31 22:55 <DIR> d-------- C:\Temp\gTiis19 2008-01-31 22:55 . 2008-02-27 12:28 37,376 -ra------ C:\WINDOWS\mrofinu572.exe.tmp 2008-01-31 22:54 . 2008-01-31 22:54 <DIR> d-------- C:\Temp\cXzz9 2008-01-31 22:54 . 2008-02-25 04:10 <DIR> d-------- C:\Temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-22 06:30 20,480 ----a-w C:\WINDOWS\quit.exe 2008-02-04 08:24 --------- d-----w C:\Program Files\Nero 2008-02-04 06:24 --------- d-----w C:\Program Files\Common Files\Ahead 2008-02-03 21:32 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-02-01 07:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire 2008-01-30 15:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks 2008-01-20 04:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\DivX 2008-01-19 23:00 --------- d-----w C:\Program Files\Garmin GPS Control 2008-01-13 00:47 --------- d-----w C:\Program Files\AbiSuite2 2008-01-10 03:09 --------- d-----w C:\Program Files\Google 2008-01-10 00:40 --------- d-----w C:\Program Files\Azureus 2008-01-10 00:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus 2008-01-09 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-01-07 18:54 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-05 21:10 --------- d-----w C:\Program Files\VstPlugins 2008-01-05 21:10 --------- d-----w C:\Program Files\Image-Line 2008-01-05 21:02 --------- d-----w C:\Program Files\ASIO4ALL v2 2008-01-04 04:24 --------- d-----w C:\Program Files\Ares 2008-01-02 18:46 --------- d-----w C:\Program Files\LimeWire 2008-01-02 18:45 --------- d-----w C:\Program Files\Java 2008-01-02 18:44 --------- d-----w C:\Program Files\Common Files\Java 2008-01-02 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-01-02 18:38 --------- d-----w C:\Program Files\Ulead Systems 2008-01-02 18:38 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2008-01-02 03:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss 2008-01-02 02:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\vlc 2008-01-02 02:38 --------- d-----w C:\Program Files\VideoLAN 2007-12-25 00:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead 2007-12-14 03:09 1,008,424 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-12-04 17:59 1,008,424 ----a-w C:\WINDOWS\UNRecode.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{221BBF54-3327-4548-9006-84385B1A5840}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pop up Blocker Pro"="C:\Program Files\Pop up Blocker Pro\pdie.exe" [2007-01-12 14:10 1309184] "JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [2008-02-20 04:03 144896] "Aiuh"="C:\WINDOWS\RACLE~1\netdde.exe" [ ] "Eecu"="C:\Program Files\Common Files\a?sembly\n?pdb.exe" [ ] "NoDNS"="C:\Program Files\\NoDNS\\NoDNS.exe" [2008-02-24 08:57 102400] "MapEDC"="C:\Program Files\MapEDC\MapEDC.exe" [2008-02-26 01:04 57344] "78bc0c10"="C:\WINDOWS\system32\wmypasow.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "E4E7E7ECF1F2F2F0F"="A0A3A3A8ADAEAEA.exe" [2007-12-14 04:40 120832 C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "78bc0c10"="C:\WINDOWS\system32\wmypasow.dll" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] antiwpa.dll 2006-07-22 15:49 5376 C:\WINDOWS\system32\antiwpa.dll [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\78bc0c10] C:\WINDOWS\system32\omotnbvs.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aiuh] C:\WINDOWS\system32\ASEMBL~1\logonui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E4E7E7ECF1F2F2F0F] --a------ 2007-12-14 04:40 120832 C:\WINDOWS\system32\A0A3A3A8ADAEAEA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eozcqadz] C:\Documents and Settings\Owner\My Documents\?ystem\?hkntfs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2004-06-06 10:41 155136 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2004-06-06 10:45 192000 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iikw] C:\PROGRA~1\COMMON~1\iikw\iikwm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider] C:\Program Files\Insider\Insider.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\WINDOWS\mrofinu572.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w] C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\kvmmed.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-07-01 17:23 67584 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 04:00 168848 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsaya] C:\Documents and Settings\Owner\Application Data\W?nSxS\?ti2evxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] --------- 2004-11-26 11:43 90112 C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch] C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= S2 PowerManager;Power Manager;C:\WINDOWS\svchost.exe [] S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys [] S3 I97DRIVER;I97DRIVER;D:\Diagnostic\Eurosoft\QA+Win32\QA+Win32\dgs.sys [] Newly Created Service - POWERMANAGER . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-25 04:21:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NoDNS\NoDNS.exe . ************************************************************************ . Completion time: 2008-02-25 4:23:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-25 12:22:59 Hope you can help!!