Thread: Need help with spyware/adware/virus, etc.
View Single Post
Old 08-13-2008, 02:12 PM   #5 (permalink)
hammad1337
Registered User
 
Join Date: Aug 2008
Posts: 14
OS: xp


Re: Need help with spyware/adware/virus, etc.
thanks

ComboFix 08-08-12.01 - Owner 2008-08-13 15:38:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.74 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMdfd9f23c.txt
C:\WINDOWS\BMdfd9f23c.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aesxtifa.dll
C:\WINDOWS\system32\avxuavkm.dll
C:\WINDOWS\system32\byXQJbaW.dll
C:\WINDOWS\system32\cgvybrdu.dll
C:\WINDOWS\system32\chajmy.dll
C:\WINDOWS\system32\crnusitc.ini
C:\WINDOWS\system32\cwajvrjq.ini
C:\WINDOWS\system32\ddcDttsT.dll
C:\WINDOWS\system32\ddcyyywt.dll
C:\WINDOWS\system32\dzjkmk.dll
C:\WINDOWS\system32\eijxrj.dll
C:\WINDOWS\system32\frgbfkhv.dll
C:\WINDOWS\system32\hwrqvwlk.ini
C:\WINDOWS\system32\iifcCTNH.dll
C:\WINDOWS\system32\iifffGyV.dll
C:\WINDOWS\system32\lcxxqt.dll
C:\WINDOWS\system32\mlJDSlkk.dll
C:\WINDOWS\system32\mlJYpMDu.dll
C:\WINDOWS\system32\nmchbtvk.dll
C:\WINDOWS\system32\opnMDUMd.dll
C:\WINDOWS\system32\otmhqiyk.ini
C:\WINDOWS\system32\phpdmpvx.ini
C:\WINDOWS\system32\qjrvjawc.dll
C:\WINDOWS\system32\qrpnju.dll
C:\WINDOWS\system32\sopdfgoo.dll
C:\WINDOWS\system32\ssqroOHb.dll
C:\WINDOWS\system32\ubmvgock.dll
C:\WINDOWS\system32\ufmemokh.dll
C:\WINDOWS\system32\vmiadmwn.dll
C:\WINDOWS\system32\vtyfkmjf.ini
C:\WINDOWS\system32\WabJQXyb.ini
C:\WINDOWS\system32\WabJQXyb.ini2
C:\WINDOWS\system32\yekjxrjc.dll
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-13 12:57 . 2008-08-13 12:57 <DIR> d-------- C:\Deckard
2008-08-10 16:21 . 2008-08-10 16:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-08 18:53 . 2008-08-08 18:53 <DIR> d-------- C:\Documents and Settings\Shama
2008-08-08 16:16 . 2008-08-08 16:16 2,048 --a------ C:\WINDOWS\system32\bljadvck.exe
2008-08-07 16:46 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-08-07 16:46 . 2008-06-23 17:36 773,120 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-08-07 16:39 . 2008-08-07 16:39 0 --a------ C:\WINDOWS\Irremote.ini
2008-08-07 16:04 . 2008-08-07 16:04 2,048 --a------ C:\WINDOWS\system32\wksreyes.exe
2008-08-07 15:51 . 2008-08-07 15:51 2,048 --a------ C:\WINDOWS\system32\cddxccds.exe
2008-08-07 12:15 . 2008-08-07 12:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nero
2008-08-07 12:10 . 2008-08-07 12:11 <DIR> d-------- C:\Program Files\AV9
2008-08-07 11:57 . 2008-08-07 11:57 <DIR> d-------- C:\Program Files\Nero
2008-08-07 11:57 . 2008-08-07 12:01 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-07 11:57 . 2008-08-07 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-07 09:21 . 2008-08-07 09:21 2,048 --a------ C:\WINDOWS\system32\gtmxsqgh.exe
2008-08-07 09:14 . 2008-08-07 09:14 2,048 --a------ C:\WINDOWS\system32\whfwvsod.exe
2008-08-06 09:28 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-06 09:26 . 2008-08-08 15:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-08-06 09:25 . 2008-08-06 09:25 <DIR> d-------- C:\WINDOWS\Sun
2008-08-05 17:40 . 2008-04-13 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-08-05 17:40 . 2008-04-13 14:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-08-05 14:02 . 2008-06-17 15:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-05 14:02 . 2008-06-17 15:17 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-05 13:59 . 2008-08-05 14:02 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-08-05 10:49 . 2008-08-08 12:05 <DIR> d-------- C:\Documents and Settings\Muhammad huda
2008-08-04 10:51 . 2008-08-07 16:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-08-04 10:48 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-04 10:46 . 2008-08-04 10:48 <DIR> d-------- C:\Program Files\Java
2008-08-04 10:44 . 2008-08-04 10:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-04 10:37 . 2008-08-07 16:04 <DIR> d-------- C:\Program Files\LimeWire
2008-08-04 10:19 . 2008-08-04 10:19 <DIR> d-------- C:\Program Files\Pure Networks
2008-08-04 10:18 . 2008-05-16 06:10 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2008-08-04 10:17 . 2008-08-04 10:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-04 10:17 . 2008-08-13 12:59 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-08-04 10:17 . 2008-08-04 10:17 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-08-04 10:17 . 2008-05-16 06:10 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-08-04 09:26 . 2008-08-08 19:47 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-08-03 16:54 . 2008-08-03 16:54 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-03 16:52 . 2008-08-03 16:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-03 16:12 . 2008-08-03 16:12 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-03 13:04 . 2008-08-03 16:05 <DIR> d-------- C:\Program Files\Google
2008-08-02 22:51 . 2008-08-04 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-08-02 22:36 . 2008-08-08 12:05 <DIR> d-------- C:\Documents and Settings\Taha Huda
2008-08-02 21:47 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-02 21:47 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-02 21:47 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-02 21:47 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-02 21:47 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-02 21:47 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-02 21:47 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-02 21:47 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-02 21:47 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-02 21:18 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-02 21:18 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-02 21:18 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-02 20:38 . 2008-04-13 20:12 1,306,624 --a------ C:\WINDOWS\system32\msxml6.dll
2008-08-02 20:37 . 2008-04-13 20:11 650,752 --a------ C:\WINDOWS\system32\dot3ui.dll
2008-08-02 20:02 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-02 20:01 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-02 20:01 . 2008-04-13 14:45 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-08-02 20:01 . 2008-04-13 14:39 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2008-08-02 20:01 . 2008-04-13 14:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-08-02 20:01 . 2008-04-13 14:39 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2008-08-02 20:01 . 2008-04-13 14:39 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2008-08-02 20:00 . 2008-08-02 20:00 <DIR> d-------- C:\WINDOWS\VirtualEar
2008-08-02 20:00 . 2008-08-02 20:00 <DIR> d-------- C:\Program Files\Analog Devices
2008-08-02 20:00 . 2001-10-04 16:50 991,232 --a------ C:\WINDOWS\system32\virtear.dll
2008-08-02 20:00 . 2008-04-13 20:12 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-08-02 20:00 . 2003-08-19 20:36 65,536 --a------ C:\WINDOWS\system32\Audio3d.dll
2008-08-02 20:00 . 2004-11-19 12:00 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2008-08-02 20:00 . 2002-04-17 16:05 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2008-08-02 20:00 . 2008-04-13 20:11 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-08-02 19:59 . 2001-09-19 14:47 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2008-08-02 19:59 . 2004-09-17 11:02 732,928 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-08-02 19:59 . 2004-09-23 09:55 311,296 --a------ C:\WINDOWS\system32\Edcrypt.dll
2008-08-02 19:59 . 2005-01-27 17:31 260,352 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2008-08-02 19:59 . 2004-10-05 18:10 23,040 --a------ C:\WINDOWS\system32\PostProc.dll
2008-08-01 20:27 . 2005-10-19 10:59 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-08-01 19:58 . 2008-08-02 20:00 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 19:57 . 2008-08-01 19:57 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-08-01 19:57 . 2008-08-02 19:59 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-08-01 19:53 . 2008-08-01 18:08 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-08-01 19:53 . 2008-08-01 18:11 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-08-01 19:53 . 2008-08-01 19:53 <DIR> d-------- C:\Program Files\CA
2008-08-01 19:53 . 2008-08-01 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-08-01 19:53 . 2007-09-17 23:35 250,544 --a------ C:\WINDOWS\system32\KeyHelp.ocx
2008-08-01 19:49 . 2008-08-01 19:49 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-08-01 19:35 . 2008-08-07 09:56 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-08-01 19:32 . 2008-08-01 19:32 <DIR> d-------- C:\WINDOWS\provisioning
2008-08-01 19:32 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\peernet
2008-08-01 19:25 . 2008-08-02 21:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-01 19:11 . 2008-08-02 21:03 <DIR> d-------- C:\WINDOWS\EHome
2008-08-01 19:00 . 2002-04-15 23:11 67,866 --a------ C:\WINDOWS\system32\drivers\netwlan5.img
2008-08-01 19:00 . 2008-04-14 05:42 11,264 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-08-01 19:00 . 2004-08-02 16:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-08-01 19:00 . 2004-08-02 16:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-08-01 18:36 . 2008-08-03 08:44 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-08-01 18:36 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-08-01 18:35 . 2008-08-02 21:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-01 18:34 . 2008-04-13 13:39 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-08-01 18:34 . 2008-04-13 20:12 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-08-01 18:34 . 2008-04-13 20:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-08-01 18:34 . 2008-04-13 20:11 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-08-01 18:34 . 2008-04-13 20:11 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-08-01 18:21 . 2004-03-09 02:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-08-01 18:20 . 2008-08-01 18:20 <DIR> d-------- C:\Downloads
2008-08-01 18:17 . 2008-08-01 18:17 <DIR> d--hs---- C:\Documents and Settings\Owner\UserData
2008-08-01 18:10 . 2007-07-30 21:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-08-01 18:10 . 2007-07-30 21:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-08-01 18:10 . 2007-07-30 21:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-08-01 18:10 . 2007-07-30 21:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-08-01 18:10 . 2008-04-13 20:12 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-08-01 18:10 . 2008-04-13 20:12 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-08-01 18:10 . 2007-07-30 21:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-08-01 18:09 . 2008-08-01 18:08 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-08-01 18:09 . 2008-08-01 18:08 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-08-01 18:09 . 2008-08-01 18:08 99,568 --a------ C:\WINDOWS\system32\isafeif.dll
2008-08-01 18:09 . 2008-08-01 18:08 91,376 --a------ C:\WINDOWS\system32\isafprod.dll
2008-08-01 18:09 . 2008-08-01 18:08 83,256 --a------ C:\WINDOWS\system32\vetredir.dll
2008-08-01 18:09 . 2008-08-01 18:08 32,240 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-08-01 18:09 . 2008-08-01 18:08 26,352 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-08-01 18:09 . 2008-08-01 18:08 21,488 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-08-01 18:09 . 2008-08-01 18:08 21,104 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-07-31 17:54 . 2008-04-13 14:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-31 17:54 . 2008-04-13 20:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 09:05 9,200 ----a-w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-09 09:05 9,072 ----a-w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-09 09:05 43,872 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-09 09:05 129,520 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-07-09 09:05 120,568 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-09 09:05 118,256 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-06-24 20:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 18:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 18:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-05-16 10:02 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
2008-05-16 10:02 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-03 13:05 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
--a------ 2008-08-01 18:08 234736 C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
--a------ 2008-08-01 18:08 181488 C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 10:59 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 10:59 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
--a------ 2008-05-16 05:57 451896 C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
--a------ 2008-05-16 06:11 648504 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 16:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-08-01 18:08]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 1 00 AM.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\caantispyware.exe [2008-08-01 18:08]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-dceac1a0 - C:\WINDOWS\system32\qjrvjawc.dll
HKLM-Run-BMdfd9f23c - C:\WINDOWS\system32\vmiadmwn.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pa9rroku.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 16:00:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-08-13 16:05:25 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-08-13 20:04:49

Pre-Run: 25,087,688,704 bytes free
Post-Run: 26,152,083,456 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

279 --- E O F --- 2008-08-03 03:02:13

=====

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:31 PM, on 8/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 3864 bytes
Attached Files
File Type: txt Combofix.txt (18.6 KB, 1 views)
File Type: txt Hijackthis.txt (3.8 KB, 1 views)
Last edited by TheBruce1; 08-13-2008 at 03:37 PM.
hammad1337 is offline