Thread: Constant Pop up- Error loading C:\Windows\System32\byXPIbxY.dll
View Single Post
Old 08-14-2008, 02:55 AM   #12 (permalink)
amateur
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,318
OS: XP SP3


Re: Constant Pop up- Error loading C:\Windows\System32\byXPIbxY.dll
Hi,

Thank you for the log. While I am reviewing it, I'll copy it here for convenience. Please remember to copy/paste the logs in the thread next time.

ComboFix 08-08-13.02 - Dan 2008-08-13 19:25:43.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2382 [GMT -7:00]
Running from: C:\Users\Dan\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Dan\AppData\Roaming\macromedia\Flash Player\#SharedObjects\DGD663TC\interclick.com
C:\Users\Dan\AppData\Roaming\macromedia\Flash Player\#SharedObjects\DGD663TC\interclick.com\ud.sol
C:\Users\Dan\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Dan\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\System32\bJPWxGgh.ini
C:\Windows\System32\bJPWxGgh.ini2
C:\Windows\system32\brqcdgio.ini
C:\Windows\system32\eyykqlhl.dll
C:\Windows\system32\fxeqfuve.ini
C:\Windows\System32\iPrCKRqr.ini
C:\Windows\System32\iPrCKRqr.ini2
C:\Windows\system32\ldayvk.dll
C:\Windows\System32\llTtDcdd.ini
C:\Windows\System32\llTtDcdd.ini2
C:\Windows\System32\mlRqqtwa.ini
C:\Windows\System32\mlRqqtwa.ini2
C:\Windows\System32\NnTtwyay.ini
C:\Windows\System32\NnTtwyay.ini2
C:\Windows\system32\rilualtn.ini
C:\Windows\system32\siqwlrlk.ini
C:\Windows\system32\sjupkd.dll
C:\Windows\system32\svnrnwvt.dll
C:\Windows\System32\vEddJkkj.ini
C:\Windows\System32\vEddJkkj.ini2
C:\Windows\system32\xwhqahre.ini

----- BITS: Possible infected sites -----

http://images.metaservices.microsoft.com:80
.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-07 18:48 . 2008-08-08 16:48 <DIR> d-------- C:\Users\Dan\AppData\Roaming\BitTorrent
2008-08-07 18:47 . 2008-08-07 18:47 <DIR> d-------- C:\Program Files\BitTorrent
2008-08-05 17:40 . 2008-08-05 17:40 <DIR> d-------- C:\Users\Dan\AppData\Roaming\Malwarebytes
2008-08-05 17:40 . 2008-08-05 17:40 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-05 17:40 . 2008-08-05 17:40 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-05 17:40 . 2008-08-05 17:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-05 17:40 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-05 17:40 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-05 17:31 . 2008-08-05 17:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-05 16:49 . 2008-08-05 16:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-05 16:48 . 2008-08-05 16:49 <DIR> d-------- C:\Program Files\iTunes
2008-08-05 16:48 . 2008-08-05 16:48 <DIR> d-------- C:\Program Files\iPod
2008-07-31 23:54 . 2008-07-31 23:54 <DIR> d-------- C:\Users\All Users\ATI
2008-07-31 23:54 . 2008-07-31 23:54 <DIR> d-------- C:\ProgramData\ATI
2008-07-31 07:18 . 2008-07-31 07:18 <DIR> d-------- C:\Deckard
2008-07-30 21:26 . 2008-07-30 21:26 <DIR> d-------- C:\Program Files\Panda Security
2008-07-30 21:26 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-07-30 18:26 . 2008-07-30 18:26 <DIR> d-------- C:\Users\All Users\PC Drivers HeadQuarters
2008-07-30 18:26 . 2008-07-30 18:26 <DIR> d-------- C:\ProgramData\PC Drivers HeadQuarters
2008-07-25 01:36 . 2008-07-25 01:36 524,288 --a------ C:\Windows\System32\DivXsm.exe
2008-07-25 01:36 . 2008-07-25 01:36 4,816 --a------ C:\Windows\System32\divxsm.tlb
2008-07-23 09:50 . 2008-07-23 09:50 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-07-23 09:48 . 2008-07-23 09:48 1,044,480 --a------ C:\Windows\System32\libdivx.dll
2008-07-23 09:48 . 2008-07-23 09:48 200,704 --a------ C:\Windows\System32\ssldivx.dll
2008-07-23 09:47 . 2008-07-23 09:47 416 --a------ C:\Windows\System32\dtu100.dll.manifest
2008-07-23 09:47 . 2008-07-23 09:47 416 --a------ C:\Windows\System32\dpl100.dll.manifest
2008-07-23 09:46 . 2008-07-23 09:46 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll
2008-07-21 16:46 . 2008-07-21 17:38 26 --a------ C:\Windows\dvdSanta.INI
2008-07-21 16:44 . 2008-07-21 16:44 <DIR> d-------- C:\TempDVD
2008-07-21 16:44 . 2008-07-31 07:04 <DIR> d-------- C:\Program Files\dvdSanta
2008-07-21 16:44 . 2008-07-21 17:41 <DIR> d-------- C:\dvdsanta
2008-07-19 11:42 . 2008-07-19 11:42 <DIR> d-------- C:\Program Files\QuickTime
2008-07-16 20:07 . 2008-07-16 20:07 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-07-16 20:07 . 2008-07-16 20:07 <DIR> d-------- C:\ProgramData\Ubisoft
2008-07-16 07:04 . 2008-07-16 07:06 <DIR> d-------- C:\Windows\RegCure
2008-07-16 06:48 . 2008-07-16 07:06 <DIR> d-------- C:\Program Files\RegCure
2008-07-14 20:49 . 2008-07-14 20:49 <DIR> d-------- C:\Users\Dan\AppData\Roaming\Ubisoft
2008-07-14 20:31 . 2008-07-14 20:31 <DIR> d-------- C:\Program Files\Ubisoft
2008-07-14 17:55 . 2008-07-10 21:23 322,304 --a------ C:\Windows\System32\trzEE7F.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 02:28 19,822 ----a-w C:\Windows\system32\drivers\stwrte.log
2008-08-14 02:27 --------- d-----w C:\Users\Dan\AppData\Roaming\DNA
2008-08-14 02:21 --------- d---a-w C:\ProgramData\TEMP
2008-08-13 12:50 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-12 03:40 --------- d-----w C:\Program Files\World of Warcraft
2008-08-12 03:11 --------- d-----w C:\Program Files\Warcraft III
2008-08-12 01:34 --------- d-----w C:\Users\Dan\AppData\Roaming\Apple Computer
2008-08-12 01:05 20 ---h--w C:\Users\All Users\PKP_DLdu.DAT
2008-08-12 01:05 20 ---h--w C:\ProgramData\PKP_DLdu.DAT
2008-08-08 05:34 --------- d-----w C:\Program Files\DivX
2008-08-01 16:44 --------- d-----w C:\Program Files\ATI
2008-08-01 06:42 --------- d-----w C:\Program Files\ATI Technologies
2008-07-31 01:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-10 06:11 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-07-10 02:56 --------- d-----w C:\Users\Dan\AppData\Roaming\DAEMON Tools
2008-07-09 15:05 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-09 00:28 --------- d-----w C:\Program Files\Windows Mail
2008-07-07 13:44 --------- d-----w C:\Program Files\E.M. DVD Copy
2008-07-07 05:02 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-07-04 01:17 --------- d-----w C:\Users\Dan\AppData\Roaming\Download Manager
2008-07-02 01:05 --------- d-----w C:\ProgramData\WindowsSearch
2008-07-02 00:19 --------- d-----w C:\Users\Dan\AppData\Roaming\Ahead
2008-07-01 22:41 --------- d-----w C:\Program Files\BitLord2
2008-07-01 18:07 --------- d-----w C:\ProgramData\FLEXnet
2008-07-01 18:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-01 17:57 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-01 04:54 --------- d-----w C:\Program Files\DNA
2008-06-27 14:10 --------- d-----w C:\Users\Dan\AppData\Roaming\Nikon
2008-06-27 14:09 --------- d-----w C:\Program Files\Common Files\Nikon
2008-06-19 06:17 --------- d-----w C:\Users\Dan\AppData\Roaming\ArcSoft
2008-06-13 05:39 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
2008-06-13 05:39 20 ---h--w C:\ProgramData\PKP_DLec.DAT
2008-05-04 02:43 22,328 ----a-w C:\Users\Dan\AppData\Roaming\PnkBstrK.sys
2008-04-15 19:31 859,282 ----a-w C:\Users\Dan\1280_StarCraft2GameplayVideo_EnglishUS2-avi-downloader.exe
2008-03-24 04:09 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-08-07 18:47 341824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-18 23:50 4702208 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-03-22 65588]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-04-01 15:17:27 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-08-07 18:47 341824 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 00:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1883384528-1375300349-1264342087-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7C162ADF-1C1B-47FA-B131-0BBF78CB11F6}"= UDP:C:\Windows\System32\dlbccoms.exe:Photo Printer 720 Server
"{338801CC-B447-4EEA-8270-8EB42E00C69B}"= TCP:C:\Windows\System32\dlbccoms.exe:Photo Printer 720 Server
"{F9981515-F3E2-48FF-BB9D-9293DD5D4B06}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C9CA26EA-6F0B-4A59-8671-AC7D8B71D82D}"= UDP:C:\Program Files\World of Warcraft\WoW-2.4.0-enUS-downloader.exe:Blizzard Downloader
"{8476BFA0-F1F6-412D-85E9-1EEECA75B9EE}"= TCP:C:\Program Files\World of Warcraft\WoW-2.4.0-enUS-downloader.exe:Blizzard Downloader
"{45664F0A-71F1-4EDF-A422-0C99D21238A2}"= UDP:3724:Blizzard Downloader: 3724
"{73340249-416A-4FB4-9CE0-C103F1B4C4D6}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{5D148400-DFDB-462C-8679-4ED926130D1A}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"TCP Query User{8D14627C-FC3D-484F-B7D4-72FEF5FD7FC9}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{B6EFEA90-12E4-4775-8431-16C20C99886C}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{FF86588F-60B9-4EE3-ADA2-810640E1ED51}C:\\users\\dan\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\dan\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{84058707-87DD-455E-9602-1A063834B8BE}C:\\users\\dan\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\dan\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{50255DEF-93D9-4DC8-9831-7F8C6BD15E5D}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{B110ECCF-8AD1-4E43-8E9F-E41EADB10998}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"{EB631120-5462-4E54-B7A1-E7297A7F6962}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E09D8E5D-D931-46B7-8786-53E06B8C1B2F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DCFD25CE-CA98-40D3-BB73-EA56A0EEB889}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C8723816-016E-4715-ABB7-FA9966314478}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BF6B159F-D78E-488F-9B9B-80EDE1E7A7D2}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2A0EFE6E-3F50-4CE9-974C-D1A81415916C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{FCF4D7AD-EC54-485E-B0CC-27E03A31C213}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{279FFD02-8668-4CEA-9849-B8776C9A21DC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{65435975-6C9B-4C77-A66E-807739A1F7B8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9EC658D9-DED3-4DF1-A320-A50EB7C92A84}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{1E160DAF-3BE2-4CE8-B7C3-FE9C37124245}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{C5DEF5D6-AD8C-44FB-869F-8AB4D1C47AA3}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{A133A347-EBA9-4FC9-AF17-D644B9291248}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{DCFC2324-3814-4FA8-ADAB-06259361CE43}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{CC3981C6-DD33-4924-B4D7-E64CFEE9BFFC}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{E6E75669-1A4A-4B02-B911-05C6E13A3144}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{90CAEE53-668A-41D7-89B4-EF786C9791D0}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{A8B1125B-1726-46D6-AF58-B7073E740CA0}C:\\program files\\bitlord2\\bitlord.exe"= UDP:C:\program files\bitlord2\bitlord.exe:
"UDP Query User{AAD0C4B9-8DD5-4A4E-98BF-8547F8709410}C:\\program files\\bitlord2\\bitlord.exe"= TCP:C:\program files\bitlord2\bitlord.exe:
"{8CA0057B-6A67-41C5-A84A-75676A11FEDC}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{13F61980-5E80-4233-91CC-AF061707BC83}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{347AC052-3409-4977-B971-BF326D64263D}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{92E1911D-CBC4-4D61-845D-2A2FD6FB1525}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{9BAB9E59-9A30-40B0-83AE-5019E25B9845}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{46331AB7-01B5-450D-AAE7-CE52A0C4F779}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{587DF2A9-0006-4F93-A4D1-4D7C26B81A65}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{314183C2-7CD3-4C2F-B0C0-005AA2F67B7A}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 07:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 07:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 07:36]
R2 dlbc_device;dlbc_device;C:\Windows\system32\dlbccoms.exe [2007-03-01 15:52]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-02 23:22]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;C:\Windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 03:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{750834f0-0458-11dd-ac14-001d7dab238e}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-14 C:\Windows\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 01:20]

2008-07-31 C:\Windows\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 01:20]

2008-08-13 C:\Windows\Tasks\User_Feed_Synchronization-{4755E1F3-CE53-494D-867D-0CB2680B2C16}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 00:33]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://sympatico.msn.ca/
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 19:29:08
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Dan\AppData\Local\Temp\WPDNSE

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-13 19:33:14 - machine was rebooted [Dan]
ComboFix-quarantined-files.txt 2008-08-14 02:33:05

Pre-Run: 103,231,737,856 bytes free
Post-Run: 103,407,611,904 bytes free

260 --- E O F --- 2008-07-31 01:33:06
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline