Thread: Random sound clips: "Congratulations - you have won..." and other system sounds.
View Single Post
Old 11-06-2008, 07:08 PM   #14 (permalink)
awordz
Registered User
 
Join Date: Nov 2008
Posts: 13
OS: WinXP


Re: Random sound clips: "Congratulations - you have won..." and other system sounds.
ComboFix 08-11-05.02 - Randizel 2008-11-06 17:54:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.220 [GMT -8:00]
Running from: c:\documents and settings\Randizel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Randizel\Desktop\CFScript.txt.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
C:\gWD.exe
C:\m3d.exe
c:\program files\AntivirusPro2009
c:\program files\AntivirusPro2009\AntivirusPro2009.exe
c:\program files\AntivirusPro2009\AVEngn.dll
c:\program files\AntivirusPro2009\data\daily.cvd
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro2009\pthreadVC2.dll
c:\program files\AntivirusPro2009\Uninstall.exe
c:\program files\AntivirusPro2009\wscui.cpl
c:\windows\system32\3mgylNJd.exe
c:\windows\system32\3mgylNJd.exe.a_a
c:\windows\system32\3mgylNJd.exe_
c:\windows\system32\brastk.exe
c:\windows\system32\d8bxwJE0.exe
c:\windows\system32\DelSelf.bat
c:\windows\system32\msansspc.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At17.job
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.

2008-11-06 17:52 . 2008-11-06 17:52 388,608 --a------ c:\windows\system32\CF14610.exe.vir
2008-11-06 11:22 . 2008-11-06 11:22 <DIR> d-------- C:\rsit
2008-11-06 11:09 . 2008-11-06 11:09 250 --a------ c:\windows\gmer.ini
2008-11-04 15:58 . 2008-11-04 15:58 8,216 --a------ c:\windows\system32\mst120.dll
2008-11-04 11:59 . 2008-11-04 12:00 489 --a------ c:\windows\wininit.ini
2008-11-03 20:07 . 2008-11-03 20:07 <DIR> d-------- C:\_OTMoveIt
2008-11-01 19:17 . 2008-11-01 22:16 734,107,982 --a------ C:\What the Bleep do we Know.AVI
2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\windows\system32\EXP
2008-11-01 01:00 . 2008-11-01 01:00 <DIR> d-------- c:\program files\Expstudio
2008-11-01 01:00 . 2008-11-01 01:00 161,265 --a------ c:\windows\Expstudio Audio Editor FREE Uninstaller.exe
2008-11-01 00:51 . 2008-11-01 00:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-01 00:49 . 2008-11-01 01:00 <DIR> d-------- c:\program files\AoA Audio Extractor
2008-10-20 04:51 . 2008-10-20 04:51 <DIR> d-------- C:\We Own the Night[2007]DvDrip[Eng]-FXG
2008-10-19 21:16 . 2008-10-19 21:16 <DIR> d-------- C:\The.Forbidden.Kingdom[2008]DvDrip-aXXo
2008-10-19 20:39 . 2008-10-21 21:23 <DIR> d-------- C:\Charlie.Bartlett.DVDRip.XviD-DiAMOND
2008-10-18 21:15 . 2008-10-18 21:15 <DIR> d-------- C:\Dashboard Confessional - A Mark A Mission A Brand A Scar
2008-10-17 19:03 . 2008-10-17 19:03 <DIR> d-------- C:\Journey.To.The.Center.Of.The.Earth[2008]DvDrip-aXXo
2008-10-16 20:47 . 2008-10-16 20:47 <DIR> d-------- C:\the girls next door complete
2008-10-14 21:57 . 2008-10-14 21:57 <DIR> d-------- C:\[Nyoro~n Subs] Rebuild of Evangelion 1.01 YOU ARE (NOT) ALONE (DVD MP3 H264)
2008-10-14 21:45 . 2008-10-16 05:16 982,161,532 --a------ C:\Akira.1988.DVDRip.DivX.english.dubbed.avi
2008-10-10 20:06 . 2008-10-10 20:06 <DIR> d-------- C:\Jon.and.Kate.Plus.8.S01.DVDRip.XviD-cwa
2008-10-08 10:57 . 2008-10-08 10:57 <DIR> d-------- c:\program files\WinAVI Video Converter
2008-10-08 10:52 . 2008-10-08 10:52 <DIR> d-------- C:\WinAVI Video Converter v8.0 + Keymaker. Jaybob
2008-10-08 10:44 . 2008-10-08 10:44 <DIR> d-------- c:\documents and settings\Randizel\Application Data\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 01:30 --------- d-----w c:\documents and settings\Randizel\Application Data\LimeWire
2008-11-06 19:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-04 20:01 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-04 04:01 --------- d-----w c:\program files\Java
2008-11-02 21:36 --------- d-----w c:\program files\Magic Video Converter
2008-10-27 00:23 --------- d-----w c:\documents and settings\Randizel\Application Data\DivX
2008-10-26 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-23 04:13 --------- d-----w c:\documents and settings\Randizel\Application Data\dvdcss
2008-10-21 20:22 --------- d-----w c:\program files\DivX
2008-10-08 16:52 --------- d-----w c:\program files\Viewpoint
2008-10-08 16:52 --------- d-----w c:\program files\AIM6
2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-10-08 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-05 08:38 --------- d-----w c:\program files\PokerStars
2008-10-02 15:41 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-02 15:08 --------- d-----w c:\documents and settings\Randizel\Application Data\skypePM
2008-09-27 05:28 --------- d-----w c:\program files\ABC
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 04:42 --------- d-----w c:\documents and settings\Randizel\Application Data\Skype
2007-12-31 02:43 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-06_13.17.43.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-07 01:19:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-12 21686568]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-12-30 20480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208]
"SoundMan"="SOUNDMAN.EXE" [2005-07-21 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\Randizel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-02-08 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-07-04 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-30 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
.
Contents of the 'Scheduled Tasks' folder

2008-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-05 c:\windows\Tasks\At10.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At11.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-06 c:\windows\Tasks\At13.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-06 c:\windows\Tasks\At14.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-06 c:\windows\Tasks\At15.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-06 c:\windows\Tasks\At16.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-07 c:\windows\Tasks\At18.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At19.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At2.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At20.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At21.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At22.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At23.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At24.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At25.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At26.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At27.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At28.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At29.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At3.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At30.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At31.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At32.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At33.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At34.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At35.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At36.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-06 c:\windows\Tasks\At37.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-06 c:\windows\Tasks\At38.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-06 c:\windows\Tasks\At39.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At4.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-06 c:\windows\Tasks\At40.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-07 c:\windows\Tasks\At41.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-07 c:\windows\Tasks\At42.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At43.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At44.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At45.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At46.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At47.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At48.job
- c:\windows\system32\3mgylNJd.exe []

2008-11-05 c:\windows\Tasks\At5.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At6.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At7.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At8.job
- c:\windows\system32\d8bxwJE0.exe []

2008-11-05 c:\windows\Tasks\At9.job
- c:\windows\system32\d8bxwJE0.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-brastk - c:\windows\system32\brastk.exe
HKLM-Run-Antivirus Pro 2009 - c:\program files\AntivirusPro2009\AntivirusPro2009.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 17:57:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-06 17:58:44
ComboFix-quarantined-files.txt 2008-11-07 01:58:27
ComboFix2.txt 2008-11-06 21:18:33

Pre-Run: 128,764,428,288 bytes free
Post-Run: 128,788,443,136 bytes free

283
awordz is offline