Tech Support Forum - View Single Post

CreepZero · 11-12-2008, 05:06 PM

Thank you for helping me. I really appriciate your help.
I followed your instructions and here is my log:

ComboFix 08-11-11.01 - Terry 2008-11-12 23:44:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.578 [GMT 0:00]
Running from: c:\documents and settings\Terry\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\documents and settings\Terry\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\dbxDgrevCheck.dll
c:\windows\system32\MSINET.oca
c:\windows\Tasks\vnsojwww.job

.
((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-11 23:59 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-11 23:59 . 2008-11-12 23:52 200,819 --a------ c:\windows\system32\nvapps.xml
2008-11-11 23:59 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu
2008-11-11 23:58 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-10 12:28 . 2008-11-10 12:34 <DIR> d-------- C:\rsit
2008-11-10 12:10 . 2008-11-10 12:10 250 --a------ c:\windows\gmer.ini
2008-11-09 23:06 . 2008-11-09 23:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 23:06 . 2008-11-09 23:06 <DIR> d-------- c:\documents and settings\Terry\Application Data\Malwarebytes
2008-11-09 23:06 . 2008-11-09 23:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-09 23:06 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-09 23:06 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-09 17:58 . 2008-11-09 17:58 0 --a------ c:\windows\nsreg.dat
2008-11-09 17:54 . 2008-11-09 17:54 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-08 14:42 . 2008-11-08 14:43 367 --a------ c:\windows\wininit.ini
2008-11-08 10:56 . 2008-11-23 16:27 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-08 10:52 . 2008-11-12 12:23 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-08 10:52 . 2008-11-08 10:52 <DIR> d-------- c:\program files\AVG
2008-11-08 10:52 . 2008-11-08 10:52 <DIR> d-------- c:\documents and settings\Terry\Application Data\AVGTOOLBAR
2008-11-08 10:52 . 2008-11-08 16:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-08 10:52 . 2008-11-08 10:52 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-08 10:52 . 2008-11-08 10:52 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-08 10:52 . 2008-11-08 10:52 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-08 09:24 . 2008-11-08 09:24 90,915 --a------ c:\windows\system32\uipbmyazmmmtm.dll-uninst.exe
2008-11-08 08:51 . 2008-11-08 08:51 77,895 --a------ c:\windows\system32\amqrevolxw.exe
2008-11-08 08:45 . 2008-11-08 14:44 888 --ahs---- c:\windows\system32\onqWFfhk.ini
2008-11-08 08:15 . 2008-11-08 08:15 <DIR> d-------- c:\documents and settings\Terry\Application Data\IUpd721
2008-11-08 07:58 . 2008-11-08 07:58 79,094 --a------ c:\windows\system32\msuzwgcroqtw.exe
2008-11-08 07:57 . 2008-11-08 08:38 0 --a------ c:\windows\system32\drivers\c09a9aba.sys
2008-11-08 07:57 . 2008-11-08 07:57 0 --a------ C:\1753148352
2008-11-08 07:56 . 2008-11-08 13:33 <DIR> d-------- c:\windows\system32\xdt
2008-11-08 07:56 . 2008-11-23 15:55 <DIR> d-------- c:\windows\system32\sX3i19
2008-11-08 07:56 . 2008-11-08 14:05 <DIR> d-------- c:\windows\system32\mir5
2008-11-08 07:56 . 2008-11-08 13:30 <DIR> d-------- c:\windows\system32\IET
2008-11-08 07:56 . 2008-11-08 14:03 <DIR> d-------- c:\windows\system32\CT6
2008-11-02 10:24 . 2008-11-02 10:25 <DIR> d-------- c:\documents and settings\Jacqui\Application Data\uTorrent
2008-11-01 09:37 . 2008-11-01 09:37 178,176 --a------ c:\windows\system32\ymzalkgkpnuufbc.dll
2008-10-29 23:48 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-10-29 23:47 . 2008-10-29 23:47 <DIR> d-------- c:\windows\Logs
2008-10-28 22:36 . 2008-10-28 22:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 . 2008-10-28 22:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 . 2008-10-28 22:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 . 2008-10-28 22:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 . 2008-10-28 22:35 729,088 --a------ c:\windows\system32\divxdec.ax
2008-10-28 22:35 . 2008-10-28 22:35 684,032 --a------ c:\windows\system32\DivX.dll
2008-10-24 06:48 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 07:38 . 2008-10-23 07:38 <DIR> d-------- c:\windows\system32\scripting
2008-10-23 07:38 . 2008-10-23 07:38 <DIR> d-------- c:\windows\system32\en
2008-10-23 07:38 . 2008-10-23 07:38 <DIR> d-------- c:\windows\system32\bits
2008-10-23 07:38 . 2008-10-23 07:38 <DIR> d-------- c:\windows\l2schemas
2008-10-23 07:36 . 2008-10-23 07:36 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-16 21:41 . 2008-10-16 21:41 <DIR> d-------- c:\documents and settings\Terry\temp
2008-10-16 21:41 . 2008-10-16 21:48 <DIR> d-------- c:\documents and settings\Terry\Application Data\TeamViewer
2008-10-15 15:40 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 15:40 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 15:40 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 15:40 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 15:39 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 15:10 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 12:05 --------- d-----w c:\program files\Conduit
2008-11-09 23:30 --------- d-----w c:\program files\Java
2008-11-09 19:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-09 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-08 14:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-08 14:20 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-08 11:51 --------- d-----w c:\program files\PPMate
2008-11-08 09:53 7,308 ----a-w c:\documents and settings\Terry\Application Data\wklnhst.dat
2008-11-08 08:00 --------- d-----w c:\program files\Microsoft IntelliPoint
2008-11-07 23:30 --------- d-----w c:\program files\DivX
2008-11-05 15:10 --------- d-----w c:\documents and settings\Terry\Application Data\Apple Computer
2008-10-30 16:16 --------- d-----w c:\documents and settings\Terry\Application Data\Xfire
2008-10-30 14:38 --------- d-s---w c:\program files\Xfire
2008-10-30 00:06 22,328 ----a-w c:\documents and settings\Terry\Application Data\PnkBstrK.sys
2008-10-07 13:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-07-22 14:32 6,340 ----a-w c:\documents and settings\Jacqui\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus D92 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE" [2006-09-27 139264]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DTVRemote"="c:\program files\LifeView DTV\RemoteControl.exe" [2004-09-17 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-08 1234712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-09 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-06 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 c:\windows\ALCWZRD.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-01 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-07-16 303104]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-28 805392]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-08-22 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lyjdcu.dll,avgrsstx.dll glhugw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\supaking\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\supaking\\source sdk base\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\supaking\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\killerwurst1988\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\killerwurst1988\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\natalie664\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\PPMate\\ppmate.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\natalie664\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Terry\\temp\\TeamViewer3\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\supaking\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead demo\\left4dead.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-08 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-08 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-08 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-08 76040]
R3 LVHybrid;LVHybrid service;c:\windows\system32\DRIVERS\LVHybrid.sys [2004-09-07 699648]
S1 c09a9aba;c09a9aba;c:\windows\system32\drivers\c09a9aba.sys [2008-11-08 0]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
.
Contents of the 'Scheduled Tasks' folder

2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-lovefilm DLM Manager - c:\program files\LOVEFiLM International\Lovefilm Download Manager\Download Manager.exe
HKLM-Run-QuickTime Task - C:\qttask.exe
Notify-pmnkLFXR - pmnkLFXR.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Terry\Application Data\Mozilla\Firefox\Profiles\n75amry4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 23:52:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-11-13 0:02:07 - machine was rebooted [Terry]
ComboFix-quarantined-files.txt 2008-11-13 00:01:58

Pre-Run: 162,853,097,472 bytes free
Post-Run: 164,317,126,656 bytes free

220 --- E O F --- 2008-10-24 14

30

11-12-2008, 05:06 PM	#4 (permalink)
CreepZero Registered User Join Date: Nov 2008 Location: Manchester, UK Posts: 10 OS: xp	Re: Trojan/Malware/popups Thank you for helping me. I really appriciate your help. I followed your instructions and here is my log: ComboFix 08-11-11.01 - Terry 2008-11-12 23:44:24.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.578 [GMT 0:00] Running from: c:\documents and settings\Terry\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Application Data\twain_32 c:\documents and settings\LocalService\Application Data\twain_32\user.ds c:\documents and settings\NetworkService\Application Data\twain_32 c:\documents and settings\NetworkService\Application Data\twain_32\user.ds c:\documents and settings\Terry\Local Settings\Temporary Internet Files\fbk.sts c:\windows\system32\dbxDgrevCheck.dll c:\windows\system32\MSINET.oca c:\windows\Tasks\vnsojwww.job . ((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 ))))))))))))))))))))))))))))))) . 2008-11-11 23:59 . 2008-10-07 13:33 453,152 --a------ c:\windows\system32\nvudisp.exe 2008-11-11 23:59 . 2008-11-12 23:52 200,819 --a------ c:\windows\system32\nvapps.xml 2008-11-11 23:59 . 2008-10-07 13:33 18,477 --a------ c:\windows\system32\nvdisp.nvu 2008-11-11 23:58 . 2008-10-02 10:07 453,152 --a------ c:\windows\system32\NVUNINST.EXE 2008-11-10 12:28 . 2008-11-10 12:34 <DIR> d-------- C:\rsit 2008-11-10 12:10 . 2008-11-10 12:10 250 --a------ c:\windows\gmer.ini 2008-11-09 23:06 . 2008-11-09 23:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-09 23:06 . 2008-11-09 23:06 <DIR> d-------- c:\documents and settings\Terry\Application Data\Malwarebytes 2008-11-09 23:06 . 2008-11-09 23:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-09 23:06 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-09 23:06 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-09 17:58 . 2008-11-09 17:58 0 --a------ c:\windows\nsreg.dat 2008-11-09 17:54 . 2008-11-09 17:54 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-08 14:42 . 2008-11-08 14:43 367 --a------ c:\windows\wininit.ini 2008-11-08 10:56 . 2008-11-23 16:27 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-08 10:52 . 2008-11-12 12:23 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-08 10:52 . 2008-11-08 10:52 <DIR> d-------- c:\program files\AVG 2008-11-08 10:52 . 2008-11-08 10:52 <DIR> d-------- c:\documents and settings\Terry\Application Data\AVGTOOLBAR 2008-11-08 10:52 . 2008-11-08 16:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-08 10:52 . 2008-11-08 10:52 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-08 10:52 . 2008-11-08 10:52 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-11-08 10:52 . 2008-11-08 10:52 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-08 09:24 . 2008-11-08 09:24 90,915 --a------ c:\windows\system32\uipbmyazmmmtm.dll-uninst.exe 2008-11-08 08:51 . 2008-11-08 08:51 77,895 --a------ c:\windows\system32\amqrevolxw.exe 2008-11-08 08:45 . 2008-11-08 14:44 888 --ahs---- c:\windows\system32\onqWFfhk.ini 2008-11-08 08:15 . 2008-11-08 08:15 <DIR> d-------- c:\documents and settings\Terry\Application Data\IUpd721 2008-11-08 07:58 . 2008-11-08 07:58 79,094 --a------ c:\windows\system32\msuzwgcroqtw.exe 2008-11-08 07:57 . 2008-11-08 08:38 0 --a------ c:\windows\system32\drivers\c09a9aba.sys 2008-11-08 07:57 . 2008-11-08 07:57 0 --a------ C:\1753148352 2008-11-08 07:56 . 2008-11-08 13:33 <DIR> d-------- c:\windows\system32\xdt 2008-11-08 07:56 . 2008-11-23 15:55 <DIR> d-------- c:\windows\system32\sX3i19 2008-11-08 07:56 . 2008-11-08 14:05 <DIR> d-------- c:\windows\system32\mir5 2008-11-08 07:56 . 2008-11-08 13:30 <DIR> d-------- c:\windows\system32\IET 2008-11-08 07:56 . 2008-11-08 14:03 <DIR> d-------- c:\windows\system32\CT6 2008-11-02 10:24 . 2008-11-02 10:25 <DIR> d-------- c:\documents and settings\Jacqui\Application Data\uTorrent 2008-11-01 09:37 . 2008-11-01 09:37 178,176 --a------ c:\windows\system32\ymzalkgkpnuufbc.dll 2008-10-29 23:48 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll 2008-10-29 23:47 . 2008-10-29 23:47 <DIR> d-------- c:\windows\Logs 2008-10-28 22:36 . 2008-10-28 22:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll 2008-10-28 22:36 . 2008-10-28 22:36 823,296 --a------ c:\windows\system32\divx_xx07.dll 2008-10-28 22:35 . 2008-10-28 22:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll 2008-10-28 22:35 . 2008-10-28 22:35 802,816 --a------ c:\windows\system32\divx_xx11.dll 2008-10-28 22:35 . 2008-10-28 22:35 729,088 --a------ c:\windows\system32\divxdec.ax 2008-10-28 22:35 . 2008-10-28 22:35 684,032 --a------ c:\windows\system32\DivX.dll 2008-10-24 06:48 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-23 07:38 . 2008-10-23 07:38 <DIR> d-------- c:\windows\system32\scripting 2008-10-23 07:38 . 2008-10-23 07:38 <DIR> d-------- c:\windows\system32\en 2008-10-23 07:38 . 2008-10-23 07:38 <DIR> d-------- c:\windows\system32\bits 2008-10-23 07:38 . 2008-10-23 07:38 <DIR> d-------- c:\windows\l2schemas 2008-10-23 07:36 . 2008-10-23 07:36 <DIR> d-------- c:\windows\ServicePackFiles 2008-10-16 21:41 . 2008-10-16 21:41 <DIR> d-------- c:\documents and settings\Terry\temp 2008-10-16 21:41 . 2008-10-16 21:48 <DIR> d-------- c:\documents and settings\Terry\Application Data\TeamViewer 2008-10-15 15:40 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-15 15:40 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-15 15:40 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-15 15:40 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-15 15:39 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-15 15:10 . 2008-09-08 10:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-10 12:05 --------- d-----w c:\program files\Conduit 2008-11-09 23:30 --------- d-----w c:\program files\Java 2008-11-09 19:51 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-09 16:53 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2008-11-08 14:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-08 14:20 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-08 11:51 --------- d-----w c:\program files\PPMate 2008-11-08 09:53 7,308 ----a-w c:\documents and settings\Terry\Application Data\wklnhst.dat 2008-11-08 08:00 --------- d-----w c:\program files\Microsoft IntelliPoint 2008-11-07 23:30 --------- d-----w c:\program files\DivX 2008-11-05 15:10 --------- d-----w c:\documents and settings\Terry\Application Data\Apple Computer 2008-10-30 16:16 --------- d-----w c:\documents and settings\Terry\Application Data\Xfire 2008-10-30 14:38 --------- d-s---w c:\program files\Xfire 2008-10-30 00:06 22,328 ----a-w c:\documents and settings\Terry\Application Data\PnkBstrK.sys 2008-10-07 13:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys 2008-07-22 14:32 6,340 ----a-w c:\documents and settings\Jacqui\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "EPSON Stylus D92 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE" [2006-09-27 139264] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DTVRemote"="c:\program files\LifeView DTV\RemoteControl.exe" [2004-09-17 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-08 1234712] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-09 136600] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] "SoundMan"="SOUNDMAN.EXE" [2005-04-06 c:\windows\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-04-06 c:\windows\ALCWZRD.EXE] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-01 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-07-16 303104] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-28 805392] NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-08-22 49220] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=lyjdcu.dll,avgrsstx.dll glhugw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Xfire\\xfire.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\supaking\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\PPLive\\PPLive.exe"= "c:\\Program Files\\TVAnts\\Tvants.exe"= "c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\supaking\\source sdk base\\hl2.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\supaking\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\killerwurst1988\\day of defeat source\\hl2.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\killerwurst1988\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\natalie664\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\Valve\\Steam\\Steam.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\PPMate\\ppmate.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\natalie664\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Terry\\temp\\TeamViewer3\\TeamViewer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\supaking\\zombie panic! source\\hl2.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead demo\\left4dead.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-08 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-08 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-08 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-08 76040] R3 LVHybrid;LVHybrid service;c:\windows\system32\DRIVERS\LVHybrid.sys [2004-09-07 699648] S1 c09a9aba;c09a9aba;c:\windows\system32\drivers\c09a9aba.sys [2008-11-08 0] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512] . Contents of the 'Scheduled Tasks' folder 2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] . - - - - ORPHANS REMOVED - - - - HKCU-Run-lovefilm DLM Manager - c:\program files\LOVEFiLM International\Lovefilm Download Manager\Download Manager.exe HKLM-Run-QuickTime Task - C:\qttask.exe Notify-pmnkLFXR - pmnkLFXR.dll . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Terry\Application Data\Mozilla\Firefox\Profiles\n75amry4.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/ FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-12 23:52:59 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\AVG\AVG8\avgrsx.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe . ************************************************************************ . Completion time: 2008-11-13 0:02:07 - machine was rebooted [Terry] ComboFix-quarantined-files.txt 2008-11-13 00:01:58 Pre-Run: 162,853,097,472 bytes free Post-Run: 164,317,126,656 bytes free 220 --- E O F --- 2008-10-24 1430