Quote:
Originally Posted by tetonbob
Thanks.
Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.
|
I did not have to respond OK to anything and it did not open my browser.
log.txt:
ComboFix 08-11-12.01 - Ben 2008-11-13 9:18:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.541 [GMT -5:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ben\Desktop\CFScript.txt
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\Spyware Doctor\smumhook.dll
c:\program files\Spyware Doctor\klg.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\megvtacw.dat
c:\windows\system32\dsoun.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EDPWOFVK
-------\Service_edpwofvk
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.
2008-11-10 19:30 . 2008-11-10 19:30 <DIR> d-------- C:\rsit
2008-11-10 19:30 . 2008-11-10 19:30 <DIR> d-------- c:\program files\trend micro
2008-11-10 19:19 . 2008-11-12 18:17 250 --a------ c:\windows\gmer.ini
2008-11-10 14:50 . 2008-11-10 14:50 <DIR> d-------- c:\program files\Lavasoft
2008-11-10 14:50 . 2008-11-10 14:50 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-10 14:50 . 2008-11-10 14:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-10 14:30 . 2008-11-10 14:30 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-10 14:30 . 2008-11-10 14:30 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-10 14:30 . 2008-11-10 14:30 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-10 14:30 . 2008-11-10 14:30 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-10 13:22 . 2008-11-13 09:21 <DIR> d-------- c:\program files\Spyware Doctor
2008-11-10 13:22 . 2008-11-10 13:22 <DIR> d-------- c:\documents and settings\Ben\Application Data\PC Tools
2008-11-10 13:22 . 2008-11-13 09:24 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-10 13:22 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-11-10 13:22 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-11-10 13:22 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-11-10 13:22 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-07 20:22 . 2008-11-13 02:00 <DIR> d-------- c:\program files\SpyNoMore
2008-11-07 20:22 . 2008-11-07 20:22 1,152 --a------ c:\windows\system32\windrv.sys
2008-11-06 09:56 . 2008-11-12 12:41 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-06 09:52 . 2008-11-13 09:23 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-06 09:52 . 2008-11-06 09:59 <DIR> d-------- c:\documents and settings\Ben\Application Data\AVGTOOLBAR
2008-11-06 09:52 . 2008-11-06 09:52 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-06 09:52 . 2008-11-06 09:52 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-06 09:51 . 2008-11-06 09:51 <DIR> d-------- c:\program files\AVG
2008-11-06 09:51 . 2008-11-06 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-06 09:51 . 2008-11-06 09:51 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-06 09:30 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-06 09:30 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\dllcache\usbccgp.sys
2008-11-06 09:30 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-06 09:30 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 14:48 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-11-03 01:49 --------- d-----w c:\documents and settings\Ben\Application Data\AdobeUM
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2007-04-29 14:29 800,272 ----a-w c:\documents and settings\Ben\ppctl.dll
2007-08-24 23:27 1,135 --sh--w c:\windows\Fonts\ntp2.ini2
2007-02-18 19:41 88 --sh--r c:\windows\system32\D47D29D109.sys
2007-02-18 19:41 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-07_13.03.50.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-11 00:19:44 884,736 ----a-w c:\windows\gmer.dll
+ 2008-11-11 00:19:31 811,008 ----a-w c:\windows\gmer.exe
+ 2008-11-13 08:00:39 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2006-05-05 09:41:45 453,120 ------w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
- 2007-06-26 06:08:16 1,104,896 ------w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
+ 2008-04-29 15:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
+ 2008-04-29 15:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
+ 2008-11-11 00:19:44 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
+ 2008-04-29 15:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2008-05-16 15:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 19:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2008-11-02 10:39:59 61,188 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-10 18:23:43 61,188 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-02 10:40:00 399,522 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-10 18:23:43 399,522 ----a-w c:\windows\system32\perfh009.dat
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-11-13 14:22:02 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6b8.dat
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-06-14 98304]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-03 29744]
"EPSON Stylus Photo 820 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE" [2002-04-10 74240]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-26 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-06 1234712]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]
c:\documents and settings\LocalService\Start Menu\Programs\Startup\
updtpcps.bat [2003-02-27 39]
c:\documents and settings\NetworkService\Start Menu\Programs\Startup\
updtpcps.bat [2003-02-27 39]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-06-14 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-06 97928]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-06 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-06 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-06 76040]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-03 29744]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-11-07 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (DH08H5B1-Amy).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{10708868-CEF5-49E5-A211-A8339B8F7188} - c:\windows\system32\dsoun.dll
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-13 09:24:22
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Spyware Doctor\pctsAuxs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-13 9:27:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-13 14:27:05
ComboFix2.txt 2008-11-07 18:04:23
Pre-Run: 57,984,958,464 bytes free
Post-Run: 57,973,374,976 bytes free
176 --- E O F --- 2008-11-13 08:01:41