Tech Support Forum - View Single Post

kornjulio · 11-16-2008, 07:24 AM

Thank You. Did as instructed, no issues and recovery console installed. Log as requested:

ComboFix 08-11-14.01 - Kevin 2008-11-16 8:59:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.505 [GMT -5:00]
Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kevin\Cookies\fydejacu.bat
c:\documents and settings\Kevin\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Kevin\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Kevin\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Kevin\Local Settings\Temporary Internet Files\sekubu.sys
c:\program files\Common\helper.sig
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\TDSSosvd.dat
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-13 18:12 . 2008-11-13 18:13 250 --a------ c:\windows\gmer.ini
2008-11-12 21:28 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-12 21:02 . 2008-11-12 21:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-12 20:22 . 2008-11-12 20:22 <DIR> d-------- c:\program files\Trend Micro
2008-11-12 04:24 . 2008-11-12 04:24 <DIR> d-------- c:\windows\oqmm
2008-11-12 04:24 . 2008-11-12 10:03 <DIR> d-------- c:\program files\Common Files\oqmm
2008-11-11 21:14 . 2008-11-12 21:38 <DIR> d--hs---- c:\windows\S2V2aW4gQmF1bQ
2008-11-11 20:57 . 2008-11-11 20:57 <DIR> d-------- c:\documents and settings\Kevin\Application Data\Twain
2008-11-08 19:55 . 2008-11-14 18:06 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-08 19:55 . 2008-11-08 19:55 1,409 --a------ c:\windows\QTFont.for
2008-10-17 20:01 . 2008-10-17 20:01 <DIR> d-------- c:\documents and settings\Kevin\Application Data\Malwarebytes
2008-10-17 20:01 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-17 20:01 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-17 20:00 . 2008-11-12 18:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-17 20:00 . 2008-10-17 20:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-17 19:21 . 2008-10-17 19:21 <DIR> d-------- c:\program files\Enigma Software Group
2008-10-17 19:18 . 2008-10-17 19:18 19,106 --a------ c:\windows\system32\feda.db
2008-10-17 19:18 . 2008-10-17 19:18 18,938 --a------ c:\windows\raqamite.reg
2008-10-17 19:18 . 2008-10-17 19:18 18,297 --a------ c:\program files\Common Files\baloqufyw.bin
2008-10-17 19:18 . 2008-10-17 19:18 17,752 --a------ c:\windows\edoxyd._dl
2008-10-17 19:18 . 2008-10-17 19:18 17,720 --a------ c:\documents and settings\All Users\Application Data\omizamit.com
2008-10-17 19:18 . 2008-10-17 19:18 17,081 --a------ c:\documents and settings\Kevin\Application Data\pumyzarete.dat
2008-10-17 19:18 . 2008-10-17 19:18 17,036 --a------ c:\windows\ecoxa.com
2008-10-17 19:18 . 2008-10-17 19:18 16,080 --a------ c:\documents and settings\Kevin\Application Data\zydejoma.pif
2008-10-17 19:18 . 2008-10-17 19:18 15,678 --a------ c:\documents and settings\Kevin\Application Data\pypibu.scr
2008-10-17 19:18 . 2008-10-17 19:18 15,038 --a------ c:\program files\Common Files\lopylama.pif
2008-10-17 19:18 . 2008-10-17 19:18 12,699 --a------ c:\program files\Common Files\xarec.vbs
2008-10-17 19:18 . 2008-10-17 19:18 11,723 --a------ c:\documents and settings\Kevin\Application Data\osivyq.dll
2008-10-17 19:18 . 2008-10-17 19:18 11,570 --a------ c:\windows\wyjil.scr
2008-10-17 19:18 . 2008-10-17 19:18 10,892 --a------ c:\windows\uhapazecu.scr
2008-10-17 08:29 . 2008-11-16 08:59 <DIR> d-------- c:\program files\Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 14:06 --------- d-----w c:\program files\MP3 Rocket
2008-11-13 23:08 --------- d-----w c:\program files\Norton AntiVirus
2008-11-13 16:50 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-13 03:28 --------- d-----w c:\program files\Java
2008-11-13 02:03 --------- d-----w c:\program files\Lavasoft
2008-11-13 02:03 --------- d-----w c:\documents and settings\Kevin\Application Data\Lavasoft
2008-11-13 02:01 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-02 11:24 --------- d-----w c:\program files\Google
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [2004-05-12 196608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-30 1945600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"Gainward"="c:\windows\TBPanel.exe" [2004-12-29 2043904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2004-10-06 176128]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-02-28 68768]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-09-03 95960]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-04 155648]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"C-Media Mixer"="Mixer.exe" [2002-06-12 c:\windows\mixer.exe]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]

c:\documents and settings\Kevin\Start Menu\Programs\Startup\
MP3 Rocket (silent).lnk - c:\program files\MP3 Rocket\MP3Rocket_on_startup.exe [2006-12-13 66168]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
EPSON SMART PANEL for Scanner.lnk - c:\program files\EPSON\EPSON SMART PANEL for Scanner\ESPMAIN.EXE [2005-01-08 180224]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-07-10 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-07-10 51984]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=karna.dat jflnql.dll ujpeye.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.MJPG"= jl_mjpg2.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys [2006-01-14 21632]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2004-10-04 75925]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2004-10-04 36423]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys [2004-10-04 10005]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2004-12-30 9510]
S3 JL2005;JL2005A Camera;c:\windows\system32\Drivers\toywdm.sys [2005-10-08 71512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39b2b980-7727-11da-971e-000d875484b4}]
\Shell\AutoRun\command - J:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-15 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\Navw32.exe [2003-12-04 18:22]

2008-11-15 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\cenetflt.dll

c:\windows\system32\ImageControl.dll - c:\windows\system32\AxCtp2.dll
O16 -: {BB383206-6DA1-4E80-B62A-3DF950FCC697}
hxxp://www.imgag.com/cp/install/AxCtp2.cab
c:\windows\Downloaded Program Files\AxCtp2.inf

c:\windows\Downloaded Program Files\DVCDownloaderControl.dll - O16 -: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51}
hxxp://www.sonypictures.com/games/thedavincicode/DVCDownloaderControl.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 09

39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\UAService7.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-11-16 9:11:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 14:10:43

Pre-Run: 43,255,738,368 bytes free
Post-Run: 47,520,686,080 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

194 --- E O F --- 2008-10-25 02:40:09

11-16-2008, 07:24 AM	#3 (permalink)
kornjulio Registered User Join Date: Nov 2008 Posts: 4 OS: xp pro sp2	Re: Old Java, got Virtumonde? Thank You. Did as instructed, no issues and recovery console installed. Log as requested: ComboFix 08-11-14.01 - Kevin 2008-11-16 8:59:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.505 [GMT -5:00] Running from: c:\documents and settings\Kevin\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kevin\Cookies\fydejacu.bat c:\documents and settings\Kevin\Local Settings\Temporary Internet Files\bestwiner.stt c:\documents and settings\Kevin\Local Settings\Temporary Internet Files\CPV.stt c:\documents and settings\Kevin\Local Settings\Temporary Internet Files\fbk.sts c:\documents and settings\Kevin\Local Settings\Temporary Internet Files\sekubu.sys c:\program files\Common\helper.sig c:\windows\Downloaded Program Files\setup.inf c:\windows\system32\TDSSosvd.dat c:\windows\wiaserviv.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 ))))))))))))))))))))))))))))))) . 2008-11-13 18:12 . 2008-11-13 18:13 250 --a------ c:\windows\gmer.ini 2008-11-12 21:28 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-12 21:02 . 2008-11-12 21:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-12 20:22 . 2008-11-12 20:22 <DIR> d-------- c:\program files\Trend Micro 2008-11-12 04:24 . 2008-11-12 04:24 <DIR> d-------- c:\windows\oqmm 2008-11-12 04:24 . 2008-11-12 10:03 <DIR> d-------- c:\program files\Common Files\oqmm 2008-11-11 21:14 . 2008-11-12 21:38 <DIR> d--hs---- c:\windows\S2V2aW4gQmF1bQ 2008-11-11 20:57 . 2008-11-11 20:57 <DIR> d-------- c:\documents and settings\Kevin\Application Data\Twain 2008-11-08 19:55 . 2008-11-14 18:06 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-08 19:55 . 2008-11-08 19:55 1,409 --a------ c:\windows\QTFont.for 2008-10-17 20:01 . 2008-10-17 20:01 <DIR> d-------- c:\documents and settings\Kevin\Application Data\Malwarebytes 2008-10-17 20:01 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-17 20:01 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-10-17 20:00 . 2008-11-12 18:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-10-17 20:00 . 2008-10-17 20:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-10-17 19:21 . 2008-10-17 19:21 <DIR> d-------- c:\program files\Enigma Software Group 2008-10-17 19:18 . 2008-10-17 19:18 19,106 --a------ c:\windows\system32\feda.db 2008-10-17 19:18 . 2008-10-17 19:18 18,938 --a------ c:\windows\raqamite.reg 2008-10-17 19:18 . 2008-10-17 19:18 18,297 --a------ c:\program files\Common Files\baloqufyw.bin 2008-10-17 19:18 . 2008-10-17 19:18 17,752 --a------ c:\windows\edoxyd._dl 2008-10-17 19:18 . 2008-10-17 19:18 17,720 --a------ c:\documents and settings\All Users\Application Data\omizamit.com 2008-10-17 19:18 . 2008-10-17 19:18 17,081 --a------ c:\documents and settings\Kevin\Application Data\pumyzarete.dat 2008-10-17 19:18 . 2008-10-17 19:18 17,036 --a------ c:\windows\ecoxa.com 2008-10-17 19:18 . 2008-10-17 19:18 16,080 --a------ c:\documents and settings\Kevin\Application Data\zydejoma.pif 2008-10-17 19:18 . 2008-10-17 19:18 15,678 --a------ c:\documents and settings\Kevin\Application Data\pypibu.scr 2008-10-17 19:18 . 2008-10-17 19:18 15,038 --a------ c:\program files\Common Files\lopylama.pif 2008-10-17 19:18 . 2008-10-17 19:18 12,699 --a------ c:\program files\Common Files\xarec.vbs 2008-10-17 19:18 . 2008-10-17 19:18 11,723 --a------ c:\documents and settings\Kevin\Application Data\osivyq.dll 2008-10-17 19:18 . 2008-10-17 19:18 11,570 --a------ c:\windows\wyjil.scr 2008-10-17 19:18 . 2008-10-17 19:18 10,892 --a------ c:\windows\uhapazecu.scr 2008-10-17 08:29 . 2008-11-16 08:59 <DIR> d-------- c:\program files\Common . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-16 14:06 --------- d-----w c:\program files\MP3 Rocket 2008-11-13 23:08 --------- d-----w c:\program files\Norton AntiVirus 2008-11-13 16:50 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2008-11-13 03:28 --------- d-----w c:\program files\Java 2008-11-13 02:03 --------- d-----w c:\program files\Lavasoft 2008-11-13 02:03 --------- d-----w c:\documents and settings\Kevin\Application Data\Lavasoft 2008-11-13 02:01 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-02 11:24 --------- d-----w c:\program files\Google 2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [2004-05-12 196608] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-30 1945600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496] "Gainward"="c:\windows\TBPanel.exe" [2004-12-29 2043904] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2004-10-06 176128] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-02-28 68768] "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-09-03 95960] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-04 155648] "SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "C-Media Mixer"="Mixer.exe" [2002-06-12 c:\windows\mixer.exe] "nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe] c:\documents and settings\Kevin\Start Menu\Programs\Startup\ MP3 Rocket (silent).lnk - c:\program files\MP3 Rocket\MP3Rocket_on_startup.exe [2006-12-13 66168] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] EPSON SMART PANEL for Scanner.lnk - c:\program files\EPSON\EPSON SMART PANEL for Scanner\ESPMAIN.EXE [2005-01-08 180224] Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-07-10 111376] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-07-10 51984] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=karna.dat jflnql.dll ujpeye.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm "VIDC.MJPG"= jl_mjpg2.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys [2006-01-14 21632] R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2004-10-04 75925] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2004-10-04 36423] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys [2004-10-04 10005] R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2004-12-30 9510] S3 JL2005;JL2005A Camera;c:\windows\system32\Drivers\toywdm.sys [2005-10-08 71512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39b2b980-7727-11da-971e-000d875484b4}] \Shell\AutoRun\command - J:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2008-11-15 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\Navw32.exe [2003-12-04 18:22] 2008-11-15 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\cenetflt.dll WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\cenetflt.dll c:\windows\system32\ImageControl.dll - c:\windows\system32\AxCtp2.dll O16 -: {BB383206-6DA1-4E80-B62A-3DF950FCC697} hxxp://www.imgag.com/cp/install/AxCtp2.cab c:\windows\Downloaded Program Files\AxCtp2.inf c:\windows\Downloaded Program Files\DVCDownloaderControl.dll - O16 -: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} hxxp://www.sonypictures.com/games/thedavincicode/DVCDownloaderControl.cab . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-16 0939 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\system32\UAService7.exe c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-11-16 9:11:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-16 14:10:43 Pre-Run: 43,255,738,368 bytes free Post-Run: 47,520,686,080 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 194 --- E O F --- 2008-10-25 02:40:09