ComboFix 08-12-05.06 - Jonathan 2008-12-06 10:03:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.548 [GMT -6:00]
Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\atasepeb.ini
c:\windows\system32\basadofo.dll
c:\windows\system32\bepesata.dll
c:\windows\system32\dijuzihi.dll
c:\windows\system32\diwunawo.dll
c:\windows\system32\fayebuzu.dll
c:\windows\system32\fopihofu.dll
c:\windows\system32\hahonuhe.dll
c:\windows\system32\ikoniyot.ini
c:\windows\system32\kejowigi.dll
c:\windows\system32\obapuvaf.ini
c:\windows\system32\ofodasab.ini
c:\windows\system32\omerohav.ini
c:\windows\system32\ototafaw.ini
c:\windows\system32\petatusa.dll
c:\windows\system32\popiwoba.dll
c:\windows\system32\rutihuku.dll
c:\windows\system32\sapayuse.dll
c:\windows\system32\seyohehu.dll
c:\windows\system32\sovanavo.dll
c:\windows\system32\subobuhi.dll
c:\windows\system32\toyinoki.dll
c:\windows\system32\uzubeyaf.ini
c:\windows\system32\vahoremo.dll
c:\windows\system32\wafatoto.dll
c:\windows\system32\zesupoma.dll
c:\windows\system32\zilebobi.dll
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.
2008-12-06 02:03 . 2008-12-06 02:12 250 --a------ c:\windows\gmer.ini
2008-12-05 23:59 . 2008-12-05 23:59 <DIR> d-------- c:\documents and settings\Administrator
2008-12-05 23:42 . 2008-12-06 01:12 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-05 23:42 . 2008-12-06 01:12 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-04 01:36 . 2008-12-06 00:58 326 --a------ c:\windows\wininit.ini
2008-12-04 00:42 . 2008-12-06 01:33 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-04 00:42 . 2008-12-06 01:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-02 01:25 . 2008-12-02 01:25 <DIR> d-------- C:\VundoFix Backups
2008-11-30 19:29 . 2008-12-05 23:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-30 19:29 . 2008-12-05 23:40 <DIR> d-------- c:\documents and settings\Jonathan\Application Data\SUPERAntiSpyware.com
2008-11-30 19:29 . 2008-11-30 19:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-30 03:17 . 2008-12-05 23:17 <DIR> d-------- c:\program files\DOSBox-0.72
2008-11-30 03:09 . 2008-11-30 03:20 <DIR> d-------- C:\Dosbox
2008-11-30 03:08 . 2008-11-30 04:00 <DIR> d-------- c:\program files\SlySoft
2008-11-30 03:08 . 2008-11-30 03:08 24 --ahs---- c:\windows\SFEDBC627.tmp
2008-11-30 03:05 . 2008-11-30 20:09 <DIR> d-------- C:\MECH2
2008-11-30 02:08 . 2008-11-30 02:08 <DIR> d-------- c:\documents and settings\Jonathan\WINDOWS
2008-11-30 01:40 . 2008-11-30 01:40 <DIR> d-------- c:\program files\VDMSound
2008-11-30 01:30 . 2008-11-30 01:30 66,336 --ah----- C:\ABBOADFJ
2008-11-30 01:18 . 2008-11-30 01:18 <DIR> d--h----- c:\windows\PIF
2008-11-29 23:33 . 2008-11-29 23:33 66,336 --ah----- C:\BHCBBGBK
2008-11-21 23:43 . 2008-11-21 23:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-12 01:06 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 01:06 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 16:07 --------- d-----w c:\program files\Steam
2008-12-06 05:59 --------- d-----w c:\program files\Azureus
2008-12-06 05:57 --------- d-----w c:\documents and settings\Jonathan\Application Data\Azureus
2008-11-22 05:44 --------- d-----w c:\program files\AIM6
2008-11-22 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-22 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-02 09:46 --------- d-----w c:\program files\Combined Community Codec Pack
2008-11-02 09:36 --------- d-----w c:\program files\DivX
2008-11-02 09:31 --------- d-----w c:\program files\ffdshow
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-05 08:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090520080906\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\Xtras\mssysmgr.exe" [2004-11-11 212992]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 32768]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-29 185632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-22 32768]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-22 32768]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-03 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Steam\\steamapps\\hunterje\\half-life\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Documents and Settings\\Jonathan\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\naPrdMgr.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-02-13 24652]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba50f9a7-4f77-11dc-bb6b-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{ee9b4520-965a-4209-9d71-56da0a710be1} - c:\windows\system32\diwunawo.dll
HKLM-Run-dovenuwafi - c:\windows\system32\degipeme.dll
HKLM-Run-CPM7719aed2 - c:\windows\system32\hafurive.dll
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\1a50qg8x.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-06 10:07:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
.
**************************************************************************
.
Completion time: 2008-12-06 10:13:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 16:13:00
Pre-Run: 3,847,372,800 bytes free
Post-Run: 3,789,758,464 bytes free
176 --- E O F --- 2008-11-30 05:26:33