Thread: Only Affecting attempts to fix
View Single Post
Old 12-11-2008, 10:32 PM   #4 (permalink)
Kibure
Registered User
 
Join Date: Dec 2008
Posts: 8
OS: XP Home


Re: Only Affecting attempts to fix
After several hours of fussing with it, I was able to get the programs suggested to run.

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.albany-inn.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore

c:\windows\Downloaded Program Files\popcaploader.dll - O16 -: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
hxxp://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--7ef977fe-1f6b-4bbb-8939-8242fed46ce9/online/zuma_new/en/popcaploader_v10.cab
c:\windows\Downloaded Program Files\popcaploader.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 21:12:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-11 21:22:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-12 05:20:40

Pre-Run: 26,533,019,648 bytes free
Post-Run: 27,059,105,792 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

196 --- E O F --- 2008-12-09 23:35:16


DDS (Version 1.0) - NTFSx86 MINIMAL
Run by Administrator at 19:00:51.89 on Thu 12/11/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.151 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe
C:\Documents and Settings\Administrator\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mSearch Page =
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\npjpi160_03.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-26 97928]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-26 26824]
S1 NEOFLTR_550_12491;Juniper Networks TDI Filter Driver (NEOFLTR_550_12491);\??\c:\windows\system32\drivers\NEOFLTR_550_12491.SYS [2007-12-25 64144]
S2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-26 875288]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-26 231704]
S2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-26 76040]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-2-11 24652]

=============== Created Last 30 ================

2008-12-10 13:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2008-12-04 22:40 <DIR> --d----- c:\program files\Trend Micro
2008-12-04 22:07 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-04 22:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-04 21:07 <DIR> --d----- c:\program files\Lavasoft
2008-12-04 21:06 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-04 16:41 <DIR> --d----- c:\windows\pss
2008-12-04 14:41 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-04 14:41 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 14:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-04 14:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 14:30 <DIR> --d----- c:\docume~1\admini~1\applic~1\Juniper Networks
2008-12-04 14:30 <DIR> --d----- c:\documents and settings\Administrator
2008-11-27 08:57 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-11-26 10:52 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-26 10:52 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-26 10:52 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-26 10:52 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-26 10:52 <DIR> --d----- c:\program files\AVG
2008-11-26 10:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-25 13:57 26,112 a------- c:\windows\system32\stu2.exe
2008-11-11 19:16 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 19:15 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2008-12-08 21:21 <DIR> --d----- c:\program files\GameHouse
2008-11-26 12:44 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-26 12:44 <DIR> --d----- c:\program files\Symantec
2008-11-26 11:14 <DIR> --d----- c:\program files\Shockwave.com
2008-11-26 11:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-11-26 10:59 <DIR> --d----- c:\program files\MySpace
2008-11-25 13:57 10,752 a------- c:\windows\system32\userinit.exe
2008-10-23 04:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 12:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-03 02:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-08-18 07:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SoftLand Ltd
2008-05-17 13:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap
2008-03-20 16:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MumboJumbo
2007-01-22 09:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2006-12-22 04:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Infospace
2006-12-12 22:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FunGames
2008-08-10 19:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081020080811\index.dat

============= FINISH: 19:01:42.71 ===============
Attached Files
File Type: txt attach.txt (7.0 KB, 1 views)
Kibure is offline