Tech Support Forum - View Single Post

gotenkskun · 06-24-2009, 10:23 PM

Here are the combofix results.

ComboFix 09-06-23.01 - Jonathan 06/24/2009 23:09.17 - NTFSx86
Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-23 00:07 . 2009-06-23 00:07 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-20 03:07 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-20 03:07 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-20 02:57 . 2009-06-20 02:57 -------- d-----w- C:\QUARANTINE
2009-06-20 02:47 . 2009-06-20 02:47 2 ----a-w- c:\windows\010112010146118114.dat
2009-06-20 02:46 . 2009-06-20 02:46 28160 ---h--w- c:\windows\ld10.exe
2009-06-11 05:16 . 2009-06-11 05:16 152576 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-06 10:31 . 2009-06-06 10:31 4141117 ----a-w- c:\documents and settings\Jonathan\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2009-06-06 10:31 . 2009-06-06 10:31 6516755 ----a-w- c:\documents and settings\Jonathan\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 04:15 . 2007-08-22 14:03 -------- d-----w- c:\program files\Steam
2009-06-25 04:14 . 2009-01-17 06:13 -------- d-----w- c:\program files\DNA
2009-06-25 04:14 . 2009-01-17 06:13 -------- d-----w- c:\documents and settings\Jonathan\Application Data\DNA
2009-06-23 05:02 . 2008-12-06 05:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-23 05:02 . 2008-12-07 05:19 -------- d-----w- c:\program files\SpywareBlaster
2009-06-21 22:12 . 2008-11-02 09:44 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-19 03:30 . 2007-09-17 05:42 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Azureus
2009-06-17 05:40 . 2009-05-25 02:27 -------- d-----w- c:\program files\Warcraft III
2009-06-17 02:12 . 2007-08-21 13:37 -------- d-----w- c:\program files\Common Files\AOL
2009-06-17 02:12 . 2007-08-21 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-13 06:56 . 2007-10-21 09:36 120 ----a-w- C:\drmHeader.bin
2009-06-11 05:18 . 2008-02-25 05:42 -------- d-----w- c:\program files\Java
2009-05-25 02:50 . 2009-05-25 02:34 76832 ----a-w- c:\windows\War3Unin.dat
2009-05-25 02:49 . 2009-05-25 02:34 2829 ----a-w- c:\windows\War3Unin.pif
2009-05-25 02:49 . 2009-05-25 02:34 139264 ----a-w- c:\windows\War3Unin.exe
2009-05-21 05:20 . 2009-04-09 06:09 0 ----a-w- c:\windows\Yxonamoti.bin
2009-05-19 06:36 . 2009-06-13 03:29 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-05-19 06:36 . 2009-06-13 03:29 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-05-19 06:36 . 2009-06-13 03:29 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 06:36 . 2009-06-13 03:29 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-05-19 06:36 . 2009-06-13 03:29 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 06:36 . 2009-06-13 03:29 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 06:36 . 2009-06-13 03:29 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-05-19 06:36 . 2009-06-13 03:29 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 01:51 . 2009-04-08 02:54 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-05-04 01:48 . 2009-05-04 01:48 -------- d-----w- c:\program files\Belkin
2009-05-04 01:48 . 2007-08-21 07:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-04 01:48 . 2009-05-04 01:48 -------- d-----w- c:\documents and settings\Jonathan\Application Data\InstallShield
2009-05-03 15:54 . 2008-07-30 01:45 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Move Networks
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 13:40 . 2009-04-09 06:09 300 ----a-w- c:\windows\Tpesolinino.dat
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-11 04:44 . 2007-09-21 01:49 7114736 ----a-w- c:\documents and settings\Jonathan\Application Data\Azureus\plugins\azemp\azmplay.exe
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-11-30 09:08 . 2008-11-30 09:08 24 --sha-w- c:\windows\SFEDBC627.tmp
2008-08-30 11:06 . 2008-08-30 11:06 61952 --sha-w- c:\windows\system32\nobajanu.dll.tmp
2008-08-30 11:06 . 2008-08-30 11:06 61952 --sha-w- c:\windows\system32\rupetapa.dll.tmp
2008-08-30 11:06 . 2008-08-30 11:06 61952 --sha-w- c:\windows\system32\vohetufa.dll.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-06-25_03.51.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-25 04:14 . 2009-06-25 04:14 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-11 1217784]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\Xtras\mssysmgr.exe" [2004-11-12 212992]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-17 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-23 339968]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-23 32768]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-28 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-29 185632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-01 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-23 32768]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-2-22 32768]
Belkin N Wireless USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D8053\v5\Belkinwcui.exe [2009-5-3 1605632]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-8-3 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJCvTji]
2009-01-15 11:57 44544 ----a-w- c:\windows\system32\ljJCvTji.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Documents and Settings\\Jonathan\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\naPrdMgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6112:TCP"= 6112:TCP:warcraft
"8085:TCP"= 8085:TCP:driver

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [5/3/2009 8:48 PM 38144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/13/2008 11:22 PM 24652]
R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [4/7/2009 9:54 PM 53307]
R3 RTL8192u;Realtek RTL8192U Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192u.sys [5/3/2009 8:48 PM 450432]
S0 tanzwxpz;tanzwxpz;c:\windows\system32\drivers\tlnkidyt.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amaena.com
Trusted Zone: avsystemcare.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: virusremover2008.com
Trusted Zone: virusschlacht.com
Trusted Zone: amaena.com
Trusted Zone: avsystemcare.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusremover2008.com
Trusted Zone: virusschlacht.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 23:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\drivers\tlnkidyt.sys 25088 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3472)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
c:\windows\system32\wscntfy.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Nero\data\Xtras\mssysmgr.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
.
**************************************************************************
.
Completion time: 2009-06-25 23:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 04:19
ComboFix2.txt 2009-06-23 00:09

Pre-Run: 37,476,847,616 bytes free
Post-Run: 37,445,447,680 bytes free

183 --- E O F --- 2009-06-10 09:42

06-24-2009, 10:23 PM	#5 (permalink)
gotenkskun Registered User Join Date: Dec 2008 Posts: 13 OS: xp service pack 3	Re: Taskbar will not appear Here are the combofix results. ComboFix 09-06-23.01 - Jonathan 06/24/2009 23:09.17 - NTFSx86 Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 ))))))))))))))))))))))))))))))) . 2009-06-23 00:07 . 2009-06-23 00:07 -------- dc----w- c:\windows\system32\dllcache\cache 2009-06-20 03:07 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe 2009-06-20 03:07 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe 2009-06-20 02:57 . 2009-06-20 02:57 -------- d-----w- C:\QUARANTINE 2009-06-20 02:47 . 2009-06-20 02:47 2 ----a-w- c:\windows\010112010146118114.dat 2009-06-20 02:46 . 2009-06-20 02:46 28160 ---h--w- c:\windows\ld10.exe 2009-06-11 05:16 . 2009-06-11 05:16 152576 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-06 10:31 . 2009-06-06 10:31 4141117 ----a-w- c:\documents and settings\Jonathan\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe 2009-06-06 10:31 . 2009-06-06 10:31 6516755 ----a-w- c:\documents and settings\Jonathan\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 04:15 . 2007-08-22 14:03 -------- d-----w- c:\program files\Steam 2009-06-25 04:14 . 2009-01-17 06:13 -------- d-----w- c:\program files\DNA 2009-06-25 04:14 . 2009-01-17 06:13 -------- d-----w- c:\documents and settings\Jonathan\Application Data\DNA 2009-06-23 05:02 . 2008-12-06 05:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-23 05:02 . 2008-12-07 05:19 -------- d-----w- c:\program files\SpywareBlaster 2009-06-21 22:12 . 2008-11-02 09:44 -------- d-----w- c:\program files\Combined Community Codec Pack 2009-06-19 03:30 . 2007-09-17 05:42 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Azureus 2009-06-17 05:40 . 2009-05-25 02:27 -------- d-----w- c:\program files\Warcraft III 2009-06-17 02:12 . 2007-08-21 13:37 -------- d-----w- c:\program files\Common Files\AOL 2009-06-17 02:12 . 2007-08-21 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL 2009-06-13 06:56 . 2007-10-21 09:36 120 ----a-w- C:\drmHeader.bin 2009-06-11 05:18 . 2008-02-25 05:42 -------- d-----w- c:\program files\Java 2009-05-25 02:50 . 2009-05-25 02:34 76832 ----a-w- c:\windows\War3Unin.dat 2009-05-25 02:49 . 2009-05-25 02:34 2829 ----a-w- c:\windows\War3Unin.pif 2009-05-25 02:49 . 2009-05-25 02:34 139264 ----a-w- c:\windows\War3Unin.exe 2009-05-21 05:20 . 2009-04-09 06:09 0 ----a-w- c:\windows\Yxonamoti.bin 2009-05-19 06:36 . 2009-06-13 03:29 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe 2009-05-19 06:36 . 2009-06-13 03:29 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat 2009-05-19 06:36 . 2009-06-13 03:29 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat 2009-05-19 06:36 . 2009-06-13 03:29 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe 2009-05-19 06:36 . 2009-06-13 03:29 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe 2009-05-19 06:36 . 2009-06-13 03:29 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe 2009-05-19 06:36 . 2009-06-13 03:29 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe 2009-05-19 06:36 . 2009-06-13 03:29 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll 2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-04 01:51 . 2009-04-08 02:54 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-05-04 01:48 . 2009-05-04 01:48 -------- d-----w- c:\program files\Belkin 2009-05-04 01:48 . 2007-08-21 07:12 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-04 01:48 . 2009-05-04 01:48 -------- d-----w- c:\documents and settings\Jonathan\Application Data\InstallShield 2009-05-03 15:54 . 2008-07-30 01:45 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Move Networks 2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-23 13:40 . 2009-04-09 06:09 300 ----a-w- c:\windows\Tpesolinino.dat 2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-11 04:44 . 2007-09-21 01:49 7114736 ----a-w- c:\documents and settings\Jonathan\Application Data\Azureus\plugins\azemp\azmplay.exe 2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2008-11-30 09:08 . 2008-11-30 09:08 24 --sha-w- c:\windows\SFEDBC627.tmp 2008-08-30 11:06 . 2008-08-30 11:06 61952 --sha-w- c:\windows\system32\nobajanu.dll.tmp 2008-08-30 11:06 . 2008-08-30 11:06 61952 --sha-w- c:\windows\system32\rupetapa.dll.tmp 2008-08-30 11:06 . 2008-08-30 11:06 61952 --sha-w- c:\windows\system32\vohetufa.dll.tmp . ((((((((((((((((((((((((((((( SnapShot@2009-06-25_03.51.24 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-25 04:14 . 2009-06-25 04:14 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\Steam.exe" [2009-06-11 1217784] "PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\Xtras\mssysmgr.exe" [2004-11-12 212992] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-17 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-23 339968] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-23 32768] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-28 111952] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-29 185632] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-01 77824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-23 32768] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\Jonathan\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] c:\documents and settings\All Users\Start Menu\Programs\Startup\ ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-2-22 32768] Belkin N Wireless USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D8053\v5\Belkinwcui.exe [2009-5-3 1605632] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-8-3 394856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJCvTji] 2009-01-15 11:57 44544 ----a-w- c:\windows\system32\ljJCvTji.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Documents and Settings\\Jonathan\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\McAfee\\Common Framework\\naPrdMgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "6112:TCP"= 6112:TCP:warcraft "8085:TCP"= 8085:TCP:driver R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [5/3/2009 8:48 PM 38144] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/13/2008 11:22 PM 24652] R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [4/7/2009 9:54 PM 53307] R3 RTL8192u;Realtek RTL8192U Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192u.sys [5/3/2009 8:48 PM 450432] S0 tanzwxpz;tanzwxpz;c:\windows\system32\drivers\tlnkidyt.sys [] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] --- Other Services/Drivers In Memory --- NewlyCreated - GTNDIS5 . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: amaena.com Trusted Zone: avsystemcare.com Trusted Zone: onerateld.com Trusted Zone: safetydownload.com Trusted Zone: virusremover2008.com Trusted Zone: virusschlacht.com Trusted Zone: amaena.com Trusted Zone: avsystemcare.com Trusted Zone: onerateld.com Trusted Zone: safetydownload.com Trusted Zone: trustedantivirus.com Trusted Zone: virusremover2008.com Trusted Zone: virusschlacht.com FF - ProfilePath - . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-24 23:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\drivers\tlnkidyt.sys 25088 bytes executable scan completed successfully hidden files: 1 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3472) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe c:\windows\system32\wscntfy.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\program files\Nero\data\Xtras\mssysmgr.exe c:\program files\McAfee\VirusScan Enterprise\mcshield.exe . ************************************************************************ . Completion time: 2009-06-25 23:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-25 04:19 ComboFix2.txt 2009-06-23 00:09 Pre-Run: 37,476,847,616 bytes free Post-Run: 37,445,447,680 bytes free 183 --- E O F --- 2009-06-10 09:42