Thread: multiple problems
View Single Post
Old 06-27-2009, 12:44 PM   #3 (permalink)
brhsoccer14
Registered User
 
Join Date: Dec 2007
Posts: 40
OS: xp

My System

Re: multiple problems
Weird... I only downloaded Symantec...


ComboFix 09-06-26.02 - Joey 06/27/2009 13:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1503 [GMT -5:00]
Running from: c:\documents and settings\Joey\Desktop\joey.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\UACqjnvdbbnetyxtaw.sys
c:\windows\system32\UACeebimonvupxeqwb.dll
c:\windows\system32\UACfpppxfolwawqqhl.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnulvkdqqsylcfua.db
c:\windows\system32\UACpjlywqqweocbefk.dll
c:\windows\system32\UACrpkwmroqcivcqwc.log
c:\windows\system32\UACsblqdfuxsvgdsho.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACtxjklqobfookvdp.log
c:\windows\system32\UACuyabrktnoteptas.dll
c:\windows\system32\UACvrdjmhkinswvcsm.log
c:\windows\system32\UACxdkpkcwqwgkxmis.dll
c:\windows\system32\UACxtpirmynqgpxiur.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-24 02:29 . 2009-06-24 02:29 10134 ----a-r- c:\documents and settings\Joey\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-24 02:29 . 2009-06-24 02:29 -------- d-----w- c:\program files\Microsoft WSE
2009-06-07 04:58 . 2009-06-07 04:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-06-07 03:14 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-07 02:45 . 2009-06-07 02:48 -------- d-----w- c:\windows\system32\oodag
2009-06-07 02:44 . 2009-06-07 02:44 -------- d-----w- c:\documents and settings\Joey\Local Settings\Application Data\O&O
2009-06-07 02:44 . 2009-06-07 02:44 -------- d-----w- c:\program files\OO Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 16:48 . 2008-09-10 21:48 -------- d-----w- c:\program files\Symantec AntiVirus
2009-06-27 16:17 . 2008-11-12 04:08 -------- d-----w- c:\program files\Steam
2009-06-24 03:10 . 2008-10-11 00:11 -------- d-----w- c:\program files\Electronic Arts
2009-06-24 03:10 . 2008-09-10 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 01:59 . 2008-09-11 20:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-31 03:08 . 2009-05-26 02:25 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-26 02:25 . 2009-05-26 02:25 -------- d-----w- c:\documents and settings\Joey\Application Data\Atari
2009-05-26 02:22 . 2009-05-26 02:22 -------- d-----w- c:\documents and settings\Joey\Application Data\Leadertech
2009-05-26 02:18 . 2009-05-26 02:18 -------- d-----w- c:\program files\Atari
2009-05-16 23:48 . 2009-03-14 02:29 530 ----a-w- c:\windows\eReg.dat
2009-05-09 23:24 . 2009-05-09 19:48 -------- d-----w- c:\program files\Full Tilt Poker
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"Steam"="c:\program files\steam\steam.exe" [2009-06-14 1217784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-10 136600]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-1-15 984352]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead demo\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2009 demo\\fm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\medieval ii total war demo\\medieval2.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 9:01 PM 101936]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: intuit.com\community
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Joey\Application Data\Mozilla\Firefox\Profiles\n229tw6y.test\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 13:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="A22405E8C1221C8BCE1C4A9AFE5EB8BAD464989A2B1AFD4171E842A75F774A4100CC4312DD26A005B4307A9ADC8F9D8F72C1E1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407BA7FD869164D6794A6A0AC4980AC7933C30D2F84E81B91C94B8DDA314E4694685428AA9EAE64E533E0318DC7D160F8B98911C5742F690492DF8919337D3F151C2E8C4E611396F4507A20F7C69401DFA9E25A9140F8EF040FC263EBFAD8BFDCDC2D0E6B3F0CDBD0F4367C90471FE32BDE89D9D82E8F755DFE529C67E95D7014D5766105D0EDDC1ED21FCCE8BBB9549D368B07592B4D060D0742BE94031CBC9693013F10D49D8736FE8F1B83BCBDE02CED4A5CC2C6A46F47B097D371703A55F38799E4F8AC940D23F6B8F356821D5A7FAB7BD939B418C57066AEEC6E7F722DED075F919B5EE262A79721E8CD6DD857F6F32980D4CC415FA47AB51CEF9F90FDFDCBC58B4B15A9C03723A09048010933A2B4B1D7210CCBD9B21F30FA50E6F5C3CE73941B4C1C9FA47BBF63059862598948BA466A1F90F6111BEEF3245B8E983DC07E670C5AE68E50CE796A62075E093FE13CECC5411F99A99664AB3752F202EEE4D22FAF240CD4C8C3BC8BCB4D63EA781DCE7E7EF120190B0E61D6D6EA934D2285B9AE5AC9C366561F5C6D661A8265215A6E292A0A9EF3DF222A49ACCD182EE21EE17DE4E16D4706D70F8FDA12F475E5B07AEF635CCBB91823E627E397C7E8805BDA09ABF589912A1B704057CA1529B8673527C8AA798E669823EB2C5A8FD68F241B0F9005BFF5D7497CA58ECF612551FE48F87DAFA12A413D5068379A80E5E78EFAA4F601D7B4E67718B835207C9E29A63DE327945F5964FDC23DBF50CF162665B931C7D042A5F56D07C5052FAD63FD4585B8F17B727DCE7F32E1FE69D57E2B29766FEECB0FB1E52876ED3CE2DFD0D273729D0B77BD894498BB2135471046190EB8715FC2F456DA58F2A41B9822DA6D7EBB0D26114B054BD15F9AA7BE9E2CD9F8E8190BF54DA83E616EB3E81CA688D5E9FCD2F944C58E2F6A82401B1947811888539EEC9C164D3E5E41386FB346F55EE8B61340007D5400D4EBD75E9173A9C50AAB8E00DF717E4B9825237A93F8D095E6CA423729E59B0E38487DBDDBAD21150306C645DD250A9A13B7B85C68DFDE547F012AA49898BC746EA920909B29F17F295CFDC1A81B53A501FB116C513D7432850669CB19CE248B868202AB693ABFC0E80BB97EC662D0A84C589981DF77FE0EFE68F0F7EB6951F3C22DBAEA53D8BE59E0545607B1AA8AA50F17137C1D9AFB8CA31A86F8C26DD80F1A6433AF5AA3B78DE55E83ECD7CA21629C67133B8255011162F445A0C701E306B5492CDCF15A89E4FEB0C5441B3E476677D981A77F7833"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2009-06-27 13:32
ComboFix-quarantined-files.txt 2009-06-27 18:32

Pre-Run: 247,827,230,720 bytes free
Post-Run: 248,094,371,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

139 --- E O F --- 2009-04-16 08:03
brhsoccer14 is offline