Thread: Virus trouble - deleting files?
View Single Post
Old 07-13-2009, 02:10 AM   #3 (permalink)
eightyd11
Registered User
 
Join Date: Jul 2009
Posts: 2
OS: XP


Re: Virus trouble - deleting files?
thanks for responding. Forgot the mention that when i start my computer sometimes it stays at a black screen for about 15 minutes right after loading windows. I'm [not] sure if I'm suppose to compress the log or post it. oh well, here it is:

ComboFix 09-07-12.03 - eightY-D 07/13/2009 0:44.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1274 [GMT -7:00]
Running from: c:\documents and settings\eightY-D\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
ADS - system32: deleted 3747 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\eightY-D\LOCALS~1\Temp\1.wmv
c:\documents and settings\eightY-D\eightY-D
c:\documents and settings\eightY-D\MSPAINT.EXE
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\ahpnjo.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\akxqsu.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\akxzua.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\bapike.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\cbweqe.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\cieokc.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\clplvq.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\crvglp.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\cygbzu.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\czrxhu.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\dtwjmp.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\dvnmdx.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\foarln.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\fydjln.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\fzxhsp.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\iripnk.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\jvsyyb.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\latyti.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\lhiilg.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\lloloh.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\lmcktb.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\lmgrrf.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\lzfqeb.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\mdeqmq.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\mdrmno.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\mwsudm.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\obxxcn.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\onixrp.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\otoctv.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\qfqcbd.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\qjmudk.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\rkargh.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\shdjwn.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\szzfau.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\usceio.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\vjiwop.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\vkmfeg.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\vwndet.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\vzfsmb.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\wufttf.exe
c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\xbsedx.exe
C:\FirePassword.exe
C:\messenger.exe
C:\phqgh.exe
c:\recycler\S-1-5-21-1500877125-3993182770-3534099558-1005
c:\recycler\S-1-5-21-1500877125-3993182770-3534099558-500
C:\restore
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\jgjy56yt.exe
c:\windows\sstem3~1
c:\windows\system32\bjuffakf.ini
c:\windows\system32\CcIRYcfe.ini
c:\windows\system32\CcIRYcfe.ini2
c:\windows\system32\fdumuqok.ini
c:\windows\system32\HhNUxyxx.ini
c:\windows\system32\HhNUxyxx.ini2
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\nohqlcph.ini
c:\windows\system32\qsajwexs.dll
c:\windows\system32\spool\winlogon.exe
c:\windows\system32\wyxaxtny.dll
c:\windows\system32\xbkxhdvu.ini
c:\windows\system32\yntxaxyw.ini
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
C:\WINDOWSBOOT.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 07:58 . 2009-07-12 09:30 165240 ----a-r- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-07-13 01:09 . 2009-07-12 09:30 89104 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090712.035\NAVENG.SYS
2009-07-13 01:09 . 2009-07-12 09:30 876144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090712.035\NAVEX15.SYS
2009-07-13 01:09 . 2009-07-12 09:30 371248 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090712.035\EECTRL.SYS
2009-07-13 01:09 . 2009-07-12 09:30 101936 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090712.035\ERASER.SYS
2009-07-13 01:09 . 2009-07-12 09:30 177520 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090712.035\NAVENG32.DLL
2009-07-13 01:09 . 2009-07-12 09:30 1181040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090712.035\NAVEX32A.DLL
2009-07-13 01:09 . 2009-07-12 09:30 259368 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090712.035\ECMSVR32.DLL
2009-07-13 01:09 . 2009-07-12 09:30 2414128 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090712.035\CCERASER.DLL
2009-07-12 21:39 . 2009-07-12 09:30 396848 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSviA64.sys
2009-07-12 21:39 . 2009-07-12 09:30 292912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSvix86.sys
2009-07-12 21:39 . 2009-07-12 09:30 276344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSXpx86.sys
2009-07-12 21:39 . 2009-07-12 09:30 447864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSxpx86.dll
2009-07-12 21:39 . 2009-06-22 22:51 533880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\Scxpx86.dll
2009-07-12 09:31 . 2009-07-12 09:30 554352 ----a-r- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-07-12 09:31 . 2009-07-12 09:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-12 09:31 . 2009-07-12 09:31 -------- d-----w- c:\documents and settings\eightY-D\Local Settings\Application Data\Downloaded Installations
2009-07-12 09:31 . 2009-07-12 09:30 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-12 09:31 . 2009-07-12 09:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-12 09:29 . 2009-07-12 09:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller
2009-07-12 09:29 . 2009-07-12 09:29 -------- d-----w- c:\program files\NortonInstaller
2009-07-12 09:27 . 2009-07-12 09:30 -------- d-----w- c:\documents and settings\eightY-D\Application Data\GetRightToGo
2009-07-12 09:25 . 2009-07-12 09:25 -------- d-----w- c:\program files\AIM Toolbar
2009-07-10 05:12 . 2009-07-10 05:12 -------- d-----w- c:\documents and settings\eightY-D\Local Settings\Application Data\AOL
2009-07-10 05:12 . 2009-07-10 05:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AIM Toolbar
2009-07-10 05:12 . 2009-07-12 09:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2009-07-10 05:12 . 2009-07-10 05:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\acccore
2009-07-08 22:40 . 2009-07-08 22:40 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-07-06 23:12 . 2009-07-08 01:35 -------- d-----w- c:\documents and settings\eightY-D\Application Data\vlc
2009-07-06 05:04 . 2009-07-06 05:04 67584 ----a-w- C:\WINDOWSBOOTs.exe
2009-07-06 05:02 . 2009-07-06 20:23 -------- d-sh--r- c:\windows\Jva
2009-07-02 03:51 . 2009-07-02 03:51 1024 ----a-w- c:\windows\system32\PDF2IMG.dat
2009-06-28 18:18 . 2003-01-27 08:23 200704 ----a-w- c:\windows\system32\lame_enc.dll
2009-06-28 18:18 . 2009-06-28 18:18 -------- d-----w- c:\program files\Arial CD Ripper
2009-06-22 22:51 . 2009-06-22 22:51 533880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-06-19 17:51 . 2009-07-06 05:14 -------- d-----w- c:\program files\AirPort
2009-06-16 02:16 . 2009-06-19 20:04 -------- d-----w- c:\documents and settings\eightY-D\Local Settings\Application Data\FullTiltPoker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 07:49 . 2009-04-23 07:39 -------- d-----w- c:\documents and settings\eightY-D\Application Data\.anki
2009-07-13 07:49 . 2009-02-19 03:20 -------- d-----w- c:\documents and settings\eightY-D\Application Data\uTorrent
2009-07-13 01:07 . 2008-06-20 17:09 -------- d-----w- c:\program files\Warcraft III
2009-07-13 00:29 . 2008-04-25 03:47 -------- d-----w- c:\program files\Garena
2009-07-12 22:10 . 2009-07-12 09:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2009-07-12 10:00 . 2009-06-03 07:34 -------- d-----w- c:\program files\iTunes
2009-07-12 09:31 . 2009-07-12 09:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2009-07-12 09:31 . 2009-07-12 09:31 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-12 09:31 . 2009-07-12 09:31 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-12 09:31 . 2009-07-12 09:31 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-12 09:31 . 2007-06-27 22:15 -------- d-----w- c:\program files\Symantec
2009-07-12 09:31 . 2007-06-01 22:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-12 09:30 . 2009-07-12 09:30 396848 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2009-07-12 09:30 . 2009-07-12 09:30 292912 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-12 09:30 . 2009-07-12 09:30 276344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys
2009-07-12 09:30 . 2009-07-12 09:30 1290592 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-12 09:30 . 2009-07-12 09:30 136840 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-12 09:30 . 2009-07-12 09:30 447864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll
2009-07-12 09:30 . 2009-07-12 09:30 796016 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-12 09:30 . 2009-07-12 09:30 -------- d-----w- c:\program files\Norton 360
2009-07-12 09:30 . 2009-07-12 09:30 -------- d-----w- c:\program files\Windows Sidebar
2009-07-12 09:25 . 2009-01-11 23:40 -------- d-----w- c:\program files\AIM6
2009-07-12 09:25 . 2005-12-15 05:44 -------- d-----w- c:\program files\Viewpoint
2009-07-11 08:35 . 2005-12-15 05:43 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-07-10 05:57 . 2006-10-02 22:31 -------- d-----w- c:\program files\STOPzilla!
2009-07-10 05:57 . 2006-01-13 05:54 -------- d-----w- c:\program files\LimeWire
2009-07-10 05:36 . 2009-02-22 08:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2009-07-10 02:34 . 2009-03-06 05:20 -------- d-----w- c:\documents and settings\eightY-D\Application Data\LimeWire
2009-07-10 02:33 . 2009-07-10 02:33 376 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-07-09 02:52 . 2009-02-21 03:32 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-07-06 05:15 . 2009-01-31 04:12 -------- d-----w- c:\program files\uTorrent
2009-07-06 05:15 . 2008-02-03 05:00 -------- d-----w- c:\program files\NJStar Japanese WP
2009-07-06 05:15 . 2007-11-29 02:21 -------- d-----w- c:\program files\Ventrilo
2009-07-06 05:13 . 2008-12-07 03:27 -------- d-----w- c:\program files\Bonjour
2009-07-05 00:35 . 2009-04-25 02:49 -------- d-----w- c:\documents and settings\eightY-D\Application Data\.matplotlib
2009-06-20 16:59 . 2009-02-18 19:53 -------- d-----w- c:\documents and settings\eightY-D\Application Data\DAEMON Tools
2009-06-16 02:13 . 2005-12-15 05:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-03 08:16 . 2009-02-19 01:25 -------- d-----w- c:\documents and settings\eightY-D\Application Data\Apple Computer
2009-06-03 07:35 . 2009-06-03 07:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-03 07:34 . 2008-12-31 22:12 -------- d-----w- c:\program files\iPod
2009-06-03 07:31 . 2009-06-03 07:30 -------- d-----w- c:\program files\QuickTime
2009-06-03 07:24 . 2009-06-03 07:24 75048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 07:22 . 2009-06-03 07:22 -------- d-----w- c:\program files\Safari
2009-05-29 20:36 . 2009-06-03 07:27 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 20:36 . 2009-02-19 01:24 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-28 21:16 . 2009-05-28 21:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 21:15 . 2009-05-28 21:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 21:14 . 2009-05-28 21:14 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-05-24 05:05 . 2009-05-24 05:03 -------- d-----w- c:\program files\IM MP4 Thumbnail Trial
2009-05-24 04:48 . 2009-05-24 04:48 -------- d-----w- c:\program files\PSP Falcon
2009-05-24 03:59 . 2009-05-24 03:59 -------- d-----w- c:\documents and settings\eightY-D\Application Data\AVS4YOU
2009-05-24 03:59 . 2009-05-24 03:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVS4YOU
2009-05-24 03:59 . 2009-05-24 03:59 -------- d-----w- c:\program files\AVS4YOU
2009-05-24 03:59 . 2007-06-06 01:33 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-20 19:46 . 2009-05-20 19:31 -------- d-----w- c:\documents and settings\eightY-D\Application Data\U3
2009-05-18 22:50 . 2009-02-22 08:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SITEguard
2009-05-13 21:00 . 2009-05-08 02:50 159232 ----a-w- C:\softokn3.dll
2009-05-13 21:00 . 2009-05-08 02:50 6144 ----a-w- C:\plds4.dll
2009-05-13 21:00 . 2009-05-08 02:50 8704 ----a-w- C:\plc4.dll
2009-05-13 21:00 . 2009-05-08 02:49 176128 ----a-w- C:\nss3.dll
2009-05-13 21:00 . 2009-05-08 02:49 73728 ----a-w- C:\nspr4.dll
2009-05-12 21:13 . 2009-05-12 21:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-05-10 19:15 . 2009-05-10 19:14 987136 ----a-w- C:\fomg.exe
2009-05-10 02:19 . 2009-05-10 02:19 952832 ----a-w- C:\b4ooo4ot.exe
2009-05-09 20:12 . 2009-05-09 18:51 643584 --sh--r- c:\windows\test2.exe
2009-05-09 15:32 . 2009-05-09 15:32 952832 ----a-w- c:\windows\boooot.exe
2009-05-08 02:48 . 2009-05-08 02:48 405530 ----a-w- C:\346yturtkkh.exe
2009-05-07 15:32 . 2009-01-31 06:47 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 18:11 . 2009-05-06 18:11 69120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-04-29 04:46 . 2009-01-31 06:48 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2009-01-31 06:47 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 01:31 . 2009-04-24 01:31 135168 ----a-w- C:\yerhjpeddf.exe
2009-04-24 01:30 . 2009-04-24 01:30 135168 ----a-w- C:\yerhjdf.exe
2009-04-24 01:29 . 2009-04-24 01:29 141312 ----a-w- C:\yerhjhjdf.exe
2009-04-17 12:26 . 2009-01-31 06:48 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 19:34 . 2009-04-16 19:34 516122 ---h--w- C:\73485ygjuer.exe
2009-04-16 00:10 . 2009-04-16 00:10 401408 ---h--w- C:\yuegyuer.exe
2009-04-16 00:09 . 2009-04-16 00:09 401408 ---h--w- c:\windows\Cursors\supdate.exe
2009-04-15 14:51 . 2009-01-31 06:48 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-04-14 00:12 . 2009-01-31 06:47 399386 --sh--r- c:\windows\system32\rvjxxmyc.exe
.

------- Sigcheck -------

[-] 2009-02-19 00:19 502272 6225F14B8CE08CCBA8B25AD27843C674 c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2009-03-25 00:53 507904 679A7259741F6A09994F02CE261B5F2E c:\windows\system32\winlogon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-25 03:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-25 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-25 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928]
"uTorrent"="j:\utorrent\uTorrent.exe" [2009-01-14 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Adobe Reader Speed Launcher"="j:\akrobate\Reader\Reader_sl.exe" [2009-02-28 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-16 16806400]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"j:\\roesta\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"j:\\roesta\\RosettaStoneVersion3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\David Jennings\\Desktop\\utorrent.exe"=
"j:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5353:UDP"= 5353:UDP:Bonjour

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [07/12/2009 2:30 AM 310320]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [05/12/2009 2:13 PM 61328]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [07/12/2009 2:30 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [07/12/2009 2:30 AM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSXpx86.sys [07/12/2009 2:39 PM 276344]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [07/12/2009 2:30 AM 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [07/12/2009 2:25 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [07/12/2009 2:47 AM 101936]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [02/18/2009 4:19 PM 36864]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S2 ServicesZ;ServicesZ;"c:\windows\Jva\explorerr.exe" --> c:\windows\Jva\explorerr.exe [?]
S2 Windows Services Agent;Windows Services Agent;"c:\windows\system32\\spool\winlogon.exe" --> c:\windows\system32\\spool\winlogon.exe [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\eightY-D\LOCALS~1\Temp\QBRA1.tmp --> c:\docume~1\eightY-D\LOCALS~1\Temp\QBRA1.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{1241CF30-A0F6-4A3F-9792-33C1A422BB0B} - c:\windows\system32\efcYRIcC.dll
BHO-{F8AC2FC7-67A3-48DB-B835-00F0D9B1A7FA} - c:\windows\system32\xxyxUNhH.dll
Toolbar-SITEguard - (no file)
HKCU-Run-DAEMON Tools Lite - j:\daemon tools lite\damon\daemon.exe
HKCU-Run-VundoFixTool - c:\program files\VundoFixTool\VundoFixTool.exe
HKCU-Run-phfghd.exe - c:\users\\AppData\Local\Microsoft\Windows\Explorer\phfghd.exe
HKCU-Run-MsAdvisor.exe - c:\users\eightY-D\AppData\Local\Microsoft\Windows\Explorer\73485ypedfuer.exe
HKLM-Run-Six Engine - c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
HKLM-Run-systemupdate - c:\\73485ypedfuer.exe
HKLM-Run-Twormer - c:\windows\System\tworm.exe
HKLM-Run-AirPort Base Station Agent - c:\program files\AirPort\APAgent.exe
HKLM-Run-test - test.exe
HKLM-Run-windowslogin - msnmssngr.exe
HKLM-Run-driver1 - driver1.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users.WINDOWS\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 00:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\eightY-D\LOCALS~1\Temp\QBRA1.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1048)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-07-13 1:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 08:06

Pre-Run: 14,101,200,896 bytes free
Post-Run: 14,701,584,384 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
354 --- E O F --- 2009-06-12 14:16
Last edited by eightyd11; 07-13-2009 at 02:11 AM. Reason: *not
eightyd11 is offline