Thread: Too Slow!!
View Single Post
Old 06-26-2007, 11:01 AM   #4 (permalink)
mdeangulo
Registered User
 
mdeangulo's Avatar
 
Join Date: Nov 2004
Posts: 42
OS: XP


Re: Too Slow!!
Aparently the ComboFix finished doing the scan, so here is the Log:


"Manuel" - 2007-06-26 10:55:01 - ComboFix 07-06-26.10 - Service Pack 2 NTFS


Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adwhtchx.dll
C:\WINDOWS\system32\cxixkcyj.dll
C:\WINDOWS\system32\dvceedut.dll
C:\WINDOWS\system32\ftclaohx.dll
C:\WINDOWS\system32\itxlnpue.dll
C:\WINDOWS\system32\ljjge.dll
C:\WINDOWS\system32\sjutfhgs.dll
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\uxwunbsa.dll
C:\WINDOWS\system32\wsihvgma.dll
C:\WINDOWS\system32\xpjwhtlt.dll
C:\WINDOWS\system32\winahs32.dll
C:\WINDOWS\SYSTEM32\waccf.bak1
C:\WINDOWS\SYSTEM32\waccf.bak2
C:\WINDOWS\SYSTEM32\waccf.ini
C:\WINDOWS\SYSTEM32\waccf.ini2
C:\WINDOWS\SYSTEM32\waccf.tmp
C:\WINDOWS\SYSTEM32\xhoalctf.ini
C:\WINDOWS\SYSTEM32\eupnlxti.ini
C:\WINDOWS\SYSTEM32\egjjl.bak1
C:\WINDOWS\SYSTEM32\egjjl.ini
C:\WINDOWS\SYSTEM32\sghftujs.ini
C:\WINDOWS\SYSTEM32\ppqss.bak1
C:\WINDOWS\SYSTEM32\ppqss.ini
C:\WINDOWS\SYSTEM32\ppqss.tmp
C:\WINDOWS\SYSTEM32\asbnuwxu.ini
C:\WINDOWS\SYSTEM32\tlthwjpx.ini
C:\WINDOWS\SYSTEM32\egjjl.bak1
C:\WINDOWS\SYSTEM32\egjjl.ini
C:\WINDOWS\SYSTEM32\ppqss.bak1
C:\WINDOWS\SYSTEM32\ppqss.ini
C:\WINDOWS\SYSTEM32\ppqss.tmp
C:\WINDOWS\SYSTEM32\sstwa.bak1
C:\WINDOWS\SYSTEM32\sstwa.ini
C:\WINDOWS\SYSTEM32\waccf.bak1
C:\WINDOWS\SYSTEM32\waccf.bak2
C:\WINDOWS\SYSTEM32\waccf.ini
C:\WINDOWS\SYSTEM32\waccf.ini2
C:\WINDOWS\SYSTEM32\waccf.tmp
C:\WINDOWS\SYSTEM32\waccf.bak1
C:\WINDOWS\SYSTEM32\waccf.bak2
C:\WINDOWS\SYSTEM32\waccf.ini
C:\WINDOWS\SYSTEM32\waccf.ini2
C:\WINDOWS\SYSTEM32\waccf.tmp
C:\WINDOWS\system32\fccaw.dll
C:\WINDOWS\system32\efccyyv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Manuel\APPLIC~1.\macromedia\Flash Player\#SharedObjects\3CT3CR46\www.broadcaster.com
C:\DOCUME~1\Manuel\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Manuel\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\{34419~1
C:\Program Files\Common Files\{F4419~1
C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dll
C:\WINDOWS\NDNuninstall5_48.exe
C:\WINDOWS\system32\3739080759__4_32_16.dll
C:\WINDOWS\system32\djpbycxx.exe
C:\WINDOWS\system32\dkdaxvgf.exe
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\exvivtka.exe
C:\WINDOWS\system32\fgvkeiav.exe
C:\WINDOWS\system32\fpdpisam.exe
C:\WINDOWS\system32\fvfpqtcy.exe
C:\WINDOWS\system32\jafqufgv.exe
C:\WINDOWS\system32\ngayaotb.exe
C:\WINDOWS\system32\qfagsfqe.exe
C:\WINDOWS\system32\qvrbvqgb.exe
C:\WINDOWS\system32\skqluelf.exe
C:\WINDOWS\system32\skywutwq.exe
C:\WINDOWS\system32\sllfdxds.exe
C:\WINDOWS\system32\tbmegajx.exe
C:\WINDOWS\system32\unsvchosts.lzma


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_COM+_MESSAGES
-------\LEGACY_DOMAINSERVICE
-------\COM+ Messages
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))


2007-06-26 10:52 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-23 13:04 4,628 --a------ C:\WINDOWS\SYSTEM32\wjlqrltd.exe
2007-06-22 21:28 2,580 --a------ C:\WINDOWS\SYSTEM32\fjoivvnk.exe
2007-06-22 21:22 4,628 --a------ C:\WINDOWS\SYSTEM32\oukhfyhp.exe
2007-06-19 22:30 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-06-19 20:56 <DIR> d-------- C:\NeverwinterNights
2007-06-18 19:04 2,580 --a------ C:\WINDOWS\SYSTEM32\royyyyje.exe
2007-06-18 18:38 76,412 --a------ C:\WINDOWS\SYSTEM32\ensvxqdc.dll
2007-06-18 18:35 124,436 --a------ C:\WINDOWS\SYSTEM32\webouktu.dll
2007-06-18 18:32 2,580 --a------ C:\WINDOWS\SYSTEM32\tcpaexfy.exe
2007-06-18 18:30 62,516 --a------ C:\WINDOWS\SYSTEM32\rksfqyug.dll
2007-06-18 18:14 48,128 --a------ C:\cskd.exe
2007-06-18 18:14 30,720 --a------ C:\WINDOWS\SYSTEM32\ipmon.exe
2007-06-18 18:13 8,704 --a------ C:\WINDOWS\SYSTEM32\essrj.sys
2007-06-18 18:13 34,549 --a------ C:\WINDOWS\SYSTEM32\kwqu32.dll
2007-06-18 18:13 1,536 --a------ C:\bwarny.exe
2007-06-18 18:13 <DIR> d-------- C:\zx


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-20 16:16:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-20 01:45:42 -------- d-----w C:\DOCUME~1\Manuel\APPLIC~1\uTorrent
2007-06-18 23:59:40 -------- d-----w C:\DOCUME~1\Manuel\APPLIC~1\Lavasoft
2007-06-10 16:40:41 116 ----a-w C:\WINDOWS\popcinfo.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-09 02:22:53 -------- d-----w C:\Program Files\Lavasoft
2007-05-09 02:22:07 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-28 18:48:21 57,344 ----a-w C:\WINDOWS\system32\COMMTB32.DLL
2007-03-28 18:48:20 28,672 ----a-w C:\WINDOWS\system32\HLP95EN.DLL
2007-03-28 18:48:20 25,872 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
2007-03-28 18:48:20 169,984 ----a-w C:\WINDOWS\system32\P2D.DLL
2007-03-28 18:48:20 161,552 ----a-w C:\WINDOWS\system32\ASYCPICT.DLL
2006-10-17 23:57:18 24,576 --sha-w C:\WINDOWS\SYSTEM32\KOfcpfwSvcs.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 00:02]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 17:42]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-xu\msntb.dll [2006-01-17 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-02 18:21]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-02 18:15]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" []
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-09-22 12:19]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-03-18 20:28]
"@"="" []
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 14:41]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 13:30]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-12-21 02:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2003-08-08 08:35]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlvw32]
winlvw32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
NtmlSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2653990-758e-11da-91db-000d56b1e9ee}]
1\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
2\Command- G:\.\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

Contents of the 'Scheduled Tasks' folder
2007-06-06 15:08:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 11:44:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-26 11:50:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-26 11:49

--- E O F ---
mdeangulo is offline