|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
LinkBack | Thread Tools |
07-12-2008, 02:55 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2008
Location: New Jersey
Posts: 1
OS: Windows XP SP3
|
Help - Antivirus XP 2008 Attack - Cleanup
Hello All,
I am new to the group, I was searhing the net and found this site as others have had this problem. I have tried cleaning the system via DOS, Cyberdefencer, PC - Cillen and currently AVG Free 8, and with VCleaner. I have run the ComboFix tool and the log file follows. Any help is greatly appreciated. Thank You. ComboFix 08-07-07.3 - moeman 2008-07-12 16:10:15.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511 [GMT -4:00] Running from: C:\Documents and Settings\moeman\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008 C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk C:\Documents and Settings\moeman\Application Data\inst.exe C:\Documents and Settings\moeman\Application Data\macromedia\Flash Player\#SharedObjects\GXW6TFRT\www.broadcaster.com C:\Documents and Settings\moeman\Application Data\macromedia\Flash Player\#SharedObjects\GXW6TFRT\www.broadcaster.com\played_list.sol C:\Documents and Settings\moeman\Application Data\macromedia\Flash Player\#SharedObjects\GXW6TFRT\www.broadcaster.com\video_queue.sol C:\Documents and Settings\moeman\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\moeman\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\moeman\Application Data\Microsoft\dtsc C:\Documents and Settings\moeman\Application Data\Microsoft\dtsc\s C:\Documents and Settings\moeman\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk C:\Documents and Settings\moeman\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\accesss.exe C:\WINDOWS\astctl32.ocx C:\WINDOWS\avpcc.dll C:\WINDOWS\clrssn.exe C:\WINDOWS\cookies.ini C:\WINDOWS\cpan.dll C:\WINDOWS\ctfmon32.exe C:\WINDOWS\ctrlpan.dll C:\WINDOWS\default.htm C:\WINDOWS\directx32.exe C:\WINDOWS\dnsrelay.dll C:\WINDOWS\editpad.exe C:\WINDOWS\explore.exe C:\WINDOWS\explorer32.exe C:\WINDOWS\funniest.exe C:\WINDOWS\funny.exe C:\WINDOWS\gfmnaaa.dll C:\WINDOWS\helpcvs.exe C:\WINDOWS\iedll.exe C:\WINDOWS\iexplorer.exe C:\WINDOWS\inetinf.exe C:\WINDOWS\internet.exe C:\WINDOWS\loader.exe C:\WINDOWS\mainms.vpi C:\WINDOWS\megavid.cdt C:\WINDOWS\msconfd.dll C:\WINDOWS\msspi.dll C:\WINDOWS\mssys.exe C:\WINDOWS\msupdate.exe C:\WINDOWS\mswsc10.dll C:\WINDOWS\mswsc20.dll C:\WINDOWS\mtwirl32.dll C:\WINDOWS\muotr.so C:\WINDOWS\notepad32.exe C:\WINDOWS\olehelp.exe C:\WINDOWS\qttasks.exe C:\WINDOWS\quicken.exe C:\WINDOWS\rundll16.exe C:\WINDOWS\rundll32.vbe C:\WINDOWS\searchword.dll C:\WINDOWS\sistem.exe C:\WINDOWS\svchost32.exe C:\WINDOWS\svcinit.exe C:\WINDOWS\systeem.exe C:\WINDOWS\system32\blphcjb5j0eeeg.scr C:\WINDOWS\system32\cedMonmp.ini C:\WINDOWS\system32\cedMonmp.ini2 C:\WINDOWS\system32\dodbhlhw.dll C:\WINDOWS\system32\F.tmp C:\WINDOWS\system32\hljwugsf.bin C:\WINDOWS\system32\qulzvfnnjjfdbdku.dll C:\WINDOWS\system32\sggnkvhw.ini C:\WINDOWS\systemcritical.exe C:\WINDOWS\time.exe C:\WINDOWS\users32.exe C:\WINDOWS\waol.exe C:\WINDOWS\win32e.exe C:\WINDOWS\win64.exe C:\WINDOWS\winajbm.dll C:\WINDOWS\window.exe C:\WINDOWS\winmgnt.exe C:\WINDOWS\x.exe C:\WINDOWS\xplugin.dll C:\WINDOWS\xxxvideo.hta C:\WINDOWS\y.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSSECURITY1.209.4 -------\Service_MsSecurity1.209.4 ((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))) . 2008-07-08 21:18 . 2008-07-08 21:18 <DIR> d-------- C:\Documents and Settings\moeman\Application Data\shclb5j0eeeg 2008-07-08 21:16 . 2008-07-12 15:15 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-08 21:15 . 2008-07-12 14:08 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-08 21:15 . 2008-07-08 21:21 <DIR> d-------- C:\Documents and Settings\moeman\Application Data\AVGTOOLBAR 2008-07-08 21:15 . 2008-07-08 21:15 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-08 21:15 . 2008-07-08 21:15 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-07 20:57 . 2008-07-07 20:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\rhcnb5j0eeeg 2008-07-07 20:41 . 2008-07-09 06:33 <DIR> d-------- C:\Program Files\CyberDefender 2008-07-07 19:49 . 2008-07-07 19:49 <DIR> d-------- C:\Program Files\AVG 2008-07-07 19:49 . 2008-07-08 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-07-06 22:13 . 2008-07-07 19:42 <DIR> d-------- C:\Documents and Settings\moeman\Application Data\uTorrent 2008-07-06 20:21 . 2008-07-12 16:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-06 20:21 . 2008-07-06 20:21 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-06 17:37 . 2008-07-06 17:39 <DIR> d-------- C:\Documents and Settings\moeman\.housecall6.6 2008-07-06 14:56 . 2008-07-06 14:56 64,317 --a------ C:\WINDOWS\system32\omwjvutjkmrh.exe 2008-07-06 14:33 . 2008-07-08 21:18 <DIR> d-------- C:\WINDOWS\system32\1284 2008-07-06 13:34 . 2008-07-06 13:34 <DIR> d-------- C:\Documents and Settings\moeman\Application Data\rhcnb5j0eeeg 2008-07-06 13:34 . 2008-07-07 19:27 94,208 --a------ C:\WINDOWS\system32\19.tmp 2008-07-06 13:34 . 2008-07-07 19:27 94,208 --a------ C:\WINDOWS\system32\18.tmp 2008-07-06 13:34 . 2008-07-06 20:22 94,208 --a------ C:\WINDOWS\system32\17.tmp 2008-07-06 13:34 . 2008-07-06 17:09 94,208 --a------ C:\WINDOWS\system32\16.tmp 2008-07-06 13:34 . 2008-07-06 17:08 94,208 --a------ C:\WINDOWS\system32\15.tmp 2008-07-06 13:34 . 2008-07-06 20:22 94,208 --a------ C:\WINDOWS\system32\14.tmp 2008-07-06 13:34 . 2008-07-06 20:22 94,208 --a------ C:\WINDOWS\system32\13.tmp 2008-07-06 13:34 . 2008-07-06 20:21 94,208 --a------ C:\WINDOWS\system32\12.tmp 2008-07-06 13:34 . 2008-07-06 20:21 94,208 --a------ C:\WINDOWS\system32\11.tmp 2008-07-06 13:34 . 2008-07-06 20:09 94,208 --a------ C:\WINDOWS\system32\10.tmp 2008-07-06 13:33 . 2008-07-08 21:19 <DIR> d-------- C:\Program Files\fqbhune 2008-07-06 13:33 . 2008-07-09 06:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ofwxalcz 2008-06-16 21:29 . 2008-06-16 21:29 2,562 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg 2008-06-12 20:13 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-12 20:13 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-02 10:12 --------- d-----w C:\Documents and Settings\moeman\Application Data\Vso 2008-06-22 17:34 --------- d-----w C:\Program Files\WMR11 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-07 10:04 --------- d-----w C:\Program Files\Winamp 2008-05-25 11:24 --------- d-----w C:\Program Files\Sun 2008-05-25 11:24 --------- d-----w C:\Program Files\Java 2008-05-25 07:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-14 02:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-05-14 02:33 --------- d-----w C:\Documents and Settings\moeman\Application Data\RipIt4Me 2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe 2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll 2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe 2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe 2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe 2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe 2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe 2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll 2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll 2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll 2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll 2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll 2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll 2008-03-29 11:09 47,360 ----a-w C:\Documents and Settings\moeman\Application Data\pcouffin.sys 2007-03-09 06:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}] 2008-07-12 15:37 3790152 --a------ C:\Documents and Settings\moeman\Local Settings\Application Data\CyberDefender\cdmyidd.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "C:\Documents and Settings\moeman\Local Settings\Application Data\CyberDefender\cdmyidd.dll" [2008-07-12 15:37 3790152] [HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}] [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}] [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "C:\Documents and Settings\moeman\Local Settings\Application Data\CyberDefender\cdmyidd.dll" [2008-07-12 15:37 3790152] [HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}] [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}] [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 21:58 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06 94208] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-06-13 18:27 2752512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 04:01 32768] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-10 23:11 185896] "CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016] "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18 270648] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-08 21:15 1232152] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "P17Helper"="P17.dll" [2005-05-03 20:38 64512 C:\WINDOWS\system32\P17.dll] C:\Documents and Settings\moeman\Start Menu\Programs\Startup\ MemTurbo.lnk - C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe [2006-10-19 23:59:22 221696] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728] MemTurbo.lnk - C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe [2006-10-19 23:59:22 221696] Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe [2006-11-05 09:07:36 196608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\EA SPORTS\\Madden NFL 08\\Updater.exe"= "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-08 21:15] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-08 21:14] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 18:50] R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 05:29] R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-04-02 16:05] S2 PlugPlayRPC;Plug and Play (RPC);C:\WINDOWS\portsv.exe service [] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10] S3 PciCon;PciCon;H:\PciCon.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - K:\wd_windows_tools\setup.exe . Contents of the 'Scheduled Tasks' folder "2008-06-20 13:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-07-12 17:46:51 C:\WINDOWS\Tasks\User_Feed_Synchronization-{52009487-BD45-4E2C-87B5-2D06CFFD62E3}.job" - C:\WINDOWS\system32\msfeedssync.exe . - - - - ORPHANS REMOVED - - - - BHO-{7C669E99-802F-49AE-AAFC-6864D72A67CF} - C:\WINDOWS\system32\pmnoMdec.dll BHO-{D7F9DF29-7A42-4910-9481-B8838CFDD266} - C:\WINDOWS\system32\xxyXQiHw.dll BHO-{E546E2A5-7D78-4334-B9FF-8E69F6987A61} - C:\Documents and Settings\moeman\Local Settings\Temporary Internet Files\Content.IE5\FUTF6OYD\3077ahntdksr[1].dll HKCU-Run-mlaorcuh - C:\WINDOWS\system32\anctcfyz.exe HKCU-Run-Microsoft Windows Installer - C:\Documents and Settings\moeman\Application Data\Microsoft\dtsc\3256.exe HKLM-Run-WinampAgent - C:\Program Files\Winamp\wianmpa.exe HKLM-Run-SMrhcnb5j0eeeg - C:\Program Files\rhcnb5j0eeeg\rhcnb5j0eeeg.exe HKLM-Run-60e7c817 - C:\WINDOWS\system32\whvknggs.dll HKLM-Run-{cdf922c6-f077-d259-b38e-f41911466159} - C:\WINDOWS\system32\qulzvfnnjjfdbdku.dll HKLM-Run-NWEReboot - (no file) HKLM-Explorer_Run-JQ6RHhuwYn - C:\Documents and Settings\All Users\Application Data\ofwxalcz\inyrajah.exe ShellExecuteHooks-{D7F9DF29-7A42-4910-9481-B8838CFDD266} - C:\WINDOWS\system32\xxyXQiHw.dll SSODL-cfgactinfo-{1C2AB994-3CF2-5BF3-24FE-04F843ABF5F7} - C:\Program Files\fqbhune\cfgactinfo.dll Notify-AtiExtEvent - (no file) Notify-xxyXQiHw - xxyXQiHw.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-12 16:18:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-07-12 16:25:49 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-12 20:25:42 Pre-Run: 23,206,572,032 bytes free Post-Run: 24,572,829,696 bytes free 300 --- E O F --- 2008-06-24 11:35:28 |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
| Thread Tools | |
|
|
