Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91733 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

did i do this correctly


  • This topic is locked This topic is locked
No replies to this topic

#1 pinkii

pinkii

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 15 April 2008 - 12:14 AM

ComboFix 08-04-14.2 - Owner 2008-04-15 0:46:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.242 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\FunWebProducts
C:\Program Files\FunWebProducts
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaroqqtj.dll
C:\WINDOWS\system32\aaycf.ini
C:\WINDOWS\system32\aaycf.ini2
C:\WINDOWS\system32\adkakaks.dll
C:\WINDOWS\system32\afpxjttx.ini
C:\WINDOWS\system32\ahcmjfvh.dll
C:\WINDOWS\system32\aihdjykt.dll
C:\WINDOWS\system32\bbsyyhnd.ini
C:\WINDOWS\system32\cdwqwvjo.ini
C:\WINDOWS\system32\ckjognue.dll
C:\WINDOWS\system32\ddomqdsn.dll
C:\WINDOWS\system32\diadgaud.dll
C:\WINDOWS\system32\dnpjxmqg.dll
C:\WINDOWS\system32\dytruept.dll
C:\WINDOWS\system32\ecaevfnu.dll
C:\WINDOWS\system32\exhniydf.dll
C:\WINDOWS\system32\feetgbbh.dll
C:\WINDOWS\system32\fmvfvrrj.dll
C:\WINDOWS\system32\fospocyx.dll
C:\WINDOWS\system32\fxrxvupq.dll
C:\WINDOWS\system32\gorgyorn.dll
C:\WINDOWS\system32\houlhmhe.dll
C:\WINDOWS\system32\hpjikbef.dll
C:\WINDOWS\system32\hvypwxnq.ini
C:\WINDOWS\system32\hxkqtfpp.dll
C:\WINDOWS\system32\iaqonvmt.dll
C:\WINDOWS\system32\iaqtiybs.dll
C:\WINDOWS\system32\ihhjl.ini
C:\WINDOWS\system32\ihhjl.ini2
C:\WINDOWS\system32\iiwrxqqy.dll
C:\WINDOWS\system32\isgxirpy.ini
C:\WINDOWS\system32\jdhouexg.dll
C:\WINDOWS\system32\jgxtyqdh.ini
C:\WINDOWS\system32\jmakosxv.ini
C:\WINDOWS\system32\jtfhnbyu.dll
C:\WINDOWS\system32\jyvrinnb.dll
C:\WINDOWS\system32\kaeiwqvk.dll
C:\WINDOWS\system32\kfiqaftq.dll
C:\WINDOWS\system32\kxrdsxwu.ini
C:\WINDOWS\system32\mcrbcfmw.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mmnoqjmd.ini
C:\WINDOWS\system32\mywfwdoy.dll
C:\WINDOWS\system32\nbcmhqoh.dll
C:\WINDOWS\system32\nffkloal.ini
C:\WINDOWS\system32\njcaeraf.ini
C:\WINDOWS\system32\nnhuirwa.ini
C:\WINDOWS\system32\nroygrog.ini
C:\WINDOWS\system32\nvghgijb.ini
C:\WINDOWS\system32\nwwntwau.ini
C:\WINDOWS\system32\nxaaxliu.dll
C:\WINDOWS\system32\oiitdslb.ini
C:\WINDOWS\system32\okotctvg.ini
C:\WINDOWS\system32\pbewsxrf.dll
C:\WINDOWS\system32\pjikirpo.ini
C:\WINDOWS\system32\prmftnnr.ini
C:\WINDOWS\system32\psasbqbe.ini
C:\WINDOWS\system32\puyqgtyn.dll
C:\WINDOWS\system32\qcumtuvq.dll
C:\WINDOWS\system32\qidcmgpd.dll
C:\WINDOWS\system32\qtfaqifk.ini
C:\WINDOWS\system32\qwuiqcus.dll
C:\WINDOWS\system32\rcuilpfi.ini
C:\WINDOWS\system32\reqhlrtj.ini
C:\WINDOWS\system32\rnxpawnv.ini
C:\WINDOWS\system32\slksmctm.dll
C:\WINDOWS\system32\sonhwqiy.ini
C:\WINDOWS\system32\soulakin.ini
C:\WINDOWS\system32\thylimst.ini
C:\WINDOWS\system32\tjqemhfw.ini
C:\WINDOWS\system32\uurcfbtq.ini
C:\WINDOWS\system32\uustkfxv.dll
C:\WINDOWS\system32\uvjlhkxq.ini
C:\WINDOWS\system32\uybnhftj.ini
C:\WINDOWS\system32\vgogpyab.ini
C:\WINDOWS\system32\vncdrwrb.ini
C:\WINDOWS\system32\vpekesah.ini
C:\WINDOWS\system32\vpqhfuop.ini
C:\WINDOWS\system32\vulxtegk.dll
C:\WINDOWS\system32\wlqxgbng.ini
C:\WINDOWS\system32\wmpqyvdm.ini
C:\WINDOWS\system32\xcreialo.dll
C:\WINDOWS\system32\xffoswuq.dll
C:\WINDOWS\system32\xoltuabu.dll
C:\WINDOWS\system32\xylrkkkp.dll
C:\WINDOWS\system32\yhgpjpbe.dll
C:\WINDOWS\system32\yiiwoplc.dll
C:\WINDOWS\system32\yqqxrwii.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5


((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-13 11:59 . 2008-04-13 11:59 3,648 --a------ C:\WINDOWS\system32\epwjjall.dll
2008-04-12 18:06 . 2008-04-12 18:06 3,648 --a------ C:\WINDOWS\system32\fppptlna.dll
2008-04-12 14:41 . 2008-04-12 14:51 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-04-11 20:16 . 2008-04-11 20:16 3,648 --a------ C:\WINDOWS\system32\wvotlitt.dll
2008-04-10 15:14 . 2008-04-10 15:14 3,648 --a------ C:\WINDOWS\system32\kotiscoi.dll
2008-04-09 15:15 . 2008-04-09 15:15 3,648 --a------ C:\WINDOWS\system32\fljciqbm.dll
2008-04-08 18:50 . 2008-04-08 18:50 3,648 --a------ C:\WINDOWS\system32\mvfmgrhx.dll
2008-04-08 13:09 . 2008-04-11 20:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 13:09 . 2008-04-08 13:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-08 13:09 . 2008-04-08 13:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-08 10:50 . 2008-04-08 10:50 3,648 --a------ C:\WINDOWS\system32\rcrqnvat.dll
2008-04-02 19:19 . 2008-04-02 19:19 <DIR> d-------- C:\Program Files\MalwareAlarm
2008-04-02 16:18 . 2008-04-02 16:18 <DIR> d--hs---- C:\found.001
2008-04-01 18:54 . 2008-04-01 18:55 <DIR> d-------- C:\Program Files\ThreatFire
2008-04-01 18:54 . 2008-04-01 18:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2008-04-01 18:54 . 2008-02-15 10:20 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-04-01 18:54 . 2008-02-15 10:21 41,280 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2008-04-01 18:54 . 2008-02-15 10:21 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-04-01 18:54 . 2008-02-15 10:21 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-04-01 18:49 . 2008-04-03 03:26 1,025 --a------ C:\rollback.ini
2008-04-01 18:38 . 2008-04-08 21:42 1,089,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-01 18:38 . 2008-04-12 14:48 30,496 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-01 18:38 . 2008-04-02 23:49 2,612 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-01 18:38 . 2008-04-02 23:49 1,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-01 18:25 . 2008-04-01 18:25 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic Anti-Virus PLUS
2008-04-01 18:18 . 2008-04-01 18:21 <DIR> d-------- C:\Program Files\Easy SpyRemover
2008-04-01 18:00 . 2008-04-12 14:46 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-04-01 18:00 . 2008-04-01 18:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ParetoLogic
2008-04-01 18:00 . 2008-04-12 14:45 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
2008-04-01 17:58 . 2008-04-01 18:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
2008-04-01 11:24 . 2008-04-04 12:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SITEguard
2008-04-01 11:21 . 2008-04-01 11:21 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-04-01 11:21 . 2008-04-12 14:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2008-04-01 10:49 . 2008-04-01 10:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 19:07 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-03-30 19:07 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-03-30 12:32 . 2008-03-30 22:43 <DIR> d-------- C:\Program Files\ErrorSmart
2008-03-30 12:32 . 2008-03-30 13:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ErrorSmart
2008-03-30 11:12 . 2008-03-30 11:12 <DIR> d--hs---- C:\found.000
2008-03-28 15:12 . 2008-03-29 21:46 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SecureIE2004
2008-03-28 15:07 . 2008-03-28 15:07 <DIR> d-------- C:\Program Files\Winferno
2008-03-28 14:59 . 2008-03-30 20:39 <DIR> d-------- C:\Program Files\1st IEAssistant
2008-03-28 14:46 . 2008-03-28 20:23 <DIR> d-------- C:\Program Files\FilterGate
2008-03-24 13:48 . 2008-03-25 14:02 1,327,604 --ahs---- C:\WINDOWS\system32\gohylsms.ini
2008-03-20 14:41 . 2008-03-20 14:41 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-03-20 14:40 . 2008-03-30 22:10 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-03-18 20:08 . 2008-03-18 20:57 1,536,267 --ahs---- C:\WINDOWS\system32\cjnkpkns.ini
2008-03-17 21:12 . 2008-03-17 21:12 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-17 21:10 . 2008-03-30 20:39 <DIR> d-------- C:\Program Files\The Cleaner Free
2008-03-17 18:02 . 2008-03-19 09:20 238 --a------ C:\WINDOWS\mafosav.INI
2008-03-17 17:57 . 2008-03-18 21:08 <DIR> d-------- C:\Program Files\Mario Forever
2008-03-15 12:04 . 2008-03-16 08:10 1,314,869 --ahs---- C:\WINDOWS\system32\iyhrelpk.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 05:54 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-04-08 23:49 --------- d-----w C:\Program Files\Lx_cats
2008-04-08 03:56 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-08 01:51 --------- d-----w C:\Program Files\MSN Games
2008-04-08 01:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-04-07 12:54 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-03 05:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-03-31 03:25 --------- d-----w C:\Program Files\DivX
2008-03-26 04:36 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-22 22:01 --------- d-----w C:\Program Files\Google
2008-03-19 01:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\alot
2008-03-14 03:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-14 03:05 --------- d-----w C:\Program Files\Windows Live
2008-02-17 21:57 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-02-16 06:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-15 22:49 20,992 ----a-w C:\WINDOWS\jestertb.dll
2008-01-14 21:37 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

------- Sigcheck -------

2004-08-04 05:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2004-08-04 05:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe

2005-03-02 13:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 10:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 05:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 13:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 05:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 05:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll

2006-03-03 22:58 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2007-06-26 09:35 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 07:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-08-20 05:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-10 18:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-06 21:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2006-03-03 22:33 658432 1c0979c7a489bee573cd0bf4ad94bb06 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 09:09 658944 184e47c8f7b331025e6dc92740db188f C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 08:12 658944 1901ad51da8be9f8b38d5d526e5d1788 C:\WINDOWS\ie7\wininet.dll
2007-08-13 21:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 05:04 824832 774435e499d8e9643ec961a6103c361f C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 18:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-06 21:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\system32\wininet.dll
2007-12-06 21:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\system32\dllcache\wininet.dll

2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 05:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2004-08-04 05:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 05:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-04 05:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 05:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-04 05:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-01 19:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-02-20 22:36 2057984 501c033d08ac37c4be751633ab02197c C:\WINDOWS\$hf_mig$\KB914882\SP2QFE\ntkrnlpa.exe
2005-03-29 20:01 2056832 9a06915a29434202e8d39456822b3a12 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-01 20:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-02-20 23:01 2180992 df4d09b676964646fa166a78c816b4c3 C:\WINDOWS\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
2005-03-29 20:23 2179584 255449e7f00e23d9b10ae8cdd5f73e56 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 05:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 05:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 05:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65F3B6F6-49E0-4016-B5C8-B6BDACC5DD2C}]
C:\WINDOWS\system32\fcyaa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71C439E5-A474-4732-8D3C-9E459DB4EAEA}]
C:\WINDOWS\system32\ljhhi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8260C2B8-E0D1-448a-B062-33D12D468BF0}]
C:\Program Files\alot\bin\alot.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 14:54 5674352]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 19:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 15:22 121640]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"HijackThis startup scan"="C:\Program Files\Hijackthis\HijackThis.exe" [2005-02-16 11:06 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 11:30 65536]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 18:19 129536]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-08 06:04 185632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 03:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 13:04:38 54776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\14009fd2]
C:\WINDOWS\system32\iiwrxqqy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 12:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2002-09-10 23:26 368706 C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM1733ac4e]
C:\WINDOWS\system32\pbewsxrf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2004-03-23 17:07 294912 C:\Program Files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HijackThis startup scan]
--a------ 2005-02-16 11:06 218112 C:\Program Files\Hijackthis\HijackThis.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series]
--a------ 2004-03-25 08:30 57344 C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
--a------ 2008-01-22 20:43 67112 C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIE2004]
--a------ 2004-07-06 12:07 44032 C:\Program Files\Winferno\Secure IE\SIEPulse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2003-12-31 19:39 40960 C:\WINDOWS\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]
C:\Program Files\SPYWAREfighter\spftray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 09:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"ZeppelinService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"szserver"=2 (0x2)
"SPYWAREfighterRP"=3 (0x3)
"ose"=3 (0x3)
"OneCareMP"=2 (0x2)
"msfwsvc"=2 (0x2)
"lxbt_device"=3 (0x3)
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b14b9d0-d2a4-11dc-aac3-0050fc0ec1c8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/...654336997753024

.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 05:36:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-14 08:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-04-15 06:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-04-13 23:00:00 C:\WINDOWS\Tasks\ParetoLogic Registration.job"
- C:\WINDOWS\system32\rundll32.exe@
"2008-04-15 05:33:00 C:\WINDOWS\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
"2008-04-15 06:00:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{445A97B6-ADA9-4D21-9B06-E694EC2BFFE4}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 00:56:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-15 1:04:09
ComboFix-quarantined-files.txt 2008-04-15 06:04:03

Pre-Run: 6,600,036,352 bytes free
Post-Run: 8,396,328,960 bytes free
.
2008-03-13 22:57:22 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 1:13:16 AM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webkinz.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ZSIEBhoOne Class - {06A548B7-25F0-416E-88AB-A8F6C4DE325C} - C:\Program Files\1st IEAssistant\ZSIEBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {65F3B6F6-49E0-4016-B5C8-B6BDACC5DD2C} - C:\WINDOWS\system32\fcyaa.dll (file missing)
O2 - BHO: (no name) - {71C439E5-A474-4732-8D3C-9E459DB4EAEA} - C:\WINDOWS\system32\ljhhi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ALOT eMusic Toolbar - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Hijackthis\HijackThis.exe /startupscan
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) - http://www.worldwinn...chess/chess.cab

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users