Thread: help please!
View Single Post
Old 02-20-2008, 02:06 PM   #3 (permalink)
wiwazevedo
Gold Member
 
wiwazevedo's Avatar
 
Join Date: Dec 2006
Location: Cali
Posts: 475
Default
Here is the combofix log:


ComboFix 08-02-20.2 - Eli 2008-02-20 3:00:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.424 [GMT -8:00]
Running from: C:\Documents and Settings\Eli\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINNT\system32\ljjki.dll
C:\WINNT\system32\pmnmjgf.dll
C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\Eli\Application Data\WinTouch
C:\Documents and Settings\Eli\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Eli\err.log
C:\onoes.exe
C:\Program Files\inetget2
C:\Program Files\Insider
C:\Program Files\ISM2
C:\Program Files\ISM2\adhydraupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\Messenger\profsyx.html
C:\Program Files\outlook
C:\Program Files\outlook\outlook.exe
C:\Program Files\outlook\p.zip
C:\Program Files\outlook\v.tmp
C:\Program Files\Router
C:\Program Files\Router\Router.exe
C:\Program Files\Router\UnInstall.exe
C:\Program Files\svhost
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERIns.exe
C:\Program Files\WinAble
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\script.txt
C:\Program Files\Words\UnInstall.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe
C:\Temp\fCOe\tOasF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\temp\tn3
C:\WINNT\b103.exe
C:\WINNT\b116.exe
C:\WINNT\b122.exe
C:\WINNT\b138.exe
C:\WINNT\b143.exe
C:\WINNT\b147.exe
C:\WINNT\b151.exe
C:\WINNT\b153.exe
C:\WINNT\cookies.ini
C:\WINNT\cs_cache.ini
C:\WINNT\Fonts\a.zip
C:\WINNT\mrofinu1188.exe
C:\WINNT\stem~1
C:\WINNT\system32\atmtd.dll._
C:\WINNT\system32\bronto.dll
C:\WINNT\system32\bszip.dll
C:\WINNT\system32\cmd.com
C:\WINNT\system32\drivers\core.cache.dsk
C:\WINNT\system32\drivers\npf.sys
C:\WINNT\system32\ehxuslxp.ini
C:\WINNT\system32\hkhdafli.ini
C:\WINNT\system32\iblywrrt.ini
C:\WINNT\system32\ikjjl.bak1
C:\WINNT\system32\ikjjl.bak2
C:\WINNT\system32\ikjjl.ini
C:\WINNT\system32\khfebay.dll
C:\WINNT\system32\lfjtvxxu.ini
C:\WINNT\system32\ljjki.dll
C:\WINNT\system32\lrjqslbu.dll
C:\WINNT\system32\MabryObj.dll
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\msdtexch.dll
C:\WINNT\system32\msftedswc.dll
C:\WINNT\system32\mskvtns.dll
C:\WINNT\system32\netstat.com
C:\WINNT\system32\ngefidyd.ini
C:\WINNT\system32\nGpxx18
C:\WINNT\system32\nGpxx18\nGpxx182328.exe
C:\WINNT\system32\nmullsqt.dll
C:\WINNT\system32\nvs2.inf
C:\WINNT\system32\o09PrEz
C:\WINNT\system32\oTt02e
C:\WINNT\system32\oTt02e\oTt02e1065.exe
C:\WINNT\system32\pac.txt
C:\WINNT\system32\packet.dll
C:\WINNT\system32\ping.com
C:\WINNT\system32\pmnmjgf.dll
C:\WINNT\system32\protector.exe
C:\WINNT\system32\qbrjelci.dll
C:\WINNT\system32\regedit.com
C:\WINNT\system32\S1
C:\WINNT\system32\S2
C:\WINNT\system32\S4
C:\WINNT\system32\S6
C:\WINNT\system32\S7
C:\WINNT\system32\taskkill.com
C:\WINNT\system32\tasklist.com
C:\WINNT\system32\tracert.com
C:\WINNT\system32\trrwylbi.dll
C:\WINNT\system32\updppjai.dll
C:\WINNT\system32\vefstfde.dll
C:\WINNT\system32\vrenhr.dat
C:\WINNT\system32\vrenhr_nav.dat
C:\WINNT\system32\vrenhr_navps.dat
C:\WINNT\system32\win
C:\WINNT\system32\wnscpsv32.exe
C:\WINNT\system32\wpcap.dll
C:\WINNT\system32\ystem~1
C:\WINNT\system32\ystem~1\?ystem\
C:\WINNT\wr.txt
C:\WINNT\Fonts\'

----- BITS: Possible infected sites -----

hxxp://resources.zune.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NTIO256
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\ApiMon
-------\nm
-------\ntio256


((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-19 21:41 . 2008-02-19 21:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-17 16:53 . 2008-02-17 16:53 <DIR> d-------- C:\Program Files\xInsIDE
2008-02-16 16:49 . 2008-02-16 16:50 <DIR> d-------- C:\Program Files\Any Video Converter Professional
2008-02-16 16:49 . 2008-02-16 17:56 <DIR> d-------- C:\Documents and Settings\Eli\Application Data\Any Video Converter Professional
2008-02-16 16:17 . 2008-02-16 16:17 147,456 --a------ C:\WINNT\system32\vbzip10.dll
2008-02-16 11:28 . 2008-02-16 11:28 <DIR> d-------- C:\Program Files\Any Video Converter
2008-02-16 11:28 . 2008-02-16 12:33 <DIR> d-------- C:\Documents and Settings\Eli\Application Data\Any Video Converter
2008-02-14 22:09 . 2008-02-14 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tavultesoft
2008-02-14 22:04 . 2008-02-14 22:04 <DIR> d-------- C:\Program Files\Common Files\Tavultesoft
2008-02-14 22:03 . 2008-02-14 22:04 <DIR> d-------- C:\Program Files\Tavultesoft
2008-02-14 22:01 . 2008-02-14 22:02 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-14 21:35 . 2008-02-14 21:38 <DIR> d-------- C:\Program Files\AIM Invader
2008-02-11 20:43 . 2008-02-11 20:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-02-11 19:56 . 2008-02-13 07:45 1,374 --a------ C:\WINNT\imsins.BAK
2008-02-09 03:34 . 2008-02-15 18:54 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-02-09 03:34 . 2008-02-09 03:34 1,409 --a------ C:\WINNT\QTFont.for
2008-02-05 07:46 . 2008-02-05 07:46 <DIR> d-------- C:\windows
2008-02-05 01:37 . 2008-02-17 20:44 <DIR> d-------- C:\Program Files\Counter-Strike 1.6
2008-01-31 23:00 . 2008-01-31 23:02 <DIR> d-------- C:\Program Files\AIM6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-17 17:41 --------- d-----w C:\Documents and Settings\Eli\Application Data\LimeWire
2008-02-16 07:44 --------- d-----w C:\Program Files\Zune
2008-02-12 12:38 --------- d-----w C:\Program Files\AIM
2008-02-12 12:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 22:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-03 17:09 --------- d-----w C:\Program Files\Bulent's Screen Recorder 4
2008-02-01 07:01 --------- d-----w C:\Program Files\Viewpoint
2008-02-01 07:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-01 07:00 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-01 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-27 01:15 --------- d-----w C:\Documents and Settings\Eli\Application Data\Apple Computer
2008-01-13 21:46 165 ----a-w C:\Program Files\fun_maze_cbble.txt
2008-01-12 10:53 518,204 ----a-w C:\Program Files\fun_maze_cbble.bsp
2007-12-26 08:55 0 ---ha-w C:\WINNT\system32\drivers\MsftWdf_Kernel_01005_Coi nstaller_Critical.Wdf
2007-12-26 08:55 0 ---ha-w C:\WINNT\system32\drivers\Msft_Kernel_zumbus_01005 .Wdf
2006-07-01 21:38 70,920 ----a-w C:\Documents and Settings\Eli\Application Data\GDIPFONTCACHEV1.DAT
2006-06-17 05:59 70,920 ----a-w C:\Documents and Settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2006-06-09 04:12 70,920 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-01-10 22:35 69,984 ----a-w C:\Documents and Settings\All Users\Application Data\GDIPFONTCACHEV1.DAT
2004-08-04 08:56 561,179 ----a-w C:\Program Files\Common Files\dao360.dll
1998-04-27 07:00 570,128 ----a-w C:\Program Files\Common Files\DAO350.DLL
2004-02-29 01:42 32 --sha-w C:\WINNT\{5A1DE60E-63D4-411F-819C-8A27E968C34B}.dat
2004-02-29 01:44 32 --sha-w C:\WINNT\{77F34DDC-BE64-4C66-968A-710FD450DF9B}.dat
2004-02-29 01:42 32 --sha-w C:\WINNT\{9383845D-FCDF-4F3E-B9ED-6D7A80014D9B}.dat
2004-02-29 01:43 32 --sha-w C:\WINNT\{9AB54738-7DF1-4C00-9904-724052B1CBA3}.dat
2004-02-29 01:42 32 --sha-w C:\WINNT\{B473FFAC-ADCC-4471-ACAB-22211CD3B66C}.dat
2004-02-29 01:44 32 --sha-w C:\WINNT\{B83C3FD1-AF69-4C98-860F-8B93571A7A20}.dat
2007-10-19 13:26 8,434 --sha-w C:\WINNT\system32\rrrqr.bak1
2007-10-19 22:11 6,717 --sha-w C:\WINNT\system32\rrrqr.bak2
2007-10-20 09:38 7,666 --sha-w C:\WINNT\system32\rrrqr.ini2
2004-02-29 01:44 32 --sha-w C:\WINNT\system32\{4ED47025-B944-4999-B941-BA0A8CCD7C5C}.dat
2004-02-29 01:42 32 --sha-w C:\WINNT\system32\{9D4A8C51-12B5-4B1B-B280-4A82ADDC6A20}.dat
2004-02-29 01:43 32 --sha-w C:\WINNT\system32\{B4E78FFD-5507-47A5-AABD-7063002FED4B}.dat
2004-02-29 01:42 32 --sha-w C:\WINNT\system32\{BFE21B32-E04B-47C5-B65E-E7678177DA9D}.dat
2004-02-29 01:44 32 --sha-w C:\WINNT\system32\{C3FFBBD3-535C-4BB1-B187-47AD9BAC05D8}.dat
2004-02-29 01:42 32 --sha-w C:\WINNT\system32\{FAF8EF9A-AE41-4381-8369-AB595EC8BC08}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
C:\Program Files\ISM\BndDrive7.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-03-29 15:10 68856]
"desktop_light.pxx"="C:\Program Files\Tavultesoft\Keyman Desktop Light 7.0\kmshell.exe" [2007-11-27 14:49 1288048]
"xInsIDE"="C:\Program Files\xInsIDE\xInsIDE.exe" [2008-02-17 16:53 53248]
"Router"="C:\Program Files\Router\Router.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 01:01 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjjhf]
jkkjjhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrr]
C:\WINNT\system32\rqrrr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINNT\System32\LgNotify.dll 2003-02-28 14:01 110592 C:\WINNT\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINNT\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINNT\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINNT\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINNT\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autos.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe
backup=C:\WINNT\pss\autos.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu.lnk
backup=C:\WINNT\pss\eFax Tray Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINNT\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINNT\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINNT\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Live Menu.lnk
backup=C:\WINNT\pss\Live Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=C:\WINNT\pss\officejet 6100.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RingCentral Call Controller.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RingCentral Call Controller.lnk
backup=C:\WINNT\pss\RingCentral Call Controller.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINNT\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINNT\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eli^Start Menu^Programs^Startup^infos.exe]
path=C:\Documents and Settings\Eli\Start Menu\Programs\Startup\infos.exe
backup=C:\WINNT\pss\infos.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eli^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Eli\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINNT\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-10-03 16:50 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVSystemCare]
C:\Program Files\AVSystemCare\pgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-06-04 18:05 116328 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClientGW]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\clkhost]
--a------ 2007-11-18 15:59 16384 C:\WINNT\devadwp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 C:\WINNT\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]
C:\PROGRA~1\eSnips\ClientGW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Ink Monitor]
--a------ 2003-11-05 10:23 303180 C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2002-08-14 15:21 94208 C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
C:\WINNT\system32\cnsqknxo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-10-02 12:19 118784 C:\WINNT\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-01-30 18:55 196608 C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04. exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
--a------ 2003-01-30 18:55 311296 C:\WINNT\system32\hphmon03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
C:\WINNT\System32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iexplorer]
C:\WINNT\system32\iexplorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-10-02 12:37 155648 C:\WINNT\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-08-09 06:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-08-09 06:03 81920 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-28 08:14 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jjodxn]
C:\WINNT\System32\hcjmbhjp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINNT\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lwxbkua]
C:\WINNT\System32\hcjmbhjp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Msia]
C:\WINNT\system32\YSTEM~1\tracert.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-06-25 21:00 771440 C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.0.3.16\InstallStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Projector Manager]
C:\Program Files\InFocus\Projector Manager\Projmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule9]
C:\Program Files\QdrModule\QdrModule9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack9]
C:\Program Files\QdrPack\QdrPack9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qekyamxdvg]
C:\WINNT\System32\hcjmbhjp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMBooster.Net]
C:\Program Files\RAMBooster.Net\RAMBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCHotKey]
--a------ 2006-05-02 16:48 14848 C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\Eli\Application Data\Microsoft\Windows\rayiou.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simple Star PhotoShow Media Manager]
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr. exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smwenmxamy]
C:\WINNT\System32\hcjmbhjp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareBot]
C:\Program Files\SpywareBot\SpywareBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startkey]
C:\WINNT\_system32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 02:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-03-29 15:10 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-01-02 18:11 577536 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-01-02 18:12 126976 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ufhmbhqg]
C:\WINNT\System32\hcjmbhjp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Undefined]
C:\WINNT\system32\winter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINNT\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdyjrdxxusfhk]
C:\WINNT\System32\hcjmbhjp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\whttqurheltf]
C:\WINNT\System32\hcjmbhjp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
C:\WINNT\wupdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 17:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]
C:\winstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\Eli\Application Data\WinTouch\WinTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wpknfgqwxj]
C:\WINNT\System32\hcjmbhjp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xrraekunyuaj]
C:\WINNT\System32\hcjmbhjp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPIAgent5"=2 (0x2)
"SAVScan"=3 (0x3)
"gusvc"=2 (0x2)
"SQLAgent$PARAMOUNT"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$PARAMOUNT"=2 (0x2)
"iPod Service"=3 (0x3)
"Speed Disk service"=2 (0x2)
"NProtectService"=2 (0x2)
"GhostStartService"=2 (0x2)

R1 GhPciScan;GhostPciScanner;C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys [2002-08-14 15:11]
R1 oreans32;oreans32;C:\WINNT\system32\drivers\oreans 32.sys [2006-09-07 16:52]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINNT\system32\DRIVERS\zumbus.sys [2007-11-15 21:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINNT\system32\ZuneBusEnum.exe [2007-11-15 21:51]
S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINNT\system32\drivers\hphius09.sys [2003-01-30 18:55]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Bots\GameGuard\dump_wmimmc.sys []
S3 IFCUSB;IFCUSB;C:\WINNT\system32\drivers\IFCUSB.SYS [2001-05-22 21:55]
S3 NPDriver;Norton Unerase Protection Driver;C:\WINNT\System32\Drivers\NPDRIVER.SYS [2002-08-14 06:03]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINNT\system32\ZuneWlanCfgSvc.exe [2007-11-15 21:51]
S4 MSSQL$PARAMOUNT;MSSQL$PARAMOUNT;C:\Program Files\Microsoft SQL Server\MSSQL$PARAMOUNT\Binn\sqlservr.exe [2002-12-17 17:26]
S4 SQLAgent$PARAMOUNT;SQLAgent$PARAMOUNT;C:\Program Files\Microsoft SQL Server\MSSQL$PARAMOUNT\Binn\sqlagent.EXE [2002-12-17 17:23]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-14 20:45:02 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-20 11:48:39 C:\WINNT\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-12 04:00:00 C:\WINNT\Tasks\Norton AntiVirus - Run Full System Scan - Eli.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-02 01:30:00 C:\WINNT\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-02-20 11:00:00 C:\WINNT\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
"2008-02-16 00:00:00 C:\WINNT\Tasks\{271C803A-1298-428D-ADB0-440CC94F98D3}_ASOUSASTU_Annette Sousa.job"
- C:\WINNT\system32\mobsync.exeL /Schedule=
"2008-02-20 00:00:00 C:\WINNT\Tasks\{2D186DD2-FA0F-48F7-A7DD-1473C92EB67A}_ASOUSASTU_Annette Sousa.job"
- C:\WINNT\system32\mobsync.exeL /Schedule=
"2008-02-19 17:00:00 C:\WINNT\Tasks\{A7FD14B9-2705-4CE2-A53C-23060B45984D}_ASOUSASTU_Annette Sousa.job"
- C:\WINNT\system32\mobsync.exeL /Schedule=
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 04:00:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\System32\RoamMgr.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\WINNT\system32\ZCfgSvc.exe
.
************************************************** ************************
.
Completion time: 2008-02-20 4:07:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-20 12:06:56
.
2008-02-14 20:25:36 --- E O F ---
wiwazevedo is offline   Reply With Quote