Thread: Need Help Cleaning My System Really Really Bad!
View Single Post
Old 05-12-2008, 01:35 AM   #27 (permalink)
makaveli3004
Bronze Member
 
Join Date: Nov 2006
Posts: 69
Default
Had no problems running combo fix but when searchin web pages it is still very slow




"Valued Customer" - 2008-05-11 20:35:37 Service Pack 2
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Valued Customer\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\Program Files\YSTEM~1
C:\qoobox\purity\C\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\C\Program Files\Common Files\STEM32~1
C:\qoobox\purity\C\WINDOWS\YSTEM3~1
C:\qoobox\purity\C\WINDOWS\system32\RACLE~1


((((((((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-11 ))))))))))))))))))))))))))))))))))


2008-05-11 14:59 91,712 --a------ C:\WINDOWS\system32\uyumvcdx.dll
2008-05-11 14:59 2,112 --a------ C:\WINDOWS\system32\sfwjqgky.exe
2008-05-11 14:59 101,952 --a------ C:\WINDOWS\system32\carrrntn.dll
2008-05-11 14:58 98,368 --a------ C:\WINDOWS\system32\drnfnhxj.dll
2008-05-11 14:58 1,043,784 --ahs---- C:\WINDOWS\system32\XHkSrtwa.ini2
2008-05-11 14:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\mrelmhsr
2008-05-11 14:53 72,626 --a------ C:\WINDOWS\system32\yzbgqap.sys
2008-05-11 14:49 12,288 --a------ C:\WINDOWS\system32\aplib.dll
2008-05-09 05:15 <DIR> d-------- C:\DOCUME~1\Mom\APPLIC~1\Awola6
2008-04-29 00:41 <DIR> d-------- C:\VundoFix Backups
2008-04-27 13:35 <DIR> d-------- C:\Avenger
2008-04-27 12:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-22 19:24 0 --ahs---- C:\DOCUME~1\Mom\APPLIC~1\00480e735bb240c3461019295 b35d243c30c3294c4.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2008-05-12 00:43:29 -------- d-----w C:\DOCUME~1\VALUED~1\APPLIC~1\DNA
2008-05-11 19:01:46 -------- d-----w C:\DOCUME~1\VALUED~1\APPLIC~1\BitTorrent
2008-04-29 04:51:11 -------- d-----w C:\Program Files\PowerISO
2008-04-15 21:55:43 309,682 --sha-w C:\WINDOWS\system32\mprCdMoq.ini2
2008-04-10 23:08:33 50,176 --s---w C:\WINDOWS\mdm.exe
2008-04-07 21:09:49 -------- d-----w C:\Program Files\iTunes
2008-04-07 21:09:37 -------- d-----w C:\Program Files\iPod
2008-04-07 21:08:48 -------- d-----w C:\Program Files\QuickTime
2008-04-05 17:36:21 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2008-04-02 02:00:55 -------- d-----w C:\DOCUME~1\VALUED~1\APPLIC~1\Ahead
2008-03-24 23:15:03 -------- d-----w C:\Program Files\mIRC
2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 18:55:37 -------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-12 02:19:02 -------- d-----w C:\Program Files\Bonjour
2008-03-12 02:07:53 -------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-12 02:01:37 486,108,144 ----a-w C:\ADBEPHSPCS3_WWE.exe
2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 16:22]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 22:22]
"watelkj"="C:\WINDOWS\system32\watelkj.exe" []
"o"="C:\WINDOWS\system32\o.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51]
"Amok Eggs Four Web"="C:\Documents and Settings\All Users\Application Data\part dead amok eggs\long upload.exe" []
"MODE FREE BIRD SURF"="C:\Documents and Settings\All Users\Application Data\beep axis mode free\Grim third.exe" [2008-05-11 17:04]
"ec731d21"="C:\WINDOWS\system32\uyumvcdx.dll" [2008-05-11 14:59]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36]
"BMef402ebd"="C:\WINDOWS\system32\drnfnhxj.dll " [2008-05-11 14:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 19:35]
"Orb"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [2007-12-17 21:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 03:11]
"logo link"="C:\DOCUME~1\VALUED~1\APPLIC~1\FINDOK~1\Hold Log.exe" []
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 20:07]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 23:25]
"mdm"="C:\WINDOWS\mdm.exe" [2008-04-10 19:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices]
"watelkj"=C:\WINDOWS\system32\watelkj.exe
"o"=C:\WINDOWS\system32\o.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegedit"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Internet Explorer\prohdyxe.html

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
C:\Program Files\ComPlus Applications\prohdyxe.html

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"{AEAC12A0-9342-4D7B-BC25-BB09BA2195CB}"="C:\WINDOWS\mpfanvqg.dll" []
"{71DE5F20-F659-4D48-8469-35CAAE32BB1B}"="C:\WINDOWS\vbksrofa.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBrsTNH]
geBrsTNH.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifeefd]
iifeefd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\awtrSkHX

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.8\webbuying.exe


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2454c9f0-95b4-11db-8b11-0015af08fdcc}]
AutoRun\command- H:\Programs\nu2menu\nu2menu.exe


Contents of the 'Scheduled Tasks' folder
2008-05-05 15:48:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-05-11 21:05:36 C:\WINDOWS\tasks\MP Scheduled Scan.job

************************************************** ******************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 20:44:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


************************************************** ******************

Completion time: 2008-05-11 20:46:36
C:\ComboFix-quarantined-files.txt ... 2008-05-11 20:46
C:\ComboFix2.txt ... 2008-04-26 12:44
C:\ComboFix3.txt ... 2008-02-22 02:10

--- E O F ---
makaveli3004 is offline   Reply With Quote