Jump to content

damagedone

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. damagedone
    Hello to all,new to this forum!=) Log from ComboFix: ComboFix 10-09-02.03 - Administrator 03/09/2010 14:27:29.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1253.30.1032.18.1023.711 [GMT 3:00] Running from: c:\documents and settings\Administrator\????????? ????????\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\3dcs9.exe c:\documents and settings\Administrator\Application Data\F999863FCD0F84161E0D975E30AD6759 c:\documents and settings\Administrator\Application Data\F999863FCD0F84161E0D975E30AD6759\enemies-names.txt c:\documents and settings\Administrator\Application Data\F999863FCD0F84161E0D975E30AD6759\local.ini c:\documents and settings\Administrator\Application Data\F999863FCD0F84161E0D975E30AD6759\lsrslt.ini c:\documents and settings\Administrator\Favorites\Download programs.url c:\documents and settings\Administrator\Favorites\Games.url c:\documents and settings\Administrator\Favorites\Translator.url c:\documents and settings\Administrator\Favorites\Videos.url c:\documents and settings\Administrator\Local Settings\Application Data\edimqackg c:\documents and settings\Administrator\Local Settings\Application Data\edimqackg\ktyxhepshdw.exe c:\documents and settings\Administrator\Local Settings\Application Data\fnpoplmub c:\documents and settings\Administrator\Local Settings\Application Data\fnpoplmub\kfkabklshdw.exe c:\documents and settings\Administrator\Local Settings\Application Data\nwosolutm c:\documents and settings\Administrator\Local Settings\Application Data\nwosolutm\kcgvkyxshdw.exe c:\documents and settings\Administrator\Local Settings\Application Data\phmvqlcwt c:\documents and settings\Administrator\Local Settings\Application Data\phmvqlcwt\fqqfykpshdw.exe c:\documents and settings\Administrator\Local Settings\Application Data\skwronivg c:\documents and settings\Administrator\Local Settings\Application Data\skwronivg\kbelgbtshdw.exe c:\documents and settings\Administrator\Local Settings\Application Data\sovdgpblb c:\documents and settings\Administrator\Local Settings\Application Data\sovdgpblb\uubxqarshdw.exe c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\flags.ini c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\server.dat c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\uses32.dat C:\Install.exe c:\windows\system32\404Fix.exe c:\windows\system32\agbnmwbi.dll c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\apvphdih.ini c:\windows\system32\atsamkqn.dll c:\windows\system32\auuunnat.dll c:\windows\system32\bffmyr.dll c:\windows\system32\CJjRBcdd.ini c:\windows\system32\cMnmWyxx.ini c:\windows\system32\coifbkdy.dll c:\windows\system32\crvgfyeo.dll c:\windows\system32\cscuhm.dll c:\windows\system32\ddbgmqcy.dll c:\windows\system32\dheuyq.dll c:\windows\system32\dumphive.exe c:\windows\system32\eboobnhy.dll c:\windows\system32\edijaz.dll c:\windows\system32\eguhefnq.dll c:\windows\system32\emhlmgah.dll c:\windows\system32\EMVwaGgh.ini c:\windows\system32\esdlmutq.dll c:\windows\system32\ewachj.dll c:\windows\system32\exochuvs.dll c:\windows\system32\eysotv.dll c:\windows\system32\fbiwqfsy.dll c:\windows\system32\fcfxvcmt.dll c:\windows\system32\fglgvwet.dll c:\windows\system32\frgqaz.dll c:\windows\system32\gdifjdid.dll c:\windows\system32\ghcpuagw.dll c:\windows\system32\gknaxjhe.dll c:\windows\system32\gnakefvp.dll c:\windows\system32\gngkxbsu.dll c:\windows\system32\GOUtCIPo.ini c:\windows\system32\gqsfjvkp.dll c:\windows\system32\gtlleeow.dll c:\windows\system32\gyiclnet.dll c:\windows\system32\haemdi.dll c:\windows\system32\hdomnopd.dll c:\windows\system32\hdwqkljr.dll c:\windows\system32\hhobdfkf.dll c:\windows\system32\hhqthb.dll c:\windows\system32\hixvzj.dll c:\windows\system32\hjdpyqiy.dll c:\windows\system32\hmkfcxlu.dll c:\windows\system32\hsdsjn.dll c:\windows\system32\hwcqeysi.dll c:\windows\system32\hxfiwejn.dll c:\windows\system32\hxtstcyn.dll c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\ijslxyjr.dll c:\windows\system32\imrquw.dll c:\windows\system32\ipdypour.dll c:\windows\system32\iyervnkx.dll c:\windows\system32\iysvdk.dll c:\windows\system32\jfafsjni.dll c:\windows\system32\jreyyx.dll c:\windows\system32\jsmpudgm.dll c:\windows\system32\jysppuyt.dll c:\windows\system32\kedtpr.dll c:\windows\system32\knnfnfgm.dll c:\windows\system32\kudmwvpl.dll c:\windows\system32\kvnvildh.dll c:\windows\system32\kvujkr.dll c:\windows\system32\kwmqqn.dll c:\windows\system32\kyiwmk.dll c:\windows\system32\lcvceq.dll c:\windows\system32\ljcrmx.dll c:\windows\system32\llncfpbf.dll c:\windows\system32\lsgysp.dll c:\windows\system32\mhqgdhgb.dll c:\windows\system32\mpdofg.dll c:\windows\system32\mpqjaf.dll c:\windows\system32\mrikppvv.dll c:\windows\system32\ngjani.dll c:\windows\system32\o4Patch.exe c:\windows\system32\ohqjjgwc.dll c:\windows\system32\onhfkn.dll c:\windows\system32\oolfrw.dll c:\windows\system32\oscqqe.dll c:\windows\system32\oumuws.dll c:\windows\system32\pfxhfyta.dll c:\windows\system32\pjhjonoa.dll c:\windows\system32\pmlvyg.dll c:\windows\system32\pnfumxhm.dll c:\windows\system32\poyuzk.dll c:\windows\system32\pqltbq.dll c:\windows\system32\Process.exe c:\windows\system32\pszjwc.dll c:\windows\system32\ptcsaiuv.dll c:\windows\system32\pxgyubhy.dll c:\windows\system32\qbrycxea.dll c:\windows\system32\qdjyalqe.dll c:\windows\system32\qggyuhwa.dll c:\windows\system32\qhyqygnm.dll c:\windows\system32\qkutlvmq.dll c:\windows\system32\qwhfqnmg.dll c:\windows\system32\rCMVyyay.ini c:\windows\system32\rigtkjej.dll c:\windows\system32\rjofce.dll c:\windows\system32\rnyrbexb.dll c:\windows\system32\shcfypww.dll c:\windows\system32\sicbql.dll c:\windows\system32\SrchSTS.exe c:\windows\system32\svrstx.dll c:\windows\system32\sycqgu.dll c:\windows\system32\tfqroqrx.dll c:\windows\system32\tfwuomqh.dll c:\windows\system32\tmp.reg c:\windows\system32\tvbsmd.dll c:\windows\system32\uaifxgrb.dll c:\windows\system32\UBbJQXbc.ini c:\windows\system32\ucqbqu.dll c:\windows\system32\udtqhkmj.dll c:\windows\system32\uerqqmoh.dll c:\windows\system32\uglqvqdf.dll c:\windows\system32\ulpqpkhg.dll c:\windows\system32\uqttuc.dll c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\vewubd.dll c:\windows\system32\vhyrrk.dll c:\windows\system32\vpbcitbl.dll c:\windows\system32\vxwqwsdb.dll c:\windows\system32\vyavxerc.dll c:\windows\system32\wbdmdygl.dll c:\windows\system32\wggwppma.dll c:\windows\system32\wlhnrjxu.dll c:\windows\system32\wpodrl.dll c:\windows\system32\WS2Fix.exe c:\windows\system32\xdxuplnw.dll c:\windows\system32\xervxv.dll c:\windows\system32\xgntecff.dll c:\windows\system32\xsplfutd.dll c:\windows\system32\xtycojvv.dll c:\windows\system32\yluceq.dll c:\windows\system32\yowhjqyj.dll c:\windows\system32\ypxakc.dll c:\windows\system32\yqgynoum.dll c:\windows\system32\ytnojo.dll c:\windows\system32\yuydixfn.dll c:\windows\system32\ywkwifst.dll c:\windows\system32\yzargd.dll c:\windows\system32\zagdse.dll c:\windows\system32\zkrdls.dll c:\windows\system32\zowixj.dll C:\ws.exe c:\windows\system32\winlogon.exe . . . is infected!! Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe c:\windows\system32\drivers\ndis.sys . . . is infected!! c:\windows\system32\proquota.exe . . . is missing!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ATAPIDRV -------\Service_usnjsvc ((((((((((((((((((((((((( Files Created from 2010-08-03 to 2010-09-03 ))))))))))))))))))))))))))))))) . 2010-09-03 10:36 . 2010-09-03 10:36 -------- d-----w- c:\program files\TheStubware 2010-09-03 10:36 . 2010-04-10 14:05 9728 ----a-w- c:\windows\system32\drivers\TheStubwareDriver.SYS 2010-09-03 10:36 . 2010-04-10 14:01 44032 ----a-w- c:\windows\system32\drivers\ActiveMonitor.SYS 2010-09-02 17:34 . 2010-09-02 17:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\NETGATE Registry Cleaner 2010-09-02 17:34 . 2010-09-02 17:34 -------- d-----w- c:\program files\NETGATE 2010-09-01 13:39 . 2010-09-01 13:39 711168 ----a-w- c:\windows\is-70I7F.exe 2010-08-31 16:14 . 2010-08-31 16:14 -------- d-----w- c:\windows\system32\wbem\Repository 2010-08-31 15:30 . 2010-09-03 11:36 786944 ----a-w- c:\windows\system32\drivers\dwtma.sys 2010-08-30 01:08 . 2010-08-30 01:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Navnet_Solutions 2010-08-30 01:07 . 2010-08-30 01:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\NavNet Solutions 2010-08-24 21:40 . 2010-08-30 19:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc 2010-08-24 21:39 . 2010-08-24 21:39 -------- d-----w- c:\program files\VideoLAN 2010-08-09 14:51 . 2010-08-09 14:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\LolClient 2010-08-09 13:53 . 2010-08-23 12:43 -------- d-----w- c:\program files\League of Legends 2010-08-09 13:20 . 2010-08-09 21:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PMB Files 2010-08-09 13:20 . 2010-08-09 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2010-08-09 13:20 . 2010-08-09 13:20 -------- d-----w- c:\program files\Pando Networks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-03 11:37 . 2001-11-27 12:00 554098 ----a-w- c:\windows\system32\perfh008.dat 2010-09-03 11:37 . 2001-11-27 12:00 96134 ----a-w- c:\windows\system32\perfc008.dat 2010-09-03 11:06 . 2008-02-22 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7 2010-09-03 11:06 . 2008-02-22 19:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG7 2010-09-01 21:48 . 2007-10-23 15:56 76056 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-01 13:42 . 2009-05-08 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-31 17:09 . 2004-08-03 20:14 211072 ----a-w- c:\windows\system32\drivers\ndis.sys 2010-08-31 15:31 . 2008-08-19 05:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent 2010-08-31 07:09 . 2010-05-16 19:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype 2010-08-30 18:23 . 2007-10-23 15:52 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-30 18:21 . 2009-05-05 12:33 -------- d-----w- c:\program files\Rock Legend Demo 2010-08-30 18:19 . 2010-03-20 01:47 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-08-30 18:19 . 2010-03-20 01:46 -------- d-----w- c:\program files\AVS4YOU 2010-08-30 18:18 . 2010-06-18 01:34 -------- d-----w- c:\program files\AVI-GIF 2010-07-08 21:31 . 2009-06-19 17:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM 2010-06-20 21:49 . 2010-06-20 21:49 77312 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.72.0A.dll 2010-06-11 22:46 . 2010-01-12 12:46 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll 2010-06-11 22:46 . 2010-01-12 12:46 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe 2004-10-01 12:00 . 2007-10-23 16:13 40960 ----a-w- c:\program files\Uninstall_CDS.exe 2006-05-03 09:06 . 2010-06-18 02:27 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2010-06-18 02:27 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2010-06-18 02:27 216064 --sh--r- c:\windows\system32\nbDX.dll . ------- Sigcheck ------- [-] 2010-08-31 17:09 . !HASH: COULD NOT OPEN FILE !!!!! . 211072 . . [------] . . c:\windows\system32\drivers\ndis.sys [-] 2010-08-31 17:09 . !HASH: COULD NOT OPEN FILE !!!!! . 211072 . . [------] . . c:\windows\system32\dllcache\ndis.sys [-] 2004-09-04 . 1B0C413220951CDE77988FA46F024E9C . 508416 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2007-06-13 . 080A0A07EEB41370757978CF9A6A4476 . 1037824 . . [6.00.2900.3156] . . c:\windows\explorer.exe [7] 2007-06-13 . 1DEB059FFD416425426735E6EC1CF3C0 . 1037824 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NETGATERegistryCleaner"="c:\program files\NETGATE\Registry Cleaner\RegistryCleaner.exe" [2010-08-30 1870488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-04 15360] "iLike"="c:\program files\iLike\1.2.11\ilikesidebar.exe" [2008-09-11 63024] c:\documents and settings\All Users\Start Menu\
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.