Jump to content

J. David Boyd

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. and here's checkup.txt. Results of screen317's Security Check version 0.98.9 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! `````````````````````````````` Anti-malware/Other Utilities Check: HijackThis 2.0.2 Java 6 Update 11 Java 2 Runtime Environment, SE v1.4.2_03 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 9.1 `````````````````````````````` Process Check: objlist.exe by Laurent `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````
  2. Here's the results from the FSecure spyware scan: Scanning Report Friday, August 28, 2009 19:51:07 - 08:25:50 Computer name: BUDDHA Scanning type: Scan system for malware, spyware and rootkits Target: C:\ 57 malware found TrackingCookie.Questionmarket (spyware) System (Disinfected) TrackingCookie.Adinterax (spyware) System (Disinfected) TrackingCookie.2o7 (spyware) System (Disinfected) TrackingCookie.Advertising (spyware) System (Disinfected) TrackingCookie.Atdmt (spyware) System (Disinfected) TrackingCookie.Adtech (spyware) System (Disinfected) TrackingCookie.Doubleclick (spyware) System (Disinfected) TrackingCookie.Revsci (spyware) System (Disinfected) TrackingCookie.Specificclick (spyware) System (Disinfected) TrackingCookie.Clickbank (spyware) System (Disinfected) TrackingCookie.Adrevolver (spyware) System (Disinfected) TrackingCookie.Adbrite (spyware) System (Disinfected) TrackingCookie.Xiti (spyware) System (Disinfected) TrackingCookie.Webtrends (spyware) System (Disinfected) TrackingCookie.Mediaplex (spyware) System (Disinfected) Trojan.Generic.1785280 (spyware) System (Disinfected) TrackingCookie.Tradedoubler (spyware) System (Disinfected) TrackingCookie.Statcounter (spyware) System (Disinfected) TrackingCookie.Atwola (spyware) System (Disinfected) TrackingCookie.Yieldmanager (spyware) System (Disinfected) Trojan.Generic.1785280 (virus) C:\WINDOWS\SYSTEM32\KUSERS.DLL (Not cleaned) Trojan.Generic.1942892 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0060200.DLL (Renamed & Submitted) Worm.Generic.44360 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP309\A0060199.DLL (Renamed) Trojan.Generic.1333556 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP307\A0059801.EXE (Renamed & Submitted) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0059317.EXE (Not cleaned & Submitted) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0059315.EXE (Not cleaned) Trojan.CryptRedol.Gen.3 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0059319.EXE (Renamed & Submitted) Trojan.Generic.2192870 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0059320.EXE (Renamed & Submitted) Gen:Trojan.Heur.TDSS.fqW@fSBTnkci (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0059321.EXE (Renamed & Submitted) Trojan-Downloader:W32/Renos.gen!C (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0059322.EXE (Renamed & Submitted) Trojan-Downloader:W32/Bredolab.gen!B (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0059323.EXE (Renamed & Submitted) Trojan.Generic.IS.604419 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0059325.EXE (Renamed & Submitted) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0059332.EXE (Not cleaned & Submitted) Trojan.Agent.ANDM (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0059333.EXE (Renamed & Submitted) Trojan.Generic.IS.595345 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP304\A0058941.EXE (Renamed & Submitted) Trojan.Generic.1942892 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0058436.DLL (Renamed & Submitted) Trojan.Generic.1942892 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0058435.DLL (Renamed & Submitted) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP279\A0054489.EXE (Not cleaned & Submitted) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP279\A0054488.EXE (Not cleaned & Submitted) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP279\A0054501.DLL (Not cleaned & Submitted) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP279\A0054529.DLL (Not cleaned & Submitted) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP279\A0054519.EXE (Not cleaned & Submitted) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP279\A0054531.EXE (Not cleaned & Submitted) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP279\A0054528.DLL (Not cleaned & Submitted) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP279\A0054530.DLL (Not cleaned & Submitted) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP278\A0054390.DLL (Not cleaned) Trojan.Generic.1854546 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP278\A0054386.BAT (Not cleaned) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP278\A0054424.DLL (Not cleaned) Trojan.Generic.1785280 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP278\A0054436.DLL (Not cleaned) Trojan.Generic.1854546 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP278\A0054448.BAT (Not cleaned) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP278\A0054453.DLL (Not cleaned) Trojan.Generic.1854546 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP278\A0054449.BAT (Not cleaned) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP277\A0054354.DLL (Not cleaned) Trojan.Generic.1758226 (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP277\A0054368.DLL (Not cleaned) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP274\A0054256.DLL (Not cleaned) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP274\A0054281.DLL (Not cleaned) Rogue:W32/SpyGuard.gen!A (virus) C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP274\A0054304.DLL (Not cleaned) Statistics Scanned: Files: 53311 System: 3116 Not scanned: 6 Actions: Disinfected: 20 Renamed: 13 Deleted: 0 Not cleaned: 24 Submitted: 22 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics Copyright
  3. Here's the HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:40:59 PM, on 8/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing) O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing) O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel
  4. Here's the ComboFix log, Hijack this coming next: ComboFix 09-08-24.01 - James Brownrigg 08/27/2009 19:24.7.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.255 [GMT -4:00] Running from: c:\documents and settings\James Brownrigg\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\James Brownrigg\Desktop\CFScript.txt . ((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 ))))))))))))))))))))))))))))))) . 2009-08-18 18:34 . 2009-08-18 18:34 -------- d-----w- c:\documents and settings\James Brownrigg\Local Settings\Application Data\Opera 2009-08-18 18:34 . 2009-08-18 18:34 -------- d-----w- c:\program files\Opera 2009-08-16 23:01 . 2009-08-16 23:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-15 20:29 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-08-15 20:29 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2009-08-15 20:29 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-15 20:29 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys 2009-08-12 04:05 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-27 23:19 . 2008-05-08 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 22:07 . 2009-07-01 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-03 22:07 . 2009-07-01 15:25 -------- d-----w- c:\program files\NOS 2009-07-03 17:09 . 2004-08-10 17:51 915456 ------w- c:\windows\system32\wininet.dll 2009-07-01 15:32 . 2007-02-03 00:17 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-01 15:26 . 2009-07-01 15:26 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-01 15:25 . 2009-07-01 15:25 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2009-07-01 10:11 . 2009-07-01 10:11 138 ----a-w- c:\documents and settings\James Brownrigg\Local Settings\Application Data\fusioncache.dat 2009-06-25 08:25 . 2004-08-10 17:51 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-10 17:51 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-10 17:51 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-10 17:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 12:31 . 2004-08-10 17:51 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2004-08-10 18:01 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2004-08-10 17:51 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 20:17 . 2009-05-28 22:32 205840 ----a-w- c:\windows\system32\kusers.dll 2009-06-03 19:09 . 2004-08-10 17:51 1291264 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-18_19.38.32 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-27 23:31 . 2009-08-27 23:31 16384 c:\windows\temp\Perflib_Perfdata_290.dat + 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe + 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll + 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe - 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll + 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys + 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll + 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll + 2004-08-10 17:51 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll + 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll + 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll + 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll + 2009-04-15 10:18 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll + 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll + 2009-06-10 13:19 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll + 2004-08-10 17:51 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll + 2004-08-10 17:51 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-01-31 155648] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-02 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-02 98304] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-2 24576] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-29 23:57] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-27 19:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(952) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(3924) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\scardsvr.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\Apoint\ApntEx.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\fxssvc.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-27 19:36 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-27 23:36 ComboFix2.txt 2009-08-27 00:11 ComboFix3.txt 2009-08-26 19:06 ComboFix4.txt 2009-08-24 19:54 ComboFix5.txt 2009-08-27 23:23 Pre-Run: 23,776,481,280 bytes free Post-Run: 23,738,761,216 bytes free 169 --- E O F --- 2009-08-27 23:21
  5. Great! I'll do that sometime today. Thanks for all your efforts. I really appreciate the time and energy you are putting in to this.
  6. Here's the results: I actually had to boot into Ubuntu from a CD, then copy the notepad file to the desktop, then boot back into windows, then drop the file on top of Combofix, then boot back into the Ubuntu cd to copy the file back to a flash drive, to get it to a system so I could send it here. If we even looked at it, or tried to move it around in Windows, whatever is running on that box kept corrupting the file...... ComboFix 09-08-24.01 - James Brownrigg 08/26/2009 19:58.6.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.267 [GMT -4:00] Running from: c:\documents and settings\James Brownrigg\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\James Brownrigg\Desktop\CFScript.txt file zipped: C:\avg_free_stb_all_8_32_cnet.exe file zipped: c:\windows\system32\afaeeddeafa.dll file zipped: c:\windows\system32\bcfa641acb9b1fa199c53255d5b56b7d.TMP file zipped: c:\windows\system32\c28be957c975aefb5e27b3f339b69606.TMP file zipped: c:\windows\system32\edfbcebdddea.dll file zipped: c:\windows\system32\fef7a3a5ebf10090ceb6d820b1fffdcc.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\avg_free_stb_all_8_32_cnet.exe c:\windows\system32\afaeeddeafa.dll c:\windows\system32\bcfa641acb9b1fa199c53255d5b56b7d.TMP c:\windows\system32\c28be957c975aefb5e27b3f339b69606.TMP c:\windows\system32\edfbcebdddea.dll . ((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 ))))))))))))))))))))))))))))))) . 2009-08-24 19:49 . 2009-08-27 00:03 39936 ----a-w- c:\windows\system32\_fef7a3a5ebf10090ceb6d820b1fffdcc.sys_.vir 2009-08-18 22:51 . 2009-08-26 23:58 39936 ----a-w- c:\windows\system32\fef7a3a5ebf10090ceb6d820b1fffdcc.sys 2009-08-18 18:34 . 2009-08-18 18:34 -------- d-----w- c:\documents and settings\James Brownrigg\Local Settings\Application Data\Opera 2009-08-18 18:34 . 2009-08-18 18:34 -------- d-----w- c:\program files\Opera 2009-08-16 23:01 . 2009-08-16 23:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-15 20:29 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-08-15 20:29 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2009-08-15 20:29 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-15 20:29 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys 2009-08-12 04:05 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-26 18:54 . 2008-05-08 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 22:07 . 2009-07-01 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-03 22:07 . 2009-07-01 15:25 -------- d-----w- c:\program files\NOS 2009-07-03 17:09 . 2004-08-10 17:51 915456 ------w- c:\windows\system32\wininet.dll 2009-07-01 15:32 . 2007-02-03 00:17 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-01 15:26 . 2009-07-01 15:26 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-01 15:25 . 2009-07-01 15:25 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2009-07-01 10:11 . 2009-07-01 10:11 138 ----a-w- c:\documents and settings\James Brownrigg\Local Settings\Application Data\fusioncache.dat 2009-06-25 08:25 . 2004-08-10 17:51 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-10 17:51 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-10 17:51 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-10 17:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 12:31 . 2004-08-10 17:51 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2004-08-10 18:01 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2004-08-10 17:51 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 20:17 . 2009-05-28 22:32 205840 ----a-w- c:\windows\system32\kusers.dll 2009-06-03 19:09 . 2004-08-10 17:51 1291264 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-18_19.38.32 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-27 00:06 . 2009-08-27 00:06 16384 c:\windows\temp\Perflib_Perfdata_28c.dat + 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll + 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe - 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll + 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys + 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll + 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll + 2004-08-10 17:51 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll + 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll + 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll + 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll + 2009-04-15 10:18 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll + 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll + 2009-06-10 13:19 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll + 2004-08-10 17:51 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll + 2004-08-10 17:51 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-01-31 155648] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-02 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-02 98304] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-2 24576] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-29 23:57] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-26 20:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(952) c:\windows\system32\Ati2evxx.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll - - - - - - - > 'explorer.exe'(3952) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\scardsvr.exe c:\progra~1\Intel\Wireless\Bin\1XConfig.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\program files\Apoint\ApntEx.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\fxssvc.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-27 20:11 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-27 00:11 ComboFix2.txt 2009-08-26 19:06 ComboFix3.txt 2009-08-24 19:54 ComboFix4.txt 2009-08-18 23:01 ComboFix5.txt 2009-08-26 23:55 Pre-Run: 23,842,361,344 bytes free Post-Run: 23,788,453,888 bytes free 184 --- E O F --- 2009-08-18 23:08
  7. Ok, I will do that. Sorry about the " reply. I never even noticed the quote markers, and didn't think much about it. It won't happen again. I'll post the correct stuff later on tonight. Thanks, Dave
  8. I've attached a file that contains the results. Hope this helps! Dave ComboFix 09-08-24.01 - James Brownrigg 08/24/2009 15:44.4.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.251 [GMT -4:00] Running from: c:\documents and settings\James Brownrigg\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\James Brownrigg\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-07-24 to 2009-08-24 ))))))))))))))))))))))))))))))) . 2009-08-18 18:34 . 2009-08-18 18:34 -------- d-----w- c:\documents and settings\James Brownrigg\Local Settings\Application Data\Opera 2009-08-18 18:34 . 2009-08-18 18:34 -------- d-----w- c:\program files\Opera 2009-08-16 23:01 . 2009-08-16 23:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-15 21:22 . 2009-08-15 20:49 848712 ----a-w- C:\avg_free_stb_all_8_32_cnet.exe 2009-08-15 20:29 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-08-15 20:29 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2009-08-15 20:29 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-15 20:29 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys 2009-08-12 04:05 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-24 01:36 . 2008-05-08 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 10:44 . 2009-07-16 10:44 312847 ------w- c:\windows\system32\c28be957c975aefb5e27b3f339b69606.TMP 2009-07-16 10:44 . 2007-04-23 03:30 312847 ------w- c:\windows\system32\edfbcebdddea.dll 2009-07-16 10:44 . 2009-07-16 10:44 278033 ------w- c:\windows\system32\bcfa641acb9b1fa199c53255d5b56b7d.TMP 2009-07-14 03:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 22:07 . 2009-07-01 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-03 22:07 . 2009-07-01 15:25 -------- d-----w- c:\program files\NOS 2009-07-03 17:09 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-01 15:32 . 2007-02-03 00:17 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-01 15:26 . 2009-07-01 15:26 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-01 15:25 . 2009-07-01 15:25 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2009-07-01 10:11 . 2009-07-01 10:11 138 ----a-w- c:\documents and settings\James Brownrigg\Local Settings\Application Data\fusioncache.dat 2009-06-25 08:25 . 2004-08-10 17:51 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-10 17:51 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-10 17:51 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-10 17:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 12:31 . 2004-08-10 17:51 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-10 17:50 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2004-08-10 18:01 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2004-08-10 17:51 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 20:17 . 2009-05-28 22:32 205840 ----a-w- c:\windows\system32\kusers.dll 2009-06-03 19:09 . 2004-08-10 17:51 1291264 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-18_19.38.32 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll + 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe + 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll - 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll + 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys + 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll + 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll + 2004-08-10 17:51 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll + 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll + 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll + 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll + 2009-04-15 10:18 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll + 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll + 2009-06-10 13:19 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll + 2004-08-10 17:51 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll + 2004-08-10 17:51 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-01-31 155648] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-02 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-02 98304] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-2 24576] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afaeeddeafa] 2009-05-18 03:49 278033 ------w- c:\windows\system32\afaeeddeafa.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\edfbcebdddea] 2009-07-16 10:44 312847 ------w- c:\windows\system32\edfbcebdddea.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-29 23:57] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-24 15:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... CFLog.txt
  9. I've added the info in an attachment. info_for_mb.txt
  10. Getting errors trying to upload the results. Perhaps I can put them in a file attachment...
  11. Maybe I can format that better, here we go --- ---------------------------------------------------------------------------------- ComboFix 09-08-10.06 - James Brownrigg 08/18/2009 18:51.3.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.250 [GMT -4:00] Running from: c:\documents and settings\James Brownrigg\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\JAMESB~1\LOCALS~1\Temp\catchme.dll c:\documents and settings\James Brownrigg\Local Settings\Temp\catchme.dll c:\windows\system32\kdpini.dll . ((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 ))))))))))))))))))))))))))))))) . 2009-08-18 22:50 . 2009-08-18 22:50 149522 ------w- c:\windows\system32\da4992ce7f772f5cdced9c69faa08afa.exe 2009-08-18 18:34 . 2009-08-18 18:34 -------- d-----w- c:\documents and settings\James Brownrigg\Local Settings\Application Data\Opera 2009-08-18 18:34 . 2009-08-18 18:34 -------- d-----w- c:\program files\Opera 2009-08-16 23:01 . 2009-08-16 23:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-15 21:22 . 2009-08-15 20:49 848712 ----a-w- C:\avg_free_stb_all_8_32_cnet.exe 2009-08-15 20:29 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-08-15 20:29 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2009-08-15 20:29 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-15 20:29 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys 2009-08-12 04:05 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-18 17:54 . 2008-05-08 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-16 10:44 . 2009-07-16 10:44 312847 ------w- c:\windows\system32\c28be957c975aefb5e27b3f339b69606.TMP 2009-07-16 10:44 . 2007-04-23 03:30 312847 ------w- c:\windows\system32\edfbcebdddea.dll 2009-07-16 10:44 . 2009-07-16 10:44 278033 ------w- c:\windows\system32\bcfa641acb9b1fa199c53255d5b56b7d.TMP 2009-07-03 22:07 . 2009-07-01 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-03 22:07 . 2009-07-01 15:25 -------- d-----w- c:\program files\NOS 2009-07-03 17:09 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-01 15:32 . 2007-02-03 00:17 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-01 15:26 . 2009-07-01 15:26 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-01 15:25 . 2009-07-01 15:25 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2009-07-01 10:11 . 2009-07-01 10:11 138 ----a-w- c:\documents and settings\James Brownrigg\Local Settings\Application Data\fusioncache.dat 2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-03 20:17 . 2009-05-28 22:32 205840 ----a-w- c:\windows\system32\kusers.dll 2009-06-03 19:09 . 2004-08-10 17:51 1291264 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-18_19.38.32 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-18 22:45 . 2009-08-18 22:45 16384 c:\windows\temp\Perflib_Perfdata_6e8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-01-31 155648] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-02 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-02 98304] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-2 24576] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afaeeddeafa] 2009-05-18 03:49 278033 ------w- c:\windows\system32\afaeeddeafa.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\edfbcebdddea] 2009-07-16 10:44 312847 ------w- c:\windows\system32\edfbcebdddea.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-18 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-29 23:57] . - - - - ORPHANS REMOVED - - - - HKLM-Run-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe HKLM-Run-MCAgentExe - c:\progra~1\mcafee.com\agent\McAgent.exe . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-18 18:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\fef7a3a5ebf10090ceb6d820b1fffdcc.sys 39936 bytes executable scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fef7a3a5ebf10090ceb6d820b1fffdcc] "ImagePath"="system32\fef7a3a5ebf10090ceb6d820b1fffdcc.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(948) c:\windows\system32\afaeeddeafa.dll c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\edfbcebdddea.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll . Completion time: 2009-08-18 19:01 ComboFix-quarantined-files.txt 2009-08-18 23:01 ComboFix2.txt 2009-08-18 20:12 ComboFix3.txt 2009-08-18 19:41 Pre-Run: 24,066,068,480 bytes free Post-Run: 24,026,931,200 bytes free 131 --- E O F --- 2009-08-15 20:32 ----------------------------------------------------------------------------------
  12. I've read many other posts here, and we have the problem also where malware bytes and hijack this refuse to run, the browser is being redirected away from any anti-virus sites, and we can't run any software that might attempt to remove whatever the problem is. So, here is our combofix log file. Hopefully this will tell someone something that I can do to fix this computer! ---------------------------------------------------------------------------------- ComboFix 09-08-10.06 - James Brownrigg 08/18/2009 18:51.3.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.250 [GMT -4:00] Running from: c:\documents and settings\James Brownrigg\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\JAMESB~1\LOCALS~1\Temp\catchme.dll c:\documents and settings\James Brownrigg\Local Settings\Temp\catchme.dll c:\windows\system32\kdpini.dll . ((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 ))))))))))))))))))))))))))))))) . 2009-08-18 22:50 . 2009-08-18 22:50 149522 ------w- c:\windows\system32\da4992ce7f772f5cdced9c69faa08afa.exe 2009-08-18 18:34 . 2009-08-18 18:34 -------- d-----w- c:\documents and settings\James Brownrigg\Local Settings\Application Data\Opera 2009-08-18 18:34 . 2009-08-18 18:34 -------- d-----w- c:\program files\Opera 2009-08-16 23:01 . 2009-08-16 23:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-15 21:22 . 2009-08-15 20:49 848712 ----a-w- C:\avg_free_stb_all_8_32_cnet.exe 2009-08-15 20:29 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-08-15 20:29 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys 2009-08-15 20:29 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-15 20:29 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys 2009-08-12 04:05 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-18 17:54 . 2008-05-08 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-07-16 10:44 . 2009-07-16 10:44 312847 ------w- c:\windows\system32\c28be957c975aefb5e27b3f339b69606.TMP 2009-07-16 10:44 . 2007-04-23 03:30 312847 ------w- c:\windows\system32\edfbcebdddea.dll 2009-07-16 10:44 . 2009-07-16 10:44 278033 ------w- c:\windows\system32\bcfa641acb9b1fa199c53255d5b56b7d.TMP 2009-07-03 22:07 . 2009-07-01 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-03 22:07 . 2009-07-01 15:25 -------- d-----w- c:\program files\NOS 2009-07-03 17:09 . 2004-08-10 17:51 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-01 15:32 . 2007-02-03 00:17 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-01 15:26 . 2009-07-01 15:26 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-07-01 15:25 . 2009-07-01 15:25 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2009-07-01 10:11 . 2009-07-01 10:11 138 ----a-w- c:\documents and settings\James Brownrigg\Local Settings\Application Data\fusioncache.dat 2009-06-16 14:36 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-03 20:17 . 2009-05-28 22:32 205840 ----a-w- c:\windows\system32\kusers.dll 2009-06-03 19:09 . 2004-08-10 17:51 1291264 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-18_19.38.32 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-18 22:45 . 2009-08-18 22:45 16384 c:\windows\temp\Perflib_Perfdata_6e8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-01-31 155648] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-02 26112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-02 98304] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-2 24576] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afaeeddeafa] 2009-05-18 03:49 278033 ------w- c:\windows\system32\afaeeddeafa.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\edfbcebdddea] 2009-07-16 10:44 312847 ------w- c:\windows\system32\edfbcebdddea.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz edApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-18 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-29 23:57] . - - - - ORPHANS REMOVED - - - - HKLM-Run-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe HKLM-Run-MCAgentExe - c:\progra~1\mcafee.com\agent\McAgent.exe . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourcei d=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-18 18:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\fef7a3a5ebf10090ceb6d820b1fffdcc.sys 39936 bytes executable scan completed successfully hidden files: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fef7a3a5ebf10090ceb6d820b1fffd cc] "ImagePath"="system32\fef7a3a5ebf10090ceb6d820b1fffdcc.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(948) c:\windows\system32\afaeeddeafa.dll c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\edfbcebdddea.dll c:\program files\Intel\Wireless\Bin\LgNotify.dll . Completion time: 2009-08-18 19:01 ComboFix-quarantined-files.txt 2009-08-18 23:01 ComboFix2.txt 2009-08-18 20:12 ComboFix3.txt 2009-08-18 19:41 Pre-Run: 24,066,068,480 bytes free Post-Run: 24,026,931,200 bytes free 131 --- E O F --- 2009-08-15 20:32 ----------------------------------------------------------------------------------
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.