-
First, here is my Combofix log:
ComboFix 12-04-10.02 - Mike Hoover 04/13/2012 1:14.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.236 [GMT -4:00]
Running from: c:\temp\ComboFix.exe
Command switches used :: c:\documents and settings\Mike Hoover\Desktop\CFScript.txt
FW: Sunbelt Personal Firewall *Enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
"c:\windows\system32\WS2Fix.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-11 12:00 . 2012-04-11 12:00 1409 ----a-w- c:\windows\QTFont.for
2012-04-10 21:16 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-10 19:55 . 2007-04-26 14:21 302000 ----a-w- c:\windows\system32\drivers\fwdrv.sys
2012-04-08 23:44 . 2012-04-08 23:44 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-08 22:24 . 2008-12-12 06:57 78336 ----a-w- c:\windows\system32\Agent.OMZ.Fix.exe
2012-04-08 22:24 . 2008-11-29 23:58 82944 ----a-w- c:\windows\system32\IEDFix.C.exe
2012-04-08 22:24 . 2008-10-01 19:51 87552 ----a-w- c:\windows\system32\VACFix.exe
2012-04-08 22:24 . 2008-09-20 16:45 80384 ----a-w- c:\windows\system32\o4Patch.exe
2012-04-08 22:24 . 2008-08-18 16:19 82432 ----a-w- c:\windows\system32\404Fix.exe
2012-04-08 22:24 . 2009-06-02 15:17 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2012-04-08 22:24 . 2008-05-19 01:40 82944 ----a-w- c:\windows\system32\IEDFix.exe
2012-04-08 22:24 . 2007-09-06 04:22 289144 ----a-w- c:\windows\system32\VCCLSID.exe
2012-04-08 22:24 . 2006-04-27 21:49 288417 ----a-w- c:\windows\system32\SrchSTS.exe
2012-04-08 22:24 . 2004-07-31 22:50 51200 ----a-w- c:\windows\system32\dumphive.exe
2012-04-08 22:24 . 2003-06-06 01:13 53248 ----a-w- c:\windows\system32\Process.exe
2012-04-08 20:26 . 2012-04-08 20:26 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 23:11 . 2008-03-18 00:11 2786 ----a-w- c:\windows\system32\tmp.reg
2012-04-07 11:34 . 2008-03-18 23:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-07 11:34 . 2010-08-03 01:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-05-01 12:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-25 13:11 . 2011-05-23 10:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2002-08-29 10:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2001-02-27 00:16 . 2010-05-23 01:29 53295 ----a-w- c:\program files\opera\program\plugins\PlugDef.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-10_20.28.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-13 05:59 . 2012-04-13 05:59 16384 c:\windows\Temp\Perflib_Perfdata_170.dat
+ 2003-09-03 00:03 . 2012-04-11 12:05 72160 c:\windows\SYSTEM32\PERFC009.DAT
- 2003-09-03 00:03 . 2012-04-10 20:31 72160 c:\windows\SYSTEM32\PERFC009.DAT
+ 2003-09-03 00:03 . 2012-04-11 12:05 442894 c:\windows\SYSTEM32\PERFH009.DAT
- 2003-09-03 00:03 . 2012-04-10 20:31 442894 c:\windows\SYSTEM32\PERFH009.DAT
+ 2012-04-10 23:13 . 2012-04-10 22:20 248742 c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
+ 2010-05-22 23:53 . 2012-04-10 23:45 1157376 c:\windows\SYSTEM32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-09-26 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-26 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-9-2 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2002-09-30 86016]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
.
R1 fwdrv;Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fwdrv.sys [4/10/2012 3:55 PM 302000]
R1 khips;Kerio HIPS Driver;c:\windows\SYSTEM32\DRIVERS\khips.sys [4/26/2007 10:21 AM 72624]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\SYSTEM32\ngvpnmgr.exe [5/18/2011 2:48 AM 290472]
R3 NgLog;Aventail VPN Logging;c:\windows\SYSTEM32\DRIVERS\nglog.sys [5/18/2011 2:11 AM 27208]
R3 NgVpn;Aventail VPN Adapter;c:\windows\SYSTEM32\DRIVERS\ngvpn.sys [5/18/2011 2:11 AM 81480]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [4/26/2007 10:21 AM 1234480]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]
S3 NgFilter;Aventail VPN Filter;c:\windows\SYSTEM32\DRIVERS\ngfilter.sys [5/18/2011 2:11 AM 23112]
S3 NgWfp;Aventail VPN Callout;c:\windows\SYSTEM32\DRIVERS\ngwfp.sys [5/18/2011 2:11 AM 25160]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
efs
aegisp
nsm1bus
MRENDIS5
NWADI
w70n51
s117bus
ctaud2k
netdevio
rchost
houdiniserver
HFACSVC
ctdvda2k
atikmdag
pciSd
racsvc
defwatch
vpcnfltr
Subsonic
GT680x
sskbfd
aaksrv
zntport
vstor2-ws60
lanusb
procmon10
w810bus
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3448474522-3304514054-2523392379-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-04-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3448474522-3304514054-2523392379-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mike Hoover\Application Data\Mozilla\Firefox\Profiles\h1ofpo0d.default\
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Myibidder (Myibay) Bid Sniper for eBay: firefox1@myibay.com - %profile%\extensions\firefox1@myibay.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-13 02:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1832)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\SCardSvr.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\locator.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
.
**************************************************************************
.
Completion time: 2012-04-13 02:10:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-13 06:10
ComboFix2.txt 2012-04-10 23:00
ComboFix3.txt 2012-04-10 21:53
ComboFix4.txt 2012-04-10 20:36
.
Pre-Run: 50,752,536,576 bytes free
Post-Run: 50,768,814,080 bytes free
.
- - End Of File - - 1D99D33CC6784A9802FE519B092F9A36
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
