Poeticlee
2007-09-14, 17:13
Man this is frustrating. Here is my log file. What do I do now?
ComboFix 07-09-14.2 - "Nick007" 2007-09-14 9:26:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.86 [GMT -5:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
E:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
E:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
E:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
E:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
E:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
E:\DOCUME~1\Nick007\APPLIC~1\WinAntiSpyware 2007
E:\DOCUME~1\Nick007\APPLIC~1\WinAntiSpyware 2007\Logs\update.log
E:\DOCUME~1\Nick007\err.log
E:\DOCUME~1\Nick007\STARTM~1\Programs\Startup.\TA_Start.lnk
E:\DOCUME~1\Nick007\STARTM~1\Programs\Startup\ta_start.lnk
E:\Program Files\Common Files\winantispyware 2007
E:\Program Files\Common Files\winantispyware 2007\err.log
E:\Program Files\Common Files\WinAntiSpyware 2007\err.log
E:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
E:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
E:\WINDOWS\cookies.ini
E:\WINDOWS\system32\baccf.bak1
E:\WINDOWS\system32\baccf.bak2
E:\WINDOWS\system32\baccf.ini
E:\WINDOWS\system32\drivers\fopn.sys
E:\WINDOWS\system32\f02WtR
E:\WINDOWS\system32\f02WtR\f02WtR1065.exe
E:\WINDOWS\system32\fccab.dll
E:\WINDOWS\system32\gjlurdwt.dll
E:\WINDOWS\system32\gwlswfny.exe
E:\WINDOWS\system32\mdqctvgh.exe
E:\WINDOWS\system32\nybxsplv.exe
E:\WINDOWS\system32\qdhojlky.exe
E:\WINDOWS\system32\rhdnmlcd.exe
E:\WINDOWS\system32\vaayfgwt.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.
2007-09-14 09:35 <DIR> d-------- E:\WINDOWS\system32\LogFiles
2007-09-14 09:08 51,200 --a------ E:\WINDOWS\NirCmd.exe
2007-09-14 09:02 24,576 --a------ E:\WINDOWS\system32\VundoFixSVC.exe
2007-09-14 08:39 <DIR> d-------- E:\VundoFix Backups
2007-09-08 07:55 0 --ah----- E:\DOCUME~1\NETWOR~1\hpothb07.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-14 09:35 --------- d-------- E:\Program Files\Plaxo
2007-09-14 09:34 --------- d-------- E:\Program Files\Symantec AntiVirus
2007-09-14 09:34 --------- d-------- E:\DOCUME~1\LOCALS~1\APPLIC~1\VMware
2007-09-14 09:34 --------- d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\VMware
2007-08-22 12:01 --------- d-------- E:\DOCUME~1\Nick007\APPLIC~1\My Battle for Middle-earth Files
2007-08-03 21:15 --------- d-------- E:\Program Files\Picasa2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMOFFICE4DMOUSE"="E:\Program Files\Browser MOUSE\mouse32a.exe" [2004-12-25 10:22]
"AceGain LiveUpdate"="E:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe" [2003-12-31 21:12]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 12:58]
"LWBMOUSE"="E:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-25 23:35]
"ccApp"="E:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="E:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2005-07-16 17:09]
"nwiz"="nwiz.exe" [2005-07-16 17:09 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2005-07-16 17:09]
"eFax 4.2"="E:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 15:36]
"SNPSTD2"="E:\WINDOWS\vsnpstd2.exe" [2004-01-05 18:34]
"SweetIM"="E:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 11:07]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2006-12-05 21:52]
"Picasa Media Detector"="E:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 18:15]
"Verizon_McciTrayApp"="E:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 16:37]
"razertra"="E:\Program Files\Karna\Razer\razertra.exe" [2003-05-29 22:56]
"Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="~E:\Program Files\MSN Messenger\MsnMsgr.exe" []
"PlaxoUpdate"="E:\Program Files\Plaxo\2.13.0.12\PlaxoHelper.exe" [2007-03-06 12:24]
"updateMgr"="E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Yahoo! Pager"="E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 19:11]
"Aim6"="E:\Program Files\AIM6\aim6.exe" [2006-11-07 10:29]
"SweetIM"="E:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 11:07]
"MySpaceIM"="E:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-30 18:31]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
eFax 4.2.lnk - E:\Program Files\eFax Messenger 4.2\J2GTray.exe [2006-09-03 11:50:45]
hp psc 2000 Series.lnk - E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38]
hpoddt01.exe.lnk - E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12]
Kodak EasyShare software.lnk - E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 08:45:28]
E:\DOCUME~1\Nick007\STARTM~1\Programs\Startup\
TrueAssistant.lnk - E:\Program Files\TrueAssistant\TrueAssistant.exe [2005-04-02 07:35:00]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 E:\\WINDOWS\\system32\\fccab
R1 DcCam;Kodak Camera Proxy;E:\WINDOWS\system32\DRIVERS\DcCam.sys
R1 prodrv04;Star Force copy protection driver v4;E:\WINDOWS\system32\drivers\prodrv04.sys
R2 DCFS2K;Kodak DCFS2K Driver;E:\WINDOWS\system32\drivers\dcfs2k.sys
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;E:\WINDOWS\system32\DRIVERS\ADM8511.SYS
S1 Exportit;Exportit;E:\WINDOWS\system32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;E:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;E:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;E:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\E:\WINDOWS\system32\PCTINDIS5.SYS
S3 snpstd2;USB PC Camera (SN9C103);E:\WINDOWS\system32\DRIVERS\snpstd2.sys
.
Contents of the 'Scheduled Tasks' folder
"2006-03-11 00:22:11 E:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1125507112.job"
- E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 09:35:08
Windows 5.1.2600 Service Pack 2, v.2096 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-14 9:37:33 - machine was rebooted
E:\ComboFix-quarantined-files.txt ... 2007-09-14 09:37
.
--- E O F ---
ComboFix 07-09-14.2 - "Nick007" 2007-09-14 9:26:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.86 [GMT -5:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
E:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
E:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
E:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
E:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
E:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
E:\DOCUME~1\Nick007\APPLIC~1\WinAntiSpyware 2007
E:\DOCUME~1\Nick007\APPLIC~1\WinAntiSpyware 2007\Logs\update.log
E:\DOCUME~1\Nick007\err.log
E:\DOCUME~1\Nick007\STARTM~1\Programs\Startup.\TA_Start.lnk
E:\DOCUME~1\Nick007\STARTM~1\Programs\Startup\ta_start.lnk
E:\Program Files\Common Files\winantispyware 2007
E:\Program Files\Common Files\winantispyware 2007\err.log
E:\Program Files\Common Files\WinAntiSpyware 2007\err.log
E:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe
E:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
E:\WINDOWS\cookies.ini
E:\WINDOWS\system32\baccf.bak1
E:\WINDOWS\system32\baccf.bak2
E:\WINDOWS\system32\baccf.ini
E:\WINDOWS\system32\drivers\fopn.sys
E:\WINDOWS\system32\f02WtR
E:\WINDOWS\system32\f02WtR\f02WtR1065.exe
E:\WINDOWS\system32\fccab.dll
E:\WINDOWS\system32\gjlurdwt.dll
E:\WINDOWS\system32\gwlswfny.exe
E:\WINDOWS\system32\mdqctvgh.exe
E:\WINDOWS\system32\nybxsplv.exe
E:\WINDOWS\system32\qdhojlky.exe
E:\WINDOWS\system32\rhdnmlcd.exe
E:\WINDOWS\system32\vaayfgwt.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.
2007-09-14 09:35 <DIR> d-------- E:\WINDOWS\system32\LogFiles
2007-09-14 09:08 51,200 --a------ E:\WINDOWS\NirCmd.exe
2007-09-14 09:02 24,576 --a------ E:\WINDOWS\system32\VundoFixSVC.exe
2007-09-14 08:39 <DIR> d-------- E:\VundoFix Backups
2007-09-08 07:55 0 --ah----- E:\DOCUME~1\NETWOR~1\hpothb07.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-14 09:35 --------- d-------- E:\Program Files\Plaxo
2007-09-14 09:34 --------- d-------- E:\Program Files\Symantec AntiVirus
2007-09-14 09:34 --------- d-------- E:\DOCUME~1\LOCALS~1\APPLIC~1\VMware
2007-09-14 09:34 --------- d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\VMware
2007-08-22 12:01 --------- d-------- E:\DOCUME~1\Nick007\APPLIC~1\My Battle for Middle-earth Files
2007-08-03 21:15 --------- d-------- E:\Program Files\Picasa2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMOFFICE4DMOUSE"="E:\Program Files\Browser MOUSE\mouse32a.exe" [2004-12-25 10:22]
"AceGain LiveUpdate"="E:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe" [2003-12-31 21:12]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 12:58]
"LWBMOUSE"="E:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe" [2001-03-25 23:35]
"ccApp"="E:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="E:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2005-07-16 17:09]
"nwiz"="nwiz.exe" [2005-07-16 17:09 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2005-07-16 17:09]
"eFax 4.2"="E:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 15:36]
"SNPSTD2"="E:\WINDOWS\vsnpstd2.exe" [2004-01-05 18:34]
"SweetIM"="E:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 11:07]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2006-12-05 21:52]
"Picasa Media Detector"="E:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 18:15]
"Verizon_McciTrayApp"="E:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 16:37]
"razertra"="E:\Program Files\Karna\Razer\razertra.exe" [2003-05-29 22:56]
"Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="~E:\Program Files\MSN Messenger\MsnMsgr.exe" []
"PlaxoUpdate"="E:\Program Files\Plaxo\2.13.0.12\PlaxoHelper.exe" [2007-03-06 12:24]
"updateMgr"="E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Yahoo! Pager"="E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-01 19:11]
"Aim6"="E:\Program Files\AIM6\aim6.exe" [2006-11-07 10:29]
"SweetIM"="E:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 11:07]
"MySpaceIM"="E:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-30 18:31]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=E:\Program Files\MySpace\IM\MySpaceIM.exe
E:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
eFax 4.2.lnk - E:\Program Files\eFax Messenger 4.2\J2GTray.exe [2006-09-03 11:50:45]
hp psc 2000 Series.lnk - E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38]
hpoddt01.exe.lnk - E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12]
Kodak EasyShare software.lnk - E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 08:45:28]
E:\DOCUME~1\Nick007\STARTM~1\Programs\Startup\
TrueAssistant.lnk - E:\Program Files\TrueAssistant\TrueAssistant.exe [2005-04-02 07:35:00]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 E:\\WINDOWS\\system32\\fccab
R1 DcCam;Kodak Camera Proxy;E:\WINDOWS\system32\DRIVERS\DcCam.sys
R1 prodrv04;Star Force copy protection driver v4;E:\WINDOWS\system32\drivers\prodrv04.sys
R2 DCFS2K;Kodak DCFS2K Driver;E:\WINDOWS\system32\drivers\dcfs2k.sys
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;E:\WINDOWS\system32\DRIVERS\ADM8511.SYS
S1 Exportit;Exportit;E:\WINDOWS\system32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;E:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;E:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;E:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\E:\WINDOWS\system32\PCTINDIS5.SYS
S3 snpstd2;USB PC Camera (SN9C103);E:\WINDOWS\system32\DRIVERS\snpstd2.sys
.
Contents of the 'Scheduled Tasks' folder
"2006-03-11 00:22:11 E:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1125507112.job"
- E:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 09:35:08
Windows 5.1.2600 Service Pack 2, v.2096 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-14 9:37:33 - machine was rebooted
E:\ComboFix-quarantined-files.txt ... 2007-09-14 09:37
.
--- E O F ---