snaptop
2008-04-16, 03:21
i have tried different fixes including 2 different vundo fix, vundo be gone. they dont detect anything but when i go and run spybot it detects it. i delete it and i comes back....
i ran the combo fix but dont know if ity fixes it, it doesnt say it did... i will run spy bot again to see if it detects it... below is the log i got after the combo fix finished...
any other ideas?
thanks!!
ComboFix 08-04-15.1 - CLAUDIA CRUZ 2008-04-15 16:58:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.237 [GMT -7:00]
Running from: C:\Documents and Settings\CLAUDIA CRUZ.CLAUDIA\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\209789\209789.dll
C:\WINDOWS\system32\blodqalp.dll
C:\WINDOWS\system32\gykmhfww.dll
C:\WINDOWS\system32\kbfonorw.ini
C:\WINDOWS\system32\kSruxyay.ini
C:\WINDOWS\system32\kSruxyay.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mVvuxyay.ini
C:\WINDOWS\system32\mVvuxyay.ini2
C:\WINDOWS\system32\njebssfy.dll
C:\WINDOWS\system32\nqqhdmhn.dll
C:\WINDOWS\system32\orrYaccf.ini
C:\WINDOWS\system32\orrYaccf.ini2
C:\WINDOWS\system32\pgdujfjp.dll
C:\WINDOWS\system32\plaqdolb.ini
C:\WINDOWS\system32\pnjaiaxs.ini
C:\WINDOWS\system32\RqXxyGgh.ini
C:\WINDOWS\system32\RqXxyGgh.ini2
C:\WINDOWS\system32\sxaiajnp.dll
C:\WINDOWS\system32\yayxuvVm.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.
2008-04-15 12:10 . 2008-04-15 12:10 <DIR> d-------- C:\VundoFix Backups
2008-04-15 12:00 . 2008-04-15 12:00 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-15 11:19 . 2008-01-09 10:35 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-04-15 11:19 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-04-15 11:17 . 2008-04-15 11:17 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-04-15 11:16 . 2008-04-15 11:16 <DIR> d-------- C:\Program Files\Raxco
2008-04-15 11:16 . 2008-04-15 11:16 <DIR> d-------- C:\Program Files\CA
2008-04-15 11:16 . 2008-04-15 11:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-04-15 11:15 . 2008-04-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-04-15 11:10 . 2008-04-15 11:10 <DIR> d-------- C:\Documents and Settings\CLAUDIA CRUZ.CLAUDIA\Application Data\InstallShield
2008-04-15 11:07 . 2008-04-15 11:14 <DIR> d-------- C:\Program Files\Verizon
2008-04-15 11:07 . 2008-04-15 12:01 <DIR> d-------- C:\Documents and Settings\CLAUDIA CRUZ.CLAUDIA\Application Data\Verizon
2008-04-15 11:07 . 2008-04-15 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Verizon
2008-04-15 10:28 . 2008-04-15 10:33 <DIR> d-------- C:\fixwareout
2008-04-15 10:17 . 2008-04-15 10:17 5,016 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-15 10:05 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-15 10:05 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-15 10:05 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-15 10:05 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-15 10:05 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-15 10:05 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-15 09:09 . 2008-04-15 09:09 272,384 --a------ C:\WINDOWS\system32\hgGyxXqR.dll_old
2008-04-14 20:33 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-14 20:33 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-14 19:07 . 2008-04-14 20:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-14 19:07 . 2008-04-14 19:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-14 15:44 . 2008-04-14 15:44 3,648 --a------ C:\WINDOWS\system32\harxoltt.dll
2008-04-14 15:42 . 2008-04-14 15:42 3,648 --a------ C:\WINDOWS\system32\cgtdmecp.dll
2008-04-14 06:08 . 2008-04-14 15:42 1,416,528 --ahs---- C:\WINDOWS\system32\fpkgjmkx.ini
2008-04-13 13:04 . 2008-04-13 13:04 3,648 --a------ C:\WINDOWS\system32\khwnnjbp.dll
2008-04-13 13:02 . 2008-04-15 15:37 101,091 --a------ C:\WINDOWS\BMb78e940f.xml
2008-04-13 12:56 . 2008-04-13 12:56 37,376 --a------ C:\WINDOWS\system32\yayaBQIy.dll.vir
2008-04-05 19:46 . 2008-04-15 17:02 <DIR> d-------- C:\WINDOWS\system32\209789
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-15 22:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-15 20:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-15 18:48 --------- d-----w C:\Program Files\Symantec
2008-04-15 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-15 18:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 02:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 14:33 5,622 ----a-w C:\Documents and Settings\RUDY RAYES\Application Data\wklnhst.dat
2008-04-03 00:36 --------- d-----w C:\Program Files\Nick Arcade
2008-03-26 01:26 2,342 ----a-w C:\Documents and Settings\CLAUDIA CRUZ.CLAUDIA\Application Data\wklnhst.dat
2008-03-07 05:34 --------- d-----w C:\Program Files\iTunes
2008-03-07 05:34 --------- d-----w C:\Program Files\iPod
2008-03-07 05:32 --------- d-----w C:\Program Files\QuickTime
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9102A329-D6E9-4CB1-8790-7D50D526DF1D}]
C:\WINDOWS\system32\hgGyxXqR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A56D8AB9-41DE-4679-AAA5-EE16496169C1}]
C:\WINDOWS\system32\yayxurSk.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 17:10 61168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-08-10 11:23 356352]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 20:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 19:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 20:03 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 16:17 88358 C:\WINDOWS\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2005-05-31 21:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 14:03 1077301]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 16:13 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 17:37 151552]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 12:27 385024]
"CFSServ.exe"="CFSServ.exe" []
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [2005-02-01 20:00 98304]
"EPSON Stylus CX4800 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [2005-02-01 20:00 98304]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 05:00 143360]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 13:03 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 17:10 318704]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2008-02-26 17:11 13552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 17:10 61168]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-07-28 13:56:17 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 12:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpywareShield]
C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyShredder]
C:\Program Files\SpyShredder\SpyShredder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-14 15:26 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-14 15:28 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-11 10:05]
S3 Radialpoint Security Services;Verizon Internet Security Suite;"C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe" [2008-02-26 17:10]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-05-30 18:28]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-07 05:21:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 17:13:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
.
**************************************************************************
.
Completion time: 2008-04-15 17:16:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 00:16:48
Pre-Run: 87,956,754,432 bytes free
Post-Run: 88,237,187,072 bytes free
.
2008-03-15 23:44:09 --- E O F ---
i ran the combo fix but dont know if ity fixes it, it doesnt say it did... i will run spy bot again to see if it detects it... below is the log i got after the combo fix finished...
any other ideas?
thanks!!
ComboFix 08-04-15.1 - CLAUDIA CRUZ 2008-04-15 16:58:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.237 [GMT -7:00]
Running from: C:\Documents and Settings\CLAUDIA CRUZ.CLAUDIA\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\209789\209789.dll
C:\WINDOWS\system32\blodqalp.dll
C:\WINDOWS\system32\gykmhfww.dll
C:\WINDOWS\system32\kbfonorw.ini
C:\WINDOWS\system32\kSruxyay.ini
C:\WINDOWS\system32\kSruxyay.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mVvuxyay.ini
C:\WINDOWS\system32\mVvuxyay.ini2
C:\WINDOWS\system32\njebssfy.dll
C:\WINDOWS\system32\nqqhdmhn.dll
C:\WINDOWS\system32\orrYaccf.ini
C:\WINDOWS\system32\orrYaccf.ini2
C:\WINDOWS\system32\pgdujfjp.dll
C:\WINDOWS\system32\plaqdolb.ini
C:\WINDOWS\system32\pnjaiaxs.ini
C:\WINDOWS\system32\RqXxyGgh.ini
C:\WINDOWS\system32\RqXxyGgh.ini2
C:\WINDOWS\system32\sxaiajnp.dll
C:\WINDOWS\system32\yayxuvVm.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.
2008-04-15 12:10 . 2008-04-15 12:10 <DIR> d-------- C:\VundoFix Backups
2008-04-15 12:00 . 2008-04-15 12:00 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-15 11:19 . 2008-01-09 10:35 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-04-15 11:19 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-04-15 11:17 . 2008-04-15 11:17 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-04-15 11:16 . 2008-04-15 11:16 <DIR> d-------- C:\Program Files\Raxco
2008-04-15 11:16 . 2008-04-15 11:16 <DIR> d-------- C:\Program Files\CA
2008-04-15 11:16 . 2008-04-15 11:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-04-15 11:15 . 2008-04-15 12:00 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-04-15 11:10 . 2008-04-15 11:10 <DIR> d-------- C:\Documents and Settings\CLAUDIA CRUZ.CLAUDIA\Application Data\InstallShield
2008-04-15 11:07 . 2008-04-15 11:14 <DIR> d-------- C:\Program Files\Verizon
2008-04-15 11:07 . 2008-04-15 12:01 <DIR> d-------- C:\Documents and Settings\CLAUDIA CRUZ.CLAUDIA\Application Data\Verizon
2008-04-15 11:07 . 2008-04-15 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Verizon
2008-04-15 10:28 . 2008-04-15 10:33 <DIR> d-------- C:\fixwareout
2008-04-15 10:17 . 2008-04-15 10:17 5,016 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-15 10:05 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-15 10:05 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-15 10:05 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-15 10:05 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-15 10:05 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-15 10:05 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-15 09:09 . 2008-04-15 09:09 272,384 --a------ C:\WINDOWS\system32\hgGyxXqR.dll_old
2008-04-14 20:33 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-14 20:33 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-14 19:07 . 2008-04-14 20:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-14 19:07 . 2008-04-14 19:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-14 15:44 . 2008-04-14 15:44 3,648 --a------ C:\WINDOWS\system32\harxoltt.dll
2008-04-14 15:42 . 2008-04-14 15:42 3,648 --a------ C:\WINDOWS\system32\cgtdmecp.dll
2008-04-14 06:08 . 2008-04-14 15:42 1,416,528 --ahs---- C:\WINDOWS\system32\fpkgjmkx.ini
2008-04-13 13:04 . 2008-04-13 13:04 3,648 --a------ C:\WINDOWS\system32\khwnnjbp.dll
2008-04-13 13:02 . 2008-04-15 15:37 101,091 --a------ C:\WINDOWS\BMb78e940f.xml
2008-04-13 12:56 . 2008-04-13 12:56 37,376 --a------ C:\WINDOWS\system32\yayaBQIy.dll.vir
2008-04-05 19:46 . 2008-04-15 17:02 <DIR> d-------- C:\WINDOWS\system32\209789
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-15 22:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-15 20:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-15 18:48 --------- d-----w C:\Program Files\Symantec
2008-04-15 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-15 18:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 02:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 14:33 5,622 ----a-w C:\Documents and Settings\RUDY RAYES\Application Data\wklnhst.dat
2008-04-03 00:36 --------- d-----w C:\Program Files\Nick Arcade
2008-03-26 01:26 2,342 ----a-w C:\Documents and Settings\CLAUDIA CRUZ.CLAUDIA\Application Data\wklnhst.dat
2008-03-07 05:34 --------- d-----w C:\Program Files\iTunes
2008-03-07 05:34 --------- d-----w C:\Program Files\iPod
2008-03-07 05:32 --------- d-----w C:\Program Files\QuickTime
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9102A329-D6E9-4CB1-8790-7D50D526DF1D}]
C:\WINDOWS\system32\hgGyxXqR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A56D8AB9-41DE-4679-AAA5-EE16496169C1}]
C:\WINDOWS\system32\yayxurSk.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 17:10 61168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-08-10 11:23 356352]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 20:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 19:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 20:03 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 16:17 88358 C:\WINDOWS\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2005-05-31 21:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 14:03 1077301]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 16:13 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 17:37 151552]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 12:27 385024]
"CFSServ.exe"="CFSServ.exe" []
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [2005-02-01 20:00 98304]
"EPSON Stylus CX4800 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.exe" [2005-02-01 20:00 98304]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 05:00 143360]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 13:03 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 17:10 318704]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2008-02-26 17:11 13552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 17:10 61168]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-07-28 13:56:17 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 12:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpywareShield]
C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyShredder]
C:\Program Files\SpyShredder\SpyShredder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-14 15:26 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-14 15:28 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-11 10:05]
S3 Radialpoint Security Services;Verizon Internet Security Suite;"C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe" [2008-02-26 17:10]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-05-30 18:28]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-07 05:21:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 17:13:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
.
**************************************************************************
.
Completion time: 2008-04-15 17:16:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 00:16:48
Pre-Run: 87,956,754,432 bytes free
Post-Run: 88,237,187,072 bytes free
.
2008-03-15 23:44:09 --- E O F ---