genki
2009-04-12, 13:15
Hey Guys!
I am actually having some problems. I got a virus on my computer that I think I already cleaned it, but I am having some problems, I can not burn my data on a dvd nor I can use usbs or the local wirless network! And when I open my msn, it keeps sending people .exe files but show it as a picture file format! I used combo fix and it gave me the following report:
ComboFix 09-04-04.01 - Home 2009-04-12 12:43:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.586 [GMT 3:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Home\LOCALS~1\Temp\install_flash_player.exe
c:\windows\system32\jefiyuna.dll
c:\windows\system32\ojepumiv.ini
c:\windows\system32\vimupejo.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.
2009-04-12 12:15 . 2009-04-12 12:15 <DIR> d-------- c:\windows\LastGood.Tmp
2009-04-12 10:43 . 2009-04-12 11:12 <DIR> d-------- c:\windows\system32\NtmsData
2009-04-11 15:42 . 2009-04-11 16:31 108,032 --------- C:\paret2.exe
2009-04-11 12:02 . 2009-04-11 13:37 81,920 --a------ c:\windows\system32\ftp_non_crp.exe
2009-04-11 10:29 . 2009-04-12 12:46 109,010 --a------ c:\windows\system32\drivers\5738aad2.sys
2009-04-11 10:28 . 2009-04-11 10:28 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-04-10 23:08 . 2009-04-10 16:18 38,962 -r-hs---- c:\windows\fxsteller.exe
2009-04-07 11:48 . 2009-04-07 11:48 <DIR> d-------- c:\program files\iTunes
2009-04-07 11:48 . 2009-04-07 11:48 <DIR> d-------- c:\program files\iPod
2009-04-07 11:48 . 2009-04-07 11:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-02 16:43 . 2009-04-02 16:46 139,264 --a------ c:\windows\War3Unin.exe
2009-04-02 16:43 . 2009-04-06 10:45 1,404 --a------ c:\windows\War3Unin.dat
2009-04-01 09:43 . 2009-04-12 12:46 <DIR> d-------- c:\documents and settings\Home\Tracing
2009-04-01 09:42 . 2009-04-01 09:42 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-04-01 09:42 . 2009-04-03 09:14 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-04-01 09:42 . 2009-04-01 09:42 <DIR> d-------- c:\program files\Microsoft
2009-04-01 09:34 . 2009-04-01 09:34 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-30 18:38 . 2009-03-30 18:38 <DIR> d-------- c:\windows\GRE Red & Blue Bible
2009-03-30 18:38 . 2009-03-30 23:09 <DIR> d-------- C:\GRE Red & Blue Bible
2009-03-30 18:08 . 2009-03-30 18:08 <DIR> d-------- c:\program files\GreBible
2009-03-27 23:56 . 2009-03-27 23:56 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-27 23:53 . 2009-03-27 23:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-27 23:52 . 2009-03-27 23:53 <DIR> d--h-c--- c:\windows\ie8
2009-03-23 16:03 . 2009-04-12 11:19 49 --a------ c:\windows\NeroDigital.ini
2009-03-22 13:33 . 2009-04-12 12:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-03-22 12:44 . 2009-03-22 12:45 <DIR> d-------- c:\documents and settings\Home\Application Data\Ahead
2009-03-22 12:38 . 2009-03-22 12:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-03-22 12:34 . 2009-03-22 12:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-03-16 12:59 . 2009-03-16 12:59 <DIR> d-------- c:\program files\BrainWave Generator
2009-03-12 16:21 . 2009-03-12 16:26 189,784 --a------ c:\windows\system32\PnkBstrB.xtr
2009-03-12 16:08 . 2009-03-26 11:14 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-12 14:00 . 2009-03-18 14:17 145,874 --a------ c:\windows\Me.xml
2009-03-12 10:57 . 2009-03-12 10:57 73 --a------ c:\windows\userList.xml
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 09:46 --------- d-----w c:\program files\DNA
2009-04-12 09:46 --------- d-----w c:\documents and settings\Home\Application Data\DNA
2009-04-12 09:28 --------- d-----w c:\documents and settings\Home\Application Data\BitTorrent
2009-04-11 07:32 --------- d-----w c:\program files\Garena
2009-04-10 17:09 --------- d-----w c:\program files\ESET
2009-04-07 08:48 --------- d-----w c:\program files\Common Files\Apple
2009-04-06 11:34 --------- d-----w c:\program files\Warcraft III
2009-04-01 06:41 --------- d-----w c:\program files\Windows Live
2009-03-28 06:50 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-27 20:53 --------- d-----w c:\program files\Yahoo!
2009-03-26 08:10 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-26 08:10 22,328 ----a-w c:\documents and settings\Home\Application Data\PnkBstrK.sys
2009-03-22 10:49 --------- d-----w c:\program files\Google
2009-03-22 09:38 --------- d-----w c:\program files\Common Files\Ahead
2009-03-22 09:28 --------- d-----w c:\documents and settings\Home\Application Data\CyberLink
2009-03-22 09:28 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-03-19 13:32 23,400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-07 06:29 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-26 09:39 --------- d-----w c:\documents and settings\Home\Application Data\id Software
2009-02-25 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\id Software
2009-02-23 12:57 --------- d-----w c:\documents and settings\Home\Application Data\DiskAid
2009-02-14 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\foldit
2009-02-14 12:41 --------- d-----w c:\program files\foldit
2009-02-13 16:03 --------- d-----w c:\program files\Bonjour
2009-02-07 16:24 34 ----a-w c:\documents and settings\Home\jagex_runescape_preferences.dat
2009-01-02 08:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122220081229\index.dat
2009-01-02 08:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009010220090103\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-26 342848]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-04 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-21 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-21 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-08 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 600896]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-02-24 196709]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-24 185872]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-24 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" [2007-05-21 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"Registration"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\quake 3 arena\\Copy of quake3.exe"=
"d:\\quake 3 arena\\quake3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ESET\\nod32krn.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-24 15424]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 gupdate1c9aadbc5ad8394;Google Update Service (gupdate1c9aadbc5ad8394);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 133104]
S3 garenapengine;GarenaPEngine;\??\c:\docume~1\Home\LOCALS~1\Temp\VSY71.tmp --> c:\docume~1\Home\LOCALS~1\Temp\VSY71.tmp [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2009-04-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 13:48]
2009-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2111687655-839522115-1003.job
- c:\documents and settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-04 22:20]
.
- - - - ORPHANS REMOVED - - - -
BHO-{1622f98a-2c77-4545-974a-1ebda4ef8b04} - c:\windows\system32\buvoyaki.dll
HKLM-Run-paromufinu - c:\windows\system32\piwihivo.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 12:46:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxmxewqbit]
"imagepath"="\systemroot\system32\drivers\ovfsthxufjxumas.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\garenapengine]
"ImagePath"="\??\c:\docume~1\Home\LOCALS~1\Temp\VSY71.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5738aad2]
"ImagePath"="\SystemRoot\System32\drivers\5738aad2.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\s-1-5-21-1644491937-2111687655-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-12 12:47:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-12 09:47:29
Pre-Run: 39,582,023,680 bytes free
Post-Run: 40,976,605,184 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
215 --- E O F --- 2009-04-02 20:59:10
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )
I am actually having some problems. I got a virus on my computer that I think I already cleaned it, but I am having some problems, I can not burn my data on a dvd nor I can use usbs or the local wirless network! And when I open my msn, it keeps sending people .exe files but show it as a picture file format! I used combo fix and it gave me the following report:
ComboFix 09-04-04.01 - Home 2009-04-12 12:43:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1021.586 [GMT 3:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Home\LOCALS~1\Temp\install_flash_player.exe
c:\windows\system32\jefiyuna.dll
c:\windows\system32\ojepumiv.ini
c:\windows\system32\vimupejo.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-12 to 2009-04-12 )))))))))))))))))))))))))))))))
.
2009-04-12 12:15 . 2009-04-12 12:15 <DIR> d-------- c:\windows\LastGood.Tmp
2009-04-12 10:43 . 2009-04-12 11:12 <DIR> d-------- c:\windows\system32\NtmsData
2009-04-11 15:42 . 2009-04-11 16:31 108,032 --------- C:\paret2.exe
2009-04-11 12:02 . 2009-04-11 13:37 81,920 --a------ c:\windows\system32\ftp_non_crp.exe
2009-04-11 10:29 . 2009-04-12 12:46 109,010 --a------ c:\windows\system32\drivers\5738aad2.sys
2009-04-11 10:28 . 2009-04-11 10:28 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-04-10 23:08 . 2009-04-10 16:18 38,962 -r-hs---- c:\windows\fxsteller.exe
2009-04-07 11:48 . 2009-04-07 11:48 <DIR> d-------- c:\program files\iTunes
2009-04-07 11:48 . 2009-04-07 11:48 <DIR> d-------- c:\program files\iPod
2009-04-07 11:48 . 2009-04-07 11:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-02 16:43 . 2009-04-02 16:46 139,264 --a------ c:\windows\War3Unin.exe
2009-04-02 16:43 . 2009-04-06 10:45 1,404 --a------ c:\windows\War3Unin.dat
2009-04-01 09:43 . 2009-04-12 12:46 <DIR> d-------- c:\documents and settings\Home\Tracing
2009-04-01 09:42 . 2009-04-01 09:42 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-04-01 09:42 . 2009-04-03 09:14 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-04-01 09:42 . 2009-04-01 09:42 <DIR> d-------- c:\program files\Microsoft
2009-04-01 09:34 . 2009-04-01 09:34 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-30 18:38 . 2009-03-30 18:38 <DIR> d-------- c:\windows\GRE Red & Blue Bible
2009-03-30 18:38 . 2009-03-30 23:09 <DIR> d-------- C:\GRE Red & Blue Bible
2009-03-30 18:08 . 2009-03-30 18:08 <DIR> d-------- c:\program files\GreBible
2009-03-27 23:56 . 2009-03-27 23:56 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-27 23:53 . 2009-03-27 23:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-27 23:52 . 2009-03-27 23:53 <DIR> d--h-c--- c:\windows\ie8
2009-03-23 16:03 . 2009-04-12 11:19 49 --a------ c:\windows\NeroDigital.ini
2009-03-22 13:33 . 2009-04-12 12:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-03-22 12:44 . 2009-03-22 12:45 <DIR> d-------- c:\documents and settings\Home\Application Data\Ahead
2009-03-22 12:38 . 2009-03-22 12:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-03-22 12:34 . 2009-03-22 12:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-03-16 12:59 . 2009-03-16 12:59 <DIR> d-------- c:\program files\BrainWave Generator
2009-03-12 16:21 . 2009-03-12 16:26 189,784 --a------ c:\windows\system32\PnkBstrB.xtr
2009-03-12 16:08 . 2009-03-26 11:14 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-12 14:00 . 2009-03-18 14:17 145,874 --a------ c:\windows\Me.xml
2009-03-12 10:57 . 2009-03-12 10:57 73 --a------ c:\windows\userList.xml
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 09:46 --------- d-----w c:\program files\DNA
2009-04-12 09:46 --------- d-----w c:\documents and settings\Home\Application Data\DNA
2009-04-12 09:28 --------- d-----w c:\documents and settings\Home\Application Data\BitTorrent
2009-04-11 07:32 --------- d-----w c:\program files\Garena
2009-04-10 17:09 --------- d-----w c:\program files\ESET
2009-04-07 08:48 --------- d-----w c:\program files\Common Files\Apple
2009-04-06 11:34 --------- d-----w c:\program files\Warcraft III
2009-04-01 06:41 --------- d-----w c:\program files\Windows Live
2009-03-28 06:50 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-27 20:53 --------- d-----w c:\program files\Yahoo!
2009-03-26 08:10 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-26 08:10 22,328 ----a-w c:\documents and settings\Home\Application Data\PnkBstrK.sys
2009-03-22 10:49 --------- d-----w c:\program files\Google
2009-03-22 09:38 --------- d-----w c:\program files\Common Files\Ahead
2009-03-22 09:28 --------- d-----w c:\documents and settings\Home\Application Data\CyberLink
2009-03-22 09:28 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-03-19 13:32 23,400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-07 06:29 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-26 09:39 --------- d-----w c:\documents and settings\Home\Application Data\id Software
2009-02-25 10:35 --------- d-----w c:\documents and settings\All Users\Application Data\id Software
2009-02-23 12:57 --------- d-----w c:\documents and settings\Home\Application Data\DiskAid
2009-02-14 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\foldit
2009-02-14 12:41 --------- d-----w c:\program files\foldit
2009-02-13 16:03 --------- d-----w c:\program files\Bonjour
2009-02-07 16:24 34 ----a-w c:\documents and settings\Home\jagex_runescape_preferences.dat
2009-01-02 08:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122220081229\index.dat
2009-01-02 08:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009010220090103\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-26 342848]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-04 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-21 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-21 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-08 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 600896]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-02-24 196709]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-24 185872]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-24 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"nwiz"="nwiz.exe" [2007-05-21 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"Registration"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\quake 3 arena\\Copy of quake3.exe"=
"d:\\quake 3 arena\\quake3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ESET\\nod32krn.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-24 15424]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 gupdate1c9aadbc5ad8394;Google Update Service (gupdate1c9aadbc5ad8394);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 133104]
S3 garenapengine;GarenaPEngine;\??\c:\docume~1\Home\LOCALS~1\Temp\VSY71.tmp --> c:\docume~1\Home\LOCALS~1\Temp\VSY71.tmp [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2009-04-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 13:48]
2009-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2111687655-839522115-1003.job
- c:\documents and settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-04 22:20]
.
- - - - ORPHANS REMOVED - - - -
BHO-{1622f98a-2c77-4545-974a-1ebda4ef8b04} - c:\windows\system32\buvoyaki.dll
HKLM-Run-paromufinu - c:\windows\system32\piwihivo.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 12:46:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxmxewqbit]
"imagepath"="\systemroot\system32\drivers\ovfsthxufjxumas.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\garenapengine]
"ImagePath"="\??\c:\docume~1\Home\LOCALS~1\Temp\VSY71.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\5738aad2]
"ImagePath"="\SystemRoot\System32\drivers\5738aad2.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\s-1-5-21-1644491937-2111687655-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-12 12:47:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-12 09:47:29
Pre-Run: 39,582,023,680 bytes free
Post-Run: 40,976,605,184 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
215 --- E O F --- 2009-04-02 20:59:10
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )