Hi Blade81,
Thanks for replying to my previous thread:
http://forums.spybot.info/showthread...947#post166947
I was unable to respond during the week as I didn't have internet access.
I have posted a ComboFix log and fresh HJT report.
My computer is running a LOT faster now! Thanks
---------------------------------------------------
ComboFix 08-03-01.3 - Will 2008-03-02 7:31:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.707 [GMT -6:00]
Running from: C:\Documents and Settings\Will\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\inetget2
C:\Program Files\Internet Explorer\kometoh89104.dll
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\b154.exe
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M0611NetInstaller.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\csxgrduy.dll
C:\WINDOWS\system32\cvfupaga.dll
C:\WINDOWS\system32\dfeulfpl.dll
C:\WINDOWS\system32\dfeulfpl.dllbox
C:\WINDOWS\system32\dtmlhrcs.dll
C:\WINDOWS\system32\efcdefe.dll
C:\WINDOWS\system32\ehymavre.dll
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\ldlsluuy.dll
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\mpapxvko.dll
C:\WINDOWS\system32\mvqpmurw.ini
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\nhorqaoo.dll
C:\WINDOWS\system32\nmbhfwst.dll
C:\WINDOWS\system32\ooaqrohn.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pbhrimdt.dll
C:\WINDOWS\system32\rdgvjqhj.dll
C:\WINDOWS\system32\sifpowav.dll
C:\WINDOWS\system32\soonsimf.dll
C:\WINDOWS\system32\stltlblk.dll
C:\WINDOWS\system32\twnqljqi.ini
C:\WINDOWS\system32\uwjifvwb.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\yuulsldl.ini
.
((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.
2008-03-02 07:18 . 2008-03-02 07:18 <DIR> d-------- C:\Program Files\NoDNS
2008-03-02 07:13 . 2008-03-02 07:13 <DIR> d-------- C:\Program Files\xInsIDE
2008-02-24 09:10 . 2008-02-24 12:22 414 ---hs---- C:\WINDOWS\system32\nllioolv.ini
2008-02-21 21:18 . 2008-02-21 21:18 <DIR> d-------- C:\Program Files\JavaCore
2008-02-21 20:54 . 2008-03-01 19:27 114 --a------ C:\WINDOWS\BMa3950624.xml
2008-02-21 20:54 . 2008-03-02 07:32 21 --a------ C:\WINDOWS\pskt.ini
2008-02-17 18:48 . 2008-02-17 18:48 <DIR> d-------- C:\WINDOWS\system32\zx8
2008-02-17 18:48 . 2008-02-17 18:48 <DIR> d-------- C:\WINDOWS\system32\pu1
2008-02-17 18:48 . 2008-02-17 18:48 <DIR> d-------- C:\WINDOWS\system32\ez2
2008-02-17 18:40 . 2008-02-17 18:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-17 18:40 . 2008-02-17 18:40 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 13:53 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-01-27 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-27 19:07 --------- d-----w C:\Documents and Settings\Will\Application Data\Skype
2007-10-05 16:39 56 --sh--r C:\WINDOWS\system32\991FF2E89D.sys
2007-10-05 16:39 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-05-23 13:33 1506544]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 15:46 135168]
"xInsIDE"="C:\Program Files\xInsIDE\xInsIDE.exe" [2008-03-02 07:13 53248]
"JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [2008-02-21 21:18 144896]
"NoDNS"="C:\Program Files\\NoDNS\\NoDNS.exe" [2008-03-02 07:18 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48 32881]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 23:23 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 13:35 536576]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 13:59 385024]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 00:02 86016]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12 473928]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-12-05 15:24 106571]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36 114688]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]
C:\Documents and Settings\Will\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
Konfabulator.lnk - C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe [2005-07-25 01:50:52 1286144]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-07 01:04:44 24576]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2005-07-18 21:12:51 315392]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 12:23:32 51776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 15:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 04:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-28 08:14 270648 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2005-05-23 13:33 1506544 C:\Program Files\Spyware Doctor\swdoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sticky Pad]
--a------ 2007-04-23 22:13 528441 C:\Program Files\StickyPad\StickyPad.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12664:TCP"= 12664:TCP:BitComet 12664 TCP
"12664:UDP"= 12664:UDP:BitComet 12664 UDP
R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 08:15]
R2 BackWeb Client - 7681197;F-Secure BackWeb;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2005-10-28 14:06]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 16:52]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2004-04-21 07:54]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2003-02-06 11:32]
R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-12-05 15:24]
R2 ssoftnt4;ssoftnt4;C:\WINDOWS\system32\Drivers\ssoftnt4.sys [2004-05-21 00:30]
R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys [2004-05-21 18:18]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\NTPASp50.sys [2004-12-02 12:13]
.
Contents of the 'Scheduled Tasks' folder
"2007-08-31 00:57:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-09-30 19:57:28 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
"2008-02-24 15:31:37 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 07:52:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\NoDNS\NoDNS.exe
.
**************************************************************************
.
Completion time: 2008-03-02 7:57:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-02 13:56:59
.
2008-02-16 19:44:56 --- E O F ---