Ugent Help Needed!

Discussion in 'Computer Science & Culture' started by The Flemster, Oct 19, 2008.

Thread Status:
Not open for further replies.
  1. MacGyver1968 Fixin' Shit that Ain't Broke Valued Senior Member

    Messages:
    7,028
    reboot windows in normal mode...and double click and run combofix from your desktop.
     
  2. Google AdSense Guest Advertisement



    to hide all adverts.
  3. The Flemster Registered abuser Registered Senior Member

    Messages:
    700
    I dont think its working. I'm following the instructions on Bleepingcomputer, dragging the boot disk over it, but it still wont run. Bollocks!
     
  4. Google AdSense Guest Advertisement



    to hide all adverts.
  5. The Flemster Registered abuser Registered Senior Member

    Messages:
    700
    How do I reboot into Normal Mode?
     
  6. Google AdSense Guest Advertisement



    to hide all adverts.
  7. MacGyver1968 Fixin' Shit that Ain't Broke Valued Senior Member

    Messages:
    7,028
    Just let your computer boot normally..without hitting f8...try downloading the spybot link. or do a google search for smitfraudfix.exe.

    http://siri.geekstogo.com/SmitfraudFix.php

    save it to your desktop, and reboot in safe mode...then run it.
     
  8. MacGyver1968 Fixin' Shit that Ain't Broke Valued Senior Member

    Messages:
    7,028
    just double click the combofix icon and run the program.
     
  9. The Flemster Registered abuser Registered Senior Member

    Messages:
    700
    Right. It's taken me fucking ages to get back in again! I've had to come back in Safe Mode cos before it would get to Desktop, work for about 60 seconds then just freexe me out.
    I'm downloading the French thing now.
     
  10. The Flemster Registered abuser Registered Senior Member

    Messages:
    700
    Running Smit. Works ok. Assume I do Clean?
     
  11. The Flemster Registered abuser Registered Senior Member

    Messages:
    700
    Here's the Report from the scan:

    SmitFraudFix v2.365

    Scan done at 2:38:44.09, 20/10/2008
    Run from C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\windows\System32\smss.exe
    C:\windows\system32\csrss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\ctfmon.exe
    C:\windows\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\windows

    C:\windows\karna.dat FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\windows\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32

    C:\windows\system32\brastk.exe FOUND !
    C:\windows\system32\karna.dat FOUND !
    C:\windows\system32\_scui.cpl FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Owner


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Owner\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, following keys are not inevitably infected!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="karna.dat"
    "LoadAppInit_DLLs"=dword:00000001


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» RK

    C:\windows\system32\drivers\beep.sys infected !


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
    DNS Server Search Order: 16.92.3.242
    DNS Server Search Order: 16.92.3.243
    DNS Server Search Order: 16.81.3.243
    DNS Server Search Order: 16.118.3.243

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.1.254

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{01C79DFE-6A25-48C0-B0C4-B8881E914877}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  12. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,101
    Btw you can download and install the network installation of SP3 if your system doesn't already have it, obviously don't do it yet but it can be installed in Safemode if you have problems trying to install it later.
     
  13. The Flemster Registered abuser Registered Senior Member

    Messages:
    700
    Would that help then?
     
  14. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,101
    It will help later, obviously though you've got to stabilise your system enough to be able to run it.
     
  15. MacGyver1968 Fixin' Shit that Ain't Broke Valued Senior Member

    Messages:
    7,028
    Oh fuck YAAAAA!! if you got smit to run...we are in the home stretch. we will need to download AVG or avast to clean up the rements...but we did it!

    Stryder..I want at least 2 gold stars attached next to my name for helping a fellow board member on a Sunday instead of power-leveling my cleric

    Please Register or Log in to view the hidden image!

    ..ya know..just incase I ever do anything ban worthy

    Please Register or Log in to view the hidden image!

     
  16. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,101
    Btw that's part of the problem there why your reboot into normal mode didn't work
     
  17. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,101
    I've got your back. In honesty we need a decent support section here anyway. Maybe one day something will get put together.

    As for your lvl 43 Cleric, I usually get to that level and decide I can't be arsed to powerlevel to 50, it's just too much aggro hehe.
     
  18. The Flemster Registered abuser Registered Senior Member

    Messages:
    700
    Right. Back in normal mode. Got Combo to do its thing. All seems okay...for now...
    What should I do now? Am i really vunerable at the mo? The red cross thing is still there and---hang on! Norton's back! And I uninstalled it twice!!!
    Its telling me theres a problem and its off to sort it out.
    NOW i'm confused...!
     
  19. The Flemster Registered abuser Registered Senior Member

    Messages:
    700
    Here's the Combo report:

    ComboFix 08-10-19.03 - Compaq_Owner 2008-10-20 3:09:24.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.60 [GMT 1:00]

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    /wow section not completed

    ((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 )))))))))))))))))))))))))))))))
    .

    2008-10-20 02:50 . 2008-10-16 19:00 <DIR> d-------- C:\32788R22FWJFW
    2008-10-20 02:38 . 2008-10-20 02:41 4,098 --a------ C:\WINDOWS\system32\tmp.reg
    2008-10-19 22:53 . 2008-10-19 22:53 <DIR> d-------- C:\WINDOWS\55A6283C638A4EE0B49151118554BDA2.TMP
    2008-10-19 19:55 . 2008-10-19 19:55 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Talkback
    2008-10-19 19:55 . 2008-10-19 19:55 0 --a------ C:\WINDOWS\nsreg.dat
    2008-10-19 18:44 . 2008-10-19 18:44 <DIR> d-------- C:\Program Files\CCleaner
    2008-10-19 18:12 . 2008-10-19 18:35 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-10-19 18:12 . 2008-10-19 18:12 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\PC Tools
    2008-10-19 18:12 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-10-19 18:12 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-10-19 18:12 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-10-19 18:12 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-10-19 17:41 . 2008-10-20 00:14 <DIR> d-------- C:\Program Files\XP_AntiSpyware
    2008-10-19 17:04 . 2008-10-19 17:21 <DIR> d-------- C:\Program Files\AntiMalware Pro
    2008-10-19 17:04 . 2008-10-19 17:04 0 --a------ C:\WINDOWS\system32\MSVolume.dll
    2008-10-19 16:56 . 2008-10-19 16:56 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SpywareRemover
    2008-10-19 16:37 . 2008-10-19 16:37 19,899 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\bimasary.dat
    2008-10-19 16:37 . 2008-10-19 16:37 19,642 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\zojaq.scr
    2008-10-19 16:37 . 2008-10-19 16:37 19,555 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\zeny.scr
    2008-10-19 16:37 . 2008-10-19 16:37 18,496 --a------ C:\WINDOWS\iloqige.exe
    2008-10-19 16:37 . 2008-10-19 16:37 18,214 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\alifafeb.pif
    2008-10-19 16:37 . 2008-10-19 16:37 17,022 --a------ C:\WINDOWS\pisopy._sy
    2008-10-19 16:37 . 2008-10-19 16:37 14,047 --a------ C:\WINDOWS\system32\fahabudic.dl
    2008-10-19 16:37 . 2008-10-19 16:37 13,993 --a------ C:\WINDOWS\icitapijut.vbs
    2008-10-19 16:37 . 2008-10-19 16:37 13,524 --a------ C:\Program Files\Common Files\yfibagew.vbs
    2008-10-19 16:37 . 2008-10-19 16:37 12,413 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\futu.dat
    2008-10-19 16:37 . 2008-10-19 16:37 12,062 --a------ C:\Program Files\Common Files\dagufana.dll
    2008-10-19 16:37 . 2008-10-19 16:37 10,778 --a------ C:\WINDOWS\ocanec.lib
    2008-10-19 16:34 . 2008-10-20 02:53 71,710 --a------ C:\WINDOWS\system32\wini10802.exe
    2008-10-19 16:29 . 2008-10-20 02:32 10,240 --a------ C:\WINDOWS\brastk.exe
    2008-10-19 16:29 . 2007-08-21 08:00 1,536 --a------ C:\WINDOWS\system32\Delete_Me_Dummy_karna.dat
    2008-10-19 16:27 . 2008-10-19 16:27 114 --a------ C:\WINDOWS\system32\delself.bat
    2008-10-19 16:22 . 2008-10-19 16:22 77,824 --a------ C:\WINDOWS\system32\TDSSciou.dll
    2008-10-19 16:22 . 2008-10-19 16:22 44,544 --a------ C:\WINDOWS\system32\av.dat
    2008-10-19 16:22 . 2008-10-19 16:22 31,232 --a------ C:\WINDOWS\system32\TDSSlbqp.dll
    2008-10-19 16:22 . 2008-10-19 16:22 29,696 --a------ C:\WINDOWS\system32\TDSSnrse.dll
    2008-10-19 16:22 . 2008-10-19 16:22 12,288 --a------ C:\WINDOWS\system32\TDSSthym.dll
    2008-10-19 16:22 . 2008-10-20 02:53 3,530 --a------ C:\WINDOWS\system32\TDSSfpmp.dll
    2008-10-19 16:22 . 2008-10-19 16:22 164 --a------ C:\WINDOWS\system32\TDSSosvn.dat
    2008-10-19 16:21 . 2008-10-19 16:22 36,864 --a------ C:\WINDOWS\system32\TDSSoiqh.dll
    2008-10-19 09:42 . 2008-10-19 09:42 <DIR> d-------- C:\Documents and Settings\Christine Fleming\Application Data\Symantec
    2008-10-18 10:35 . 2008-10-18 10:36 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\VideoEgg
    2008-10-17 17:15 . 2008-10-17 17:15 24 --a------ C:\url_history.xml
    2008-10-17 17:12 . 2008-10-17 17:12 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SecondLife
    2008-10-17 12:27 . 2008-10-17 12:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-17 12:26 . 2008-09-25 14:27 905,216 --a------ C:\WINDOWS\system32\GearDrvs.msi
    2008-10-17 11:16 . 2008-10-17 11:16 <DIR> d-------- C:\Program Files\Windows Sidebar
    2008-10-17 11:15 . 2008-10-19 22:52 <DIR> d-------- C:\Program Files\Norton 360
    2008-10-17 11:12 . 2008-10-17 11:19 <DIR> d-------- C:\Program Files\Symantec
    2008-10-17 11:12 . 2008-10-17 11:19 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-10-17 11:12 . 2008-10-17 11:19 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-10-17 11:12 . 2008-10-17 11:19 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-10-17 11:12 . 2008-10-17 11:19 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-10-17 10:58 . 2008-10-17 11:41 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
    2008-10-16 23:25 . 2008-10-19 18:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    2008-10-16 12:16 . 2008-10-19 17:03 <DIR> d-------- C:\Program Files\NoAdware
    2008-10-16 10:35 . 2008-10-16 10:35 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\WinBatch
    2008-10-16 03:08 . 2008-10-16 03:08 <DIR> d-------- C:\Program Files\MSXML 4.0
    2008-10-16 01:22 . 2008-10-16 12:42 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-10-15 19:29 . 2008-08-14 11:00 2,180,352 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-15 19:29 . 2008-08-14 10:58 2,136,064 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-15 19:29 . 2008-08-14 10:22 2,057,728 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-15 19:29 . 2008-08-14 10:22 2,015,744 --a------ C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-15 19:17 . 2008-10-15 19:17 <DIR> d-------- C:\Program Files\AVG
    2008-10-15 19:17 . 2008-10-17 12:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
    2008-10-15 16:43 . 2008-06-13 14:10 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
    2008-10-15 16:43 . 2008-06-13 14:10 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
    2008-10-15 15:11 . 2008-10-16 00:54 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
    2008-10-15 15:00 . 2008-10-15 15:00 <DIR> d--hs---- C:\WINDOWS\system32\config\systemprofile\UserData
    2008-10-15 14:42 . 2008-10-15 14:42 <DIR> d-------- C:\Program Files\PrivacyEraser Computing
    2008-10-15 12:45 . 2008-10-16 17:04 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
    2008-10-15 12:37 . 2008-10-17 01:44 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Azureus
    2008-10-15 12:37 . 2008-10-15 12:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
    2008-10-15 12:36 . 2008-10-16 01:05 <DIR> d-------- C:\Program Files\AskBarDis
    2008-10-15 12:35 . 2008-10-15 12:36 <DIR> d-------- C:\Program Files\Vuze
    2008-10-15 12:26 . 2008-10-15 12:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SITEguard
    2008-10-15 12:24 . 2008-10-15 12:24 <DIR> d-------- C:\Program Files\Common Files\iS3
    2008-10-15 12:24 . 2008-10-15 15:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
    2008-10-15 12:02 . 2008-10-17 00:07 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Motive
    2008-10-15 12:01 . 2008-10-15 12:02 <DIR> d-------- C:\Program Files\Common Files\Motive
    2008-10-15 12:01 . 2008-10-15 12:02 <DIR> d-------- C:\Program Files\BT Broadband Desktop Help
    2008-10-15 12:01 . 2008-10-15 12:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
    2008-10-15 12:01 . 2002-01-05 06:18 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
    2008-10-15 12:01 . 2001-10-11 11:26 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
    2008-10-15 12:00 . 2008-10-15 12:04 <DIR> d-------- C:\Program Files\Yahoo!
    2008-10-15 12:00 . 2008-10-15 12:03 <DIR> d-------- C:\Program Files\BTHomeHub
    2008-10-15 11:57 . 2008-10-15 11:57 102,194 --a------ C:\WINDOWS\system32\cont_dcads-remove.exe
    2008-10-15 11:57 . 2008-10-15 11:57 79,085 --a------ C:\WINDOWS\system32\xaikdlzhyt.exe
    2008-10-03 18:41 . 2008-10-03 18:41 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-20 02:04 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2008-10-20 02:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-19 21:53 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    2008-10-19 17:46 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2008-10-17 19:12 49,890 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
    2008-10-17 18:02 --------- d-----w C:\Program Files\Google
    2008-10-16 09:51 --------- d-----w C:\Program Files\HP
    2008-10-16 09:49 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-10-16 00:41 --------- d-----w C:\Program Files\Dopewars
    2008-10-16 00:06 --------- d-----w C:\Program Files\Wanadoo
    2008-10-16 00:04 --------- d-----w C:\Program Files\Microsoft AutoRoute
    2008-10-16 00:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-16 00:03 --------- d-----w C:\Program Files\Hoyle Casino 3D
    2008-10-16 00:02 --------- d-----w C:\Program Files\Ground Zero
    2008-10-15 13:22 --------- d-----w C:\Program Files\StackerBlocks3D
    2008-10-15 13:22 --------- d-----w C:\Program Files\GameTop.com
    2008-10-15 10:59 --------- d-----w C:\Program Files\Lx_cats
    2008-10-10 07:58 82,944 ----a-w C:\windows\system32\o4Patch.exe
    2008-10-10 07:58 82,944 ----a-w C:\windows\system32\IEDFix.C.exe
    2008-10-03 14:32 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\dvdcss
    2008-10-01 14:51 87,552 ----a-w C:\windows\system32\VACFix.exe
    2008-09-15 11:57 1,846,016 ----a-w C:\windows\system32\win32k.sys
    2008-09-15 11:57 1,846,016 ----a-w C:\windows\system32\dllcache\win32k.sys
    2008-09-08 22:38 88,576 ----a-w C:\windows\system32\AntiXPVSTFix.exe
    2008-08-28 10:04 333,056 ----a-w C:\windows\system32\drivers\srv.sys
    2008-08-28 10:04 333,056 ----a-w C:\windows\system32\dllcache\srv.sys
    2008-08-27 08:24 3,593,216 ----a-w C:\windows\system32\dllcache\mshtml.dll
    2008-08-25 08:38 13,824 ------w C:\windows\system32\dllcache\ieudinit.exe
    2008-08-25 08:37 70,656 ----a-w C:\windows\system32\dllcache\ie4uinit.exe
    2008-08-23 05:56 635,848 ----a-w C:\windows\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ----a-w C:\windows\system32\dllcache\ieakui.dll
    2008-08-18 11:19 82,432 ----a-w C:\windows\system32\404Fix.exe
    2008-08-14 10:00 2,180,352 ----a-w C:\windows\system32\ntoskrnl.exe
    2008-08-14 09:51 138,368 ----a-w C:\windows\system32\dllcache\afd.sys
    2008-08-14 09:22 2,057,728 ----a-w C:\windows\system32\ntkrnlpa.exe
    2008-04-10 14:30 25 -c--a-w C:\Program Files\InventoryBuildersettings.ini
    1998-08-24 12:09 10,000 -c--a-w C:\windows\inf\unregpn.exe
    2007-11-22 22:44 0 -csha-w C:\windows\system32\ping.com
    2007-11-22 22:44 0 -csha-w C:\windows\system32\tracert.com
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
    @="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
    [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
    2008-02-26 09:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
    @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
    [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
    2008-02-26 09:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
    @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
    [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
    2008-02-26 09:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 147456]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 663552]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
    "lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
    "EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
    "PCDrSmartMonitor"="C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2005-12-20 368640]
    "ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-08-09 81920]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
    "btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2007-11-01 1475072]
    "btbb_wcm_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe" [2007-11-29 1474048]
    "LXCGCATS"="C:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 61440]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
    "osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
    "ftutil2"="ftutil2.dll" [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]

    C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
    VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2006-10-02 434176]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-04 1183744]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ZMBV"= zmbv.dll
    "VIDC.VDOM"= vdowave.drv
    "vidc.VSPX"= vspxvfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2mtxx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSpqxt.sys]
    @="driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\Vuze\\Azureus.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP

    Please Register or Log in to view the hidden image!

    xpsp2res.dll,-22009

    R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
    R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-17 303104]
    S0 ati2mtxx;ati2mtxx;C:\windows\system32\Drivers\ati2mtxx.sys [ ]
    S3 ATIXPGAA;ATIXPGAA;C:\Program Files\PC-Doctor 5 for Windows\ATIXPGAA.SYS [ ]
    S3 COH_Mon;COH_Mon;C:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
    S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-11-17 19712]
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
    S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-11-17 18304]
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
    S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2005-11-21 21120]
    S3 Unilocator;Unilocator;C:\WINDOWS\system32\locatrNT.exe [1996-09-30 120832]

    *Newly Created Service* - COMHOST
    *Newly Created Service* - PROCEXP90
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-SITEguard - (no file)
    ShellIconOverlayIdentifiers-{E4000AC4-5E5F-4956-807A-C5854405D64F} - %SystemRoot%\system32\VirtualExpander\VEShellExt.dll
    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    HKCU-Run-LClock - C:\Program Files\LClock\LClock.exe
    HKCU-Run-ViStart - C:\Program Files\ViStart\ViStart.exe
    HKCU-Run-ViOrb - C:\Program Files\ViOrb\ViOrb.exe
    HKCU-Run-TrueTransparency - C:\Program Files\TrueTransparency\TrueTransparency.exe
    HKCU-Run-AntiMalwareProMFCT - C:\Program Files\AntiMalware Pro\AntiMalwarePro.exe
    HKLM-Run-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    HKLM-Run-Quick Registry Cleaner - C:\Program Files\Quick Registry Cleaner\QuickRegistryCleaner.exe
    HKLM-Run-jkpbqnxrbaopoelsh - C:\WINDOWS\system32\fcpwjxnpvah.dll
    HKLM-Run-XP Antispyware 2009 - C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe
    HKLM-Run-PCDrProfiler - (no file)
    HKU-Default-Run-DWQueuedReporting - C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
    HKU-Default-Run-brastk - C:\windows\system32\brastk.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\DOCUME~1\COMPAQ~1\APPLIC~1\Mozilla\Firefox\Profiles\7cyv5bxs.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-20 03:10:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCGCATS = rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...


    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\RGI1.tmp 7075 bytes


    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
    "ImagePath"="\??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms"
    .
    Completion time: 2008-10-20 3:16:27
    ComboFix-quarantined-files.txt 2008-10-20 02:16:19

    Pre-Run: 46,258,417,664 bytes free
    Post-Run: 46,598,336,512 bytes free

    269 --- E O F --- 2008-10-17 19:21:46
     
  20. The Flemster Registered abuser Registered Senior Member

    Messages:
    700
    I gotta say, if this the end of my crisis, you guys have been incredible!
    Really, I'm so grateful you took all this time to help me out. On a Sunday too!
    Above and Beyond, really! Mentioned in Dispatches, etc.

    If there's any way I can ever return the favour... well, you know where to find me!

    UPDATE: The red cross thing has gone!!! I think it's worked!
    I think I'm not going to work tomorrow! I think it's 3:30 in the morning here!

    Thanks again guys-- you rock!

    The (eternally in your debt) Flemster.
     
  21. MacGyver1968 Fixin' Shit that Ain't Broke Valued Senior Member

    Messages:
    7,028
    fucking bad ass! we kicked it's fucking russian ass!!! download the free version of AVG 8.0 to clean up the remnants..and you'll be ready to view porn again!

    Please Register or Log in to view the hidden image!

     
  22. The Flemster Registered abuser Registered Senior Member

    Messages:
    700
    Woohoo! Will AVG work alongside Norton ok?
    Bea Arthur doesn;t know what she's got comin'... time for the Golden (shower) Girls!
     
  23. MacGyver1968 Fixin' Shit that Ain't Broke Valued Senior Member

    Messages:
    7,028
    Norton is a memory hog...AVG works just a well..without draging your system down...and its fucking free.
     
Thread Status:
Not open for further replies.

Share This Page