Computer = weird

Re: Computer = weird

Oh good.

Will tell the guy.

Re: Computer = weird

He wants the ComboFix log, Blind. You still got it?

This is just checking you're not infected any more, I'm guessing.

Re: Computer = weird

Quote:

ComboFix 08-09-03.06 - ryan 2008-09-22 16:59:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.162 [GMT -4:00]
Running from: C:\Documents and Settings\ryan\Desktop\Anti-Malware_stuff\Combofix_files\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ntldr.exe
C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
C:\WINDOW\system32\actskn43.ocx
C:\WINDOW\system32\cache329
C:\WINDOW\system32\cache329\B_329_0_0_106800.htm
C:\WINDOW\system32\cache329\B_329_0_0_107400.htm
C:\WINDOW\system32\cache329\B_329_1_0_449200.gif
C:\WINDOW\system32\cache329\B_329_1_0_449600.gif
C:\WINDOW\system32\cache329\B_329_1_0_454300.gif
C:\WINDOW\system32\cache329\B_329_2_0_106800.htm
C:\WINDOW\system32\cache329\B_329_2_0_107400.htm
C:\WINDOW\system32\cache329\B_329_3_0_106800.htm
C:\WINDOW\system32\cache329\B_329_3_0_107400.htm
C:\WINDOW\system32\cache329\B_329_4_0_111600.htm
C:\WINDOW\system32\cache329\B_329_4_0_152400.htm
C:\WINDOW\system32\cache329\B_329_4_0_155300.htm
C:\WINDOW\system32\cache329\B_329_4_0_164100.htm
C:\WINDOW\system32\cache329\t_B_329_0_0_106800.htm
C:\WINDOW\system32\cache329\t_B_329_0_0_107400.htm
C:\WINDOW\system32\cache329\t_B_329_2_0_106800.htm
C:\WINDOW\system32\cache329\t_B_329_2_0_107400.htm
C:\WINDOW\system32\cache329\t_B_329_3_0_106800.htm
C:\WINDOW\system32\cache329\t_B_329_3_0_107400.htm
C:\WINDOW\system32\cache329\t_B_329_4_0_111600.htm
C:\WINDOW\system32\cache329\t_B_329_4_0_152400.htm
C:\WINDOW\system32\cache329\t_B_329_4_0_155300.htm
C:\WINDOW\system32\cache329\t_B_329_4_0_164100.htm
C:\WINDOW\system32\mdm.exe
C:\WINDOW\system32\tdssadw.dll
C:\WINDOW\system32\tdssinit.dll
C:\WINDOW\system32\tdssl.dll
C:\WINDOW\system32\tdsslog.dll
C:\WINDOW\system32\tdssmain.dll
C:\WINDOW\system32\tdssservers.dat

.
((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 )))))))))))))))))))))))))))))))
.

2008-09-21 14:40 . 2008-09-21 14:40 <DIR> d-------- C:\HostsXpert
2008-09-21 14:24 . 2008-09-21 14:24 <DIR> d-------- C:\_OTScanIt
2008-09-18 16:24 . 2008-09-18 16:24 <DIR> d-------- C:\Program Files\LimeWire
2008-09-16 11:19 . 2008-09-16 11:19 <DIR> d-------- C:\Program Files\Sun
2008-09-12 17:05 . 2008-09-12 17:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 17:05 . 2008-09-12 17:05 <DIR> d-------- C:\Documents and Settings\ryan\Application Data\Malwarebytes
2008-09-12 17:05 . 2008-09-12 17:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOW\Application Data\Malwarebytes
2008-09-12 17:05 . 2008-09-10 00:04 38,528 --a------ C:\WINDOW\system32\drivers\mbamswissarmy.sys
2008-09-12 17:05 . 2008-09-10 00:03 17,200 --a------ C:\WINDOW\system32\drivers\mbam.sys
2008-09-02 09:06 . 2008-09-02 09:06 158,556 --a------ C:\Vtks Revolt.ttf
2008-08-31 21:05 . 2008-08-31 21:05 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-30 16:07 . 2008-09-07 18:38 <DIR> d-------- C:\fixwareout
2008-08-30 15:29 . 2008-08-30 15:29 <DIR> d-------- C:\Program Files\AIM6
2008-08-30 15:29 . 2008-08-30 15:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOW\Application Data\acccore
2008-08-30 15:03 . 2008-08-30 15:03 <DIR> d-------- C:\Program Files\Uvonsmcn2
2008-08-30 15:03 . 2008-08-30 15:03 <DIR> d-------- C:\Program Files\Uvonsmcn
2008-08-30 15:02 . 2008-09-11 09:52 <DIR> d-------- C:\Program Files\Apaflbcv
2008-08-30 13:36 . 2008-08-30 13:36 5,069,649 --a------ C:\Documents and Settings\All Users.aawqff
2008-08-30 12:34 . 2008-08-30 12:34 <DIR> d-------- C:\WINDOW\system32\unnefmim
2008-08-30 12:34 . 2008-08-30 12:34 <DIR> d-------- C:\Program Files\Bhddeivz2
2008-08-30 12:34 . 2008-08-30 12:34 <DIR> d-------- C:\Program Files\Bhddeivz
2008-08-30 12:33 . 2008-08-30 12:33 <DIR> d-------- C:\Program Files\Macclkop
2008-08-30 11:52 . 2008-08-30 11:52 <DIR> d-------- C:\WINDOW\system32\scripting
2008-08-30 11:52 . 2008-08-30 11:52 <DIR> d-------- C:\WINDOW\system32\en
2008-08-30 11:52 . 2008-08-30 11:52 <DIR> d-------- C:\WINDOW\l2schemas
2008-08-28 23:28 . 2008-04-13 20:12 69,120 --------- C:\WINDOW\system32\wlanapi.dll
2008-08-28 23:28 . 2008-04-13 20:12 53,248 --------- C:\WINDOW\system32\tsgqec.dll
2008-08-28 23:28 . 2008-04-13 20:12 50,688 --------- C:\WINDOW\system32\tspkg.dll
2008-08-28 23:26 . 2008-04-13 20:11 397,312 --------- C:\WINDOW\system32\mmcex.dll
2008-08-28 23:25 . 2008-04-13 20:11 650,752 --------- C:\WINDOW\system32\dot3ui.dll
2008-08-28 19:18 . 2008-08-28 19:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-28 16:52 . 2008-08-28 16:52 12,288 --------- C:\WINDOW\system32\tdssserf.dll
2008-08-27 17:03 . 2008-08-27 17:03 42,320 --a------ C:\WINDOW\system32\xfcodec.dll
2008-08-25 19:10 . 2008-08-25 19:10 <DIR> d-------- C:\Program Files\YouTube Downloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-22 19:14 --------- d-----w C:\Program Files\mIRC
2008-09-21 22:03 --------- d-----w C:\Documents and Settings\ryan\Application Data\uTorrent
2008-09-21 19:45 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-09-18 22:14 --------- d-----w C:\Documents and Settings\ryan\Application Data\Xfire
2008-09-18 21:44 --------- d-----w C:\Program Files\Xfire2
2008-09-16 22:13 --------- d-----w C:\Program Files\Java
2008-09-16 15:03 --------- d-----w C:\Program Files\Viewpoint
2008-09-16 15:03 --------- d-----w C:\Documents and Settings\ryan\Application Data\Viewpoint
2008-09-16 15:03 --------- d-----w C:\Documents and Settings\All Users.WINDOW\Application Data\Viewpoint
2008-09-09 23:25 5,282 -c--a-w C:\Documents and Settings\ryan\Application Data\wklnhst.dat
2008-09-03 01:04 --------- d-----w C:\Documents and Settings\All Users.WINDOW\Application Data\Spybot - Search & Destroy
2008-09-02 21:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-31 15:55 --------- d-----w C:\Program Files\Avi2Dvd
2008-08-31 15:47 --------- d-----w C:\Program Files\Sony
2008-08-30 22:17 --------- d-----w C:\Documents and Settings\All Users.WINDOW\Application Data\WLInstaller
2008-08-30 19:29 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-30 17:36 --------- d-----w C:\Program Files\Utility
2008-08-30 14:38 --------- d-----w C:\Program Files\Image-Line
2008-08-27 23:50 --------- d-----w C:\Program Files\Ulnanshb2
2008-08-27 23:29 --------- d-----w C:\Program Files\Ersaxcgx2
2008-08-25 06:34 --------- d-----w C:\Program Files\Flock
2008-08-21 22:24 --------- d-----w C:\Documents and Settings\jesse.DAVID-REPZ4PHA9\Application Data\Viewpoint
2008-08-20 23:31 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-20 23:20 717,296 ----a-w C:\WINDOW\system32\drivers\sptd.sys
2008-08-20 23:19 --------- d-----w C:\Documents and Settings\ryan\Application Data\DAEMON Tools
2008-08-15 11:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-12 23:39 --------- d-----w C:\Documents and Settings\jesse.DAVID-REPZ4PHA9\Application Data\acccore
2008-08-12 20:33 --------- d-----w C:\Program Files\iTunes
2008-08-12 20:33 --------- d-----w C:\Program Files\iPod
2008-08-12 20:21 --------- d-----w C:\Program Files\QuickTime
2008-08-12 02:46 --------- d-----w C:\Program Files\Audiosurf
2008-08-10 01:38 --------- d-----w C:\Program Files\EA GAMES
2008-08-09 17:47 86,024 ----a-w C:\Documents and Settings\ryan\Application Data\GDIPFONTCACHEV1.DAT
2008-08-09 14:09 --------- d-----w C:\Documents and Settings\jesse.DAVID-REPZ4PHA9\Application Data\MSN6
2008-08-09 13:00 --------- d-----w C:\Program Files\Last.fm
2008-08-09 13:00 --------- d-----w C:\Program Files\GSC
2008-08-09 13:00 --------- d-----w C:\Documents and Settings\ryan\Application Data\InstallShield
2008-08-09 12:59 --------- d-----w C:\Documents and Settings\All Users.WINDOW\Application Data\Last.fm
2008-08-09 12:14 --------- d-----w C:\Program Files\VstPlugins
2008-08-08 04:41 --------- d-----w C:\Program Files\Trillian
2008-07-24 19:51 --------- d-----w C:\Program Files\Microsoft Games
2008-07-19 02:10 94,920 ----a-w C:\WINDOW\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOW\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOW\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOW\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOW\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOW\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOW\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOW\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOW\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOW\system32\muweb.dll
2008-07-18 18:34 586,240 ----a-w C:\WINDOW\WLXPGSS.SCR
2008-07-13 00:02 23 -c--a-w C:\Documents and Settings\jesse.DAVID-REPZ4PHA9\jagex_runescape_preferences.dat
2008-07-07 20:26 253,952 ----a-w C:\WINDOW\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOW\system32\mscms.dll
2007-09-10 22:34 22,328 -c--a-w C:\Documents and Settings\ryan\Application Data\PnkBstrK.sys
2006-08-03 21:16 449 -c--a-w C:\Program Files\Shortcut to 1964.lnk
2005-08-11 16:25 0 -c--a-w C:\Documents and Settings\jesse.DAVID-REPZ4PHA9\Application Data\wklnhst.dat
2005-04-18 17:51 5,096 -c--a-w C:\Documents and Settings\All Users.WINDOW\Application Data\ypinfo.bin
2005-02-28 22:40 68 -c--a-w C:\Documents and Settings\Unknown User\Application Data\tvmuknwrd.dll
2005-02-28 21:44 35 -c--a-w C:\Documents and Settings\Jesse\Application Data\tvmcwrd.dll
2005-02-28 21:44 103 -c--a-w C:\Documents and Settings\Jesse\Application Data\tvmuknwrd.dll
2005-02-28 21:39 60 -c--a-w C:\Documents and Settings\Jesse\Application Data\tvmdmns.dll
2005-02-28 21:26 63 -c--a-w C:\Documents and Settings\david\Application Data\tvmuknwrd.dll
2005-02-28 21:26 28 -c--a-w C:\Documents and Settings\david\Application Data\tvmcwrd.dll
2005-02-28 20:49 37 -c--a-w C:\Documents and Settings\DAVS\Application Data\tvmcwrd.dll
2005-02-28 02:56 0 -c--a-w C:\Documents and Settings\DAVS\Application Data\wklnhst.dat
2005-02-26 20:36 151 -c--a-w C:\Documents and Settings\dfdavid\Application Data\tvmuknwrd.dll
2005-02-14 19:43 5,684 -c--a-w C:\Documents and Settings\dfdavid\Application Data\wklnhst.dat
2004-12-17 00:49 0 -csha-r C:\Program Files\q330994.exe
2004-11-02 18:34 0 -c--a-w C:\Documents and Settings\david\Application Data\wklnhst.dat
2004-10-10 15:59 59,776 -c--a-w C:\Documents and Settings\dfdavid\Application Data\GDIPFONTCACHEV1.DAT
2003-08-27 22:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2005-07-21 01:14 10,856 -csha-w C:\WINDOW\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-14 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Documents and Settings\jesse.DAVID-REPZ4PHA9\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-11-24 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv
"VIDC.PIM1"= pclepim1.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOW^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOW\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOW\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOW^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOW\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOW\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOW^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users.WINDOW\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOW\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ryan^Start Menu^Programs^Startup^Anapod Manager.lnk]
path=C:\Documents and Settings\ryan\Start Menu\Programs\Startup\Anapod Manager.lnk
backup=C:\WINDOW\pss\Anapod Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ryan^Start Menu^Programs^Startup^BitTorrent.lnk]
path=C:\Documents and Settings\ryan\Start Menu\Programs\Startup\BitTorrent.lnk
backup=C:\WINDOW\pss\BitTorrent.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ryan^Start Menu^Programs^Startup^MOG-O-MATIC.lnk]
path=C:\Documents and Settings\ryan\Start Menu\Programs\Startup\MOG-O-MATIC.lnk
backup=C:\WINDOW\pss\MOG-O-MATIC.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ryan^Start Menu^Programs^Startup^World Community Grid Agent.lnk]
path=C:\Documents and Settings\ryan\Start Menu\Programs\Startup\World Community Grid Agent.lnk
backup=C:\WINDOW\pss\World Community Grid Agent.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ryan^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\ryan\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOW\pss\Xfire.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:\Program Files\ISTsvc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 11:21 50472 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
--a--c--- 2006-04-11 11:49 230512 C:\Program Files\Yahoo!\Antivirus\CAVTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
--a--c--- 2006-04-11 11:49 185456 C:\Program Files\Yahoo!\Antivirus\CAVRid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 08:11 490952 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gvjymwnm]
--a--c--- 2007-08-03 15:52 46080 C:\Program Files\Vwbyprah\gvjymwnm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
--a------ 2006-07-13 01:22 57344 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-14 18:22 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uxfmhxpl]
--a------ 2008-08-30 12:34 41984 C:\Program Files\Bhddeivz\uxfmhxpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wxyripyr]
--a--c--- 2007-08-03 15:52 65536 C:\Program Files\wxyripyr\gbqrorqf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xfire Music]
--a--c--- 2006-04-13 20:12 246201 C:\Program Files\Xfire\xfiremusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-09-14 13:26 3084288 C:\Program Files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2005-06-17 00:30 401408 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zvvktswg]
--a------ 2008-08-30 15:03 41984 C:\Program Files\Uvonsmcn\zvvktswg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOW\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloceded.exe"=
"C:\\WINDOW\\system32\\rtcshare.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\StubInstaller.exe"=
"C:\\SNES\\zsnesw.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOW\\system32\\dpvsetup.exe"=
"C:\\WINDOW\\system32\\rundll32.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\WINDOW\\system32\\PnkBstrA.exe"=
"C:\\WINDOW\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Xfire2\\xfire.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\ryan\\Desktop\\MSN Lite 7.5.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"22478:TCP"= 22478:TCP:BitComet 22478 TCP
"22478:UDP"= 22478:UDP:BitComet 22478 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3007:UDP"= 3007:UDP:Windows Media Format SDK (Iexplore.exe)
"3006:UDP"= 3006:UDP:Windows Media Format SDK (Iexplore.exe)
"3011:UDP"= 3011:UDP:Windows Media Format SDK (Iexplore.exe)

S3 JL2005;JL2005A Toy Camera;C:\WINDOW\system32\Drivers\toywdm.sys [2003-11-14 70472]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOW\system32\dri vers\mbamswissarmy.sys [2008-09-10 38528]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOW\system32\drivers\npf.sys [2005-08-02 32512]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-iLike - C:\Program Files\iLike\1.1.41\ilikesidebar.exe
MSConfigStartUp-adorttdl - C:\Program Files\Vbijgjng\adorttdl.exe
MSConfigStartUp-AppleSyncNotifier - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-ATI Launchpad - C:\Program Files\ATI Multimedia\main\launchpd.exe
MSConfigStartUp-ATI Remote Control - C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
MSConfigStartUp-ATICCC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
MSConfigStartUp-BHOZapper - C:\Program Files\BHOZapper\BHOZapper.exe
MSConfigStartUp-Dinst - C:\WINDOW\dinst.exe
MSConfigStartUp-lphc5ahj0encj - C:\WINDOW\system32\lphc5ahj0encj.exe
MSConfigStartUp-odejetob - C:\Documents and Settings\All Users.WINDOW\Application Data\odejetob.dll
MSConfigStartUp-pclsdanc - C:\Program Files\pclsdanc\rslunmps.dll
MSConfigStartUp-PdPYgu - C:\WINDOW\sunqu.exe
MSConfigStartUp-PicasaNet - C:\Program Files\Hello\Hello.exe
MSConfigStartUp-SC2 - C:\Program Files\SecCenter\scprot4.exe
MSConfigStartUp-SemanticInsight - C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
MSConfigStartUp-Steam - c:\program files\steam\steam.exe
MSConfigStartUp-STYLEXP - C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
MSConfigStartUp-tekucvbd - c:\window\system32\tekucvbd.exe
MSConfigStartUp-TFGcm - C:\WINDOW\sunqu.exe
MSConfigStartUp-Ultimate Cleaner - C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe
MSConfigStartUp-Uniblue Registry Booster - C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe
MSConfigStartUp-velqrmlo - C:\Program Files\velqrmlo\ngbyhsby.dll
MSConfigStartUp-ynozujiz - C:\Documents and Settings\All Users.WINDOW\Application Data\ynozujiz.dll
MSConfigStartUp-istsvc - C:\WINDOW\sunqu.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ryan\Application Data\Mozilla\Firefox\Profiles\26ukzymq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig?hl=en&gl=
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvlc.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\WINDOW\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 17:03:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P SSdk21]
"ImagePath"="\??\C:\WINDOW\system32\Drivers\HNPsSd k.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P SSdk23]
"ImagePath"="\??\C:\WINDOW\system32\Drivers\PsSdk2 3.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\t dssserv]
"imagepath"="\systemroot\system32\drivers\TDSSserv .sys"
.
Completion time: 2008-09-22 17:12:59
ComboFix-quarantined-files.txt 2008-09-22 21:12:19

Pre-Run: 62,857,252,864 bytes free
Post-Run: 64,988,688,384 bytes free

355 --- E O F --- 2008-09-19 11:14:03

i luh da pussy

Re: Computer = weird

Quote:

Originally Posted by Billy O'Neal

Hello, Jelly_man.

Quote:

- REDUCED FUNCTIONALITY MODE -

When you run ComboFix, you MUST download a new copy. Your copy is expired. This is likely why the console installation failed.

It should also be noted that the RC filename must be left intact. Please do not rename the file when you download it.

Please delete any existing copies of ComboFix on your system, redownload it, re-run, and post a fresh log here :)

Billy3

Since the sites work now, you can find links to ComboFix.exe downloads here.

Re: Computer = weird

Blindddd. Update?

Re: Computer = weird

Quote:

Originally Posted by blind

K so.
Google is back to redirecting to weird shit.
Login screen stays on the "Starting up Windows" screen unless its in Safe mode.
When I FINALLY got into my account without using safe mode, it was fine for about an hour and then MSN and Task manager randomly froze and then about a minute later Firefox froze too.

Yea you got a BUNCH of serious shit in your computer...

You're going to need to backup your files and reinstall Windows.

Even if you get rid of all the visible shit (including "ilikesearchbar") there's no guarantee that there isn't a rootkit with a higher admin status than you are... and there's no guarantee that the virus didn't unpatch Windows making it easier to get further infections.

Backup and format's the only way to go now... you could keep trying to manually uninstall stuff... but these days there's too much money in keeping your computer infected it's just plain not feasible. You never know if you got everything, you never know what security holes were created/unpatched, and you never know if there's a rootkit playing with your admin levels to keep MORE shit hidden or a hacker's way in.

I get people all the time who say "I'd know if I had a virus!" And those are the people who are the most clueless...

Re: Computer = weird

But who's to say the rootkit hasn't infected his motherboard's BIOS?! What if he's a testbed for all of the hacker's new exploits?! Stay away from me Blind, you filthy unclean!

Seriously, he's not got a rootkit from a simple infection like this. Modified HOSTS file, new startup objects and a false proxy, all of which have been fixed. Probably.

Blind where's my update!

Re: Computer = weird

reformat and be done with this.

Re: Computer = weird

Quote:

Originally Posted by Jelly

But who's to say the rootkit hasn't infected his motherboard's BIOS?! What if he's a testbed for all of the hacker's new exploits?! Stay away from me Blind, you filthy unclean!

Seriously, he's not got a rootkit from a simple infection like this. Modified HOSTS file, new startup objects and a false proxy, all of which have been fixed. Probably.

Blind where's my update!

If you say you don't have a rootkit you have no idea about modern-day malware.

If you were so sure you didn't have a rootkit... ever install Norton or McAfee? Yea, you have a rootkit. Didn't know they install one {albeit for "good" purposes... essentially is a hacky way to force people to run in a somewhat limited user mode while still outwardly-appearing like an Admin.}? Go figure. A rootkit you didn't know about...

Re: Computer = weird

I knew Kaspersky and McAfee and most other security suites use kernel hooks and rootkits. That isn't a bad thing.