HELP!! I used combofix but I'm still infected!

garnjan · Jun 3, 2008

After reading another forum about someone with one of the same problems I have (antispywaremaster), I downloaded and ran combofix. It seemed to fix the problem for a few hours but now it is worse than ever. Here is my combofix log. Can someone please please please help?? :cry:cry Thank you!!

(note: since running combofix, I can't get to the task manager by pressing control alt delete. I get a message saying the function has been disabled by the administrator.)

ComboFix 08-06-01.6 - Janice 2008-06-03 18:25:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.217 [GMT -7:00]
Running from: C:\Documents and Settings\Janice\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Janice\Application Data\SpeedRunner
C:\Documents and Settings\Janice\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\Janice\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Janice\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\Janice\Application Data\YSTEM3~1
C:\Documents and Settings\Janice\Application Data\YSTEM3~1\?ystem32\
C:\Documents and Settings\Janice\Application Data\YSTEM3~1\chkntfs.exe
C:\Documents and Settings\Janice\My Documents\CROSOF~1
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\AntiSpywareMaster
C:\Program Files\AntiSpywareMaster\asm.exe
C:\Program Files\Common Files\uoqu
C:\Program Files\Common Files\uoqu\uoqua.exe
C:\Program Files\Common Files\uoqu\uoqua.lck
C:\Program Files\Common Files\uoqu\uoqud\class-barrel
C:\Program Files\Common Files\uoqu\uoqud\uoquc.dll
C:\Program Files\Common Files\uoqu\uoqud\vocabulary
C:\Program Files\Common Files\uoqu\uoqul.exe
C:\Program Files\Common Files\uoqu\uoqul.lck
C:\Program Files\Common Files\uoqu\uoqum.exe
C:\Program Files\Common Files\uoqu\uoqum.lck
C:\Program Files\Common Files\uoqu\uoqup.exe
C:\Program Files\CPV
C:\Program Files\inetget2
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\Program Files\Svconr
C:\Program Files\Svconr\Svconr.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\BM3fa4d359.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\explore.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\SmFuaWNl\
C:\WINDOWS\SmFuaWNl\\asappsrv.dll
C:\WINDOWS\SmFuaWNl\\command.exe
C:\WINDOWS\SmFuaWNl\\mAIRuqh5.vbs
C:\WINDOWS\SmFuaWNl\command.exe
C:\WINDOWS\system32\bhmq.dll
C:\WINDOWS\system32\cBssPFuT.dll
C:\WINDOWS\system32\dhdkaifr.dll
C:\WINDOWS\system32\drivers\StMp3Recc.sys
C:\WINDOWS\system32\iIBUKCSM.dll
C:\WINDOWS\system32\ksoetphn.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nhpteosk.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\ssqQJyvv.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\vossevgs.dll
C:\WINDOWS\SYSTEM32\vvyJQqss.ini
C:\WINDOWS\SYSTEM32\vvyJQqss.ini2
C:\WINDOWS\system32\wjtajapw.exe
C:\WINDOWS\uoqu
C:\WINDOWS\uoqu\uoqu.dat
C:\WINDOWS\uoqu\wu
C:\Documents and Settings\Janice\My Documents\CROSOF~1\s?ool32.exe . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR
-------\Legacy_STMP3RECC
-------\Service_cmdService
-------\Service_MsSecurity1.209.4
-------\Service_StMp3Recc

((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-03 18:37 . 2008-06-03 18:38 93 --a------ C:\WINDOWS\SYSTEM32\msnav32.ax
2008-06-02 21:59 . 2008-06-02 21:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\Vco1
2008-06-02 21:59 . 2008-06-02 21:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\sTMP
2008-06-02 21:59 . 2008-06-02 21:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\Dev3
2008-06-02 21:59 . 2008-06-02 21:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\a053
2008-06-02 21:59 . 2008-06-02 21:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\6026c
2008-06-02 21:59 . 2008-06-02 21:59 167,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
2008-06-02 21:59 . 2008-06-02 21:59 89,049 --a------ C:\WINDOWS\SYSTEM32\vbpdtvdp.exe
2008-06-02 21:59 . 2008-06-02 21:59 41,984 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-06-02 21:59 . 2008-06-02 21:59 30,728 --a------ C:\WINDOWS\444.470
2008-06-02 21:59 . 2008-06-02 21:59 4 --a------ C:\WINDOWS\SYSTEM32\hljwugsf.bin
2008-06-02 21:56 . 2008-06-02 21:56 41,984 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-06-02 21:56 . 2008-06-02 21:59 41,984 --a------ C:\WINDOWS\mrofinu572.exe
2008-05-27 20:48 . 2008-05-27 20:48 49,185 --a------ C:\WINDOWS\SYSTEM32\jqwnw64m.exe
2008-05-27 19:07 . 2008-06-01 21:37 63,918 --a------ C:\WINDOWS\SYSTEM32\{720b848a-08e4-df88-3559-5089cec40ba7}.dll-uninst.exe
2008-05-27 19:06 . 2008-05-27 19:06 401,972 --a------ C:\WINDOWS\SYSTEM32\g96.exe
2008-05-27 06:47 . 2008-05-27 06:47 370,176 --a------ C:\WINDOWS\SYSTEM32\{720b848a-08e4-df88-3559-5089cec40ba7}.dll
2008-05-26 14:42 . 2008-06-02 22:06 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconUS.ico
2008-05-26 14:32 . 2008-06-03 17:41 95,833 --a------ C:\WINDOWS\SYSTEM32\{72779436-36c1-76f8-a454-af04f97811fb}.dll-uninst.exe
2008-05-26 14:32 . 2008-06-02 22:09 88,961 --a------ C:\WINDOWS\SYSTEM32\mysidesearch_sidebar_uninstall.exe
2008-05-26 14:32 . 2008-05-26 14:32 858 --a------ C:\WINDOWS\SYSTEM32\winpfz33.sys
2008-05-26 14:31 . 2008-05-26 14:31 <DIR> d-------- C:\WINDOWS\SYSTEM32\vntiho01
2008-05-26 14:31 . 2008-05-26 14:31 <DIR> d-------- C:\WINDOWS\SYSTEM32\rev3
2008-05-26 14:31 . 2008-05-26 17:12 <DIR> d-------- C:\WINDOWS\SYSTEM32\acom1
2008-05-26 14:31 . 2008-05-26 14:31 <DIR> d-------- C:\WINDOWS\SYSTEM32\1026c
2008-05-26 14:31 . 2008-06-03 18:26 <DIR> d-------- C:\Temp
2008-05-26 14:31 . 2008-05-26 14:31 298,311 --a------ C:\WINDOWS\SYSTEM32\gside.exe
2008-05-26 14:31 . 2008-05-26 14:31 200,768 --a------ C:\WINDOWS\SYSTEM32\mcntrkdm.exe
2008-05-20 14:02 . 2008-05-20 14:02 32,768 --a------ C:\WINDOWS\SYSTEM32\vntiho01\vntiho011065.exe
2008-05-19 06:55 . 2008-05-19 06:55 439,808 --a------ C:\WINDOWS\SYSTEM32\{72779436-36c1-76f8-a454-af04f97811fb}.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 01:34 16,384 ----a-w C:\WINDOWS\explore.exe
2008-06-04 01:34 16,128 ----a-w C:\WINDOWS\iexplorer.exe
2008-06-03 05:15 9,984 ----a-w C:\WINDOWS\rundll16.exe
2008-05-26 21:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-01_17.51.18.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-04 01:22:36 28,416 ----a-w C:\WINDOWS\accesss.exe
+ 2008-06-04 01:22:36 25,088 ----a-w C:\WINDOWS\avpcc.dll
+ 2006-09-01 09:32:37 84,697 ----a-w C:\WINDOWS\b104.exe
- 2008-06-02 00:45:28 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-04 01:37:35 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-06-04 01:22:36 12,544 ----a-w C:\WINDOWS\clrssn.exe
+ 2008-06-04 01:22:37 26,624 ----a-w C:\WINDOWS\cpan.dll
+ 2008-06-03 05:15:08 32,256 ----a-w C:\WINDOWS\ctfmon32.exe
+ 2008-06-03 05:15:09 24,064 ----a-w C:\WINDOWS\ctrlpan.dll
+ 2008-06-03 05:15:09 11,776 ----a-w C:\WINDOWS\directx32.exe
+ 2008-06-03 05:15:09 25,856 ----a-w C:\WINDOWS\dnsrelay.dll
+ 2008-06-03 05:15:09 10,496 ----a-w C:\WINDOWS\editpad.exe
+ 2008-06-03 05:15:09 14,080 ----a-w C:\WINDOWS\explorer32.exe
+ 2008-06-03 05:15:09 17,408 ----a-w C:\WINDOWS\funniest.exe
+ 2008-06-03 05:15:10 29,184 ----a-w C:\WINDOWS\funny.exe
+ 2008-06-03 05:15:10 32,768 ----a-w C:\WINDOWS\gfmnaaa.dll
+ 2008-06-03 05:15:10 12,032 ----a-w C:\WINDOWS\helpcvs.exe
+ 2008-06-04 01:22:37 9,216 ----a-w C:\WINDOWS\iedll.exe
+ 2008-06-03 05:15:10 15,360 ----a-w C:\WINDOWS\inetinf.exe
+ 2008-06-03 05:15:11 20,480 ----a-w C:\WINDOWS\internet.exe
+ 2008-06-04 01:22:37 20,736 ----a-w C:\WINDOWS\loader.exe
+ 2008-06-03 05:15:11 32,512 ----a-w C:\WINDOWS\msconfd.dll
+ 2008-06-03 05:15:11 15,104 ----a-w C:\WINDOWS\msspi.dll
+ 2008-06-04 01:22:37 27,648 ----a-w C:\WINDOWS\mssys.exe
+ 2008-06-04 01:22:37 13,312 ----a-w C:\WINDOWS\msupdate.exe
+ 2008-06-03 05:15:12 13,056 ----a-w C:\WINDOWS\mswsc10.dll
+ 2008-06-03 05:15:12 26,112 ----a-w C:\WINDOWS\mswsc20.dll
+ 2008-06-04 01:22:37 23,040 ----a-w C:\WINDOWS\mtwirl32.dll
+ 2008-06-04 01:22:38 24,064 ----a-w C:\WINDOWS\notepad32.exe
+ 2008-06-04 01:22:38 17,664 ----a-w C:\WINDOWS\olehelp.exe
+ 2008-06-03 05:15:12 20,992 ----a-w C:\WINDOWS\qttasks.exe
+ 2008-06-03 05:15:13 13,312 ----a-w C:\WINDOWS\quicken.exe
+ 2008-06-03 05:15:13 13,312 ----a-w C:\WINDOWS\rundll32.vbe
+ 2008-06-03 05:15:13 14,848 ----a-w C:\WINDOWS\searchword.dll
+ 2008-06-03 05:15:13 26,624 ----a-w C:\WINDOWS\sistem.exe
+ 2008-06-03 05:15:13 21,504 ----a-w C:\WINDOWS\svchost32.exe
+ 2008-06-03 05:15:13 21,760 ----a-w C:\WINDOWS\svcinit.exe
+ 2008-06-04 01:22:38 28,672 ----a-w C:\WINDOWS\systeem.exe
- 2008-05-28 03:11:20 63,918 ----a-w C:\WINDOWS\SYSTEM32\{720b848a-08e4-df88-3559-5089cec40ba7}.dll-uninst.exe
+ 2008-06-02 04:37:17 63,918 ----a-w C:\WINDOWS\SYSTEM32\{720b848a-08e4-df88-3559-5089cec40ba7}.dll-uninst.exe
- 2008-05-27 13:37:58 371,712 ----a-w C:\WINDOWS\SYSTEM32\{720b848a-08e4-df88-3559-5089cec40ba7}.dll
+ 2008-05-27 13:47:26 370,176 ----a-w C:\WINDOWS\SYSTEM32\{720b848a-08e4-df88-3559-5089cec40ba7}.dll
- 2008-06-02 00:21:13 95,833 ----a-w C:\WINDOWS\SYSTEM32\{72779436-36c1-76f8-a454-af04f97811fb}.dll-uninst.exe
+ 2008-06-04 00:41:26 95,833 ----a-w C:\WINDOWS\SYSTEM32\{72779436-36c1-76f8-a454-af04f97811fb}.dll-uninst.exe
+ 2008-05-05 16:16:46 127,488 ----a-w C:\WINDOWS\SYSTEM32\6026c\wsDRV3.exe
+ 2008-06-01 17:13:00 37,900 ----a-w C:\WINDOWS\SYSTEM32\a053\updatdll95.exe
+ 2008-04-23 03:49:36 49,152 ----a-w C:\WINDOWS\SYSTEM32\Dev3\moolckr.exe
+ 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msctf.dll
- 2004-08-04 11:00:00 294,400 ----a-w C:\WINDOWS\SYSTEM32\MSCTF.DLL
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\SYSTEM32\msctf.dll
+ 2008-05-30 08:33:26 8,790 ----a-w C:\WINDOWS\SYSTEM32\sTMP\lutdtx2.exe
+ 2007-08-14 21:22:50 25,105 ----a-w C:\WINDOWS\SYSTEM32\Vco1\hdpars11.exe
+ 2008-06-04 01:22:38 13,312 ----a-w C:\WINDOWS\systemcritical.exe
+ 2008-06-03 05:15:14 29,440 ----a-w C:\WINDOWS\time.exe
+ 2008-06-04 01:22:38 30,464 ----a-w C:\WINDOWS\users32.exe
+ 2008-06-04 01:22:39 26,112 ----a-w C:\WINDOWS\waol.exe
+ 2008-06-04 01:22:39 22,016 ----a-w C:\WINDOWS\win32e.exe
+ 2008-06-04 01:22:39 11,008 ----a-w C:\WINDOWS\win64.exe
+ 2008-06-04 01:22:39 25,856 ----a-w C:\WINDOWS\winajbm.dll
+ 2008-06-04 01:22:39 20,224 ----a-w C:\WINDOWS\window.exe
+ 2008-06-04 01:22:39 9,984 ----a-w C:\WINDOWS\winmgnt.exe
+ 2008-06-04 01:22:40 20,992 ----a-w C:\WINDOWS\x.exe
+ 2008-06-04 01:22:40 28,672 ----a-w C:\WINDOWS\xplugin.dll
+ 2008-06-04 01:22:40 22,528 ----a-w C:\WINDOWS\y.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5f354ad7-6680-81db-c234-50c9da46570c}]
2008-05-27 06:47 370176 --a------ C:\WINDOWS\system32\{720b848a-08e4-df88-3559-5089cec40ba7}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{682e9553-f26e-7667-1c2f-bff13fb4aa41}]
2008-05-19 06:55 439808 --a------ C:\WINDOWS\system32\{72779436-36c1-76f8-a454-af04f97811fb}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C18610A6-F640-D1EE-1194-A58F72212CE2}]
C:\WINDOWS\system32\pvzudnvn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Sen"="C:\DOCUME~1\Janice\APPLIC~1\YSTEM3~1\chkntfs.exe" [ ]
"Dexbqwh"="C:\Documents and Settings\Janice\My Documents\??crosoft\s?ool32.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48 32881]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 00:05 122939]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-01 08:45 180269]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 10:45 35328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 15:24 257088]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"{7E-E0-06-6A-DW}"="c:\windows\system32\rwwnw64d.exe" [ ]
"{872e770a-4da0-62e9-0794-dcf7ea1edb63}"="C:\WINDOWS\system32\{720b848a-08e4-df88-3559-5089cec40ba7}.dll" [2008-05-27 06:47 370176]
"ExploreUpdSched"="C:\WINDOWS\SYSTEM32\mcntrkdm.exe" [2008-05-26 14:31 200768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 18:17 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\vbpdtvdp.exe,"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90703521-954f-11dc-885e-00111167eada}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Index.html

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 17:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 18:38:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\zxdnt3d.cfg 21 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\vbpdtvdp.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rwwnw64d.exe.virI
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2008-06-03 18:42:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 01:42:55
ComboFix2.txt 2008-06-02 00:51:36

Pre-Run: 20,641,587,200 bytes free
Post-Run: 20,877,930,496 bytes free

313 --- E O F --- 2008-06-02 01:15:57

chaslang · Jun 4, 2008

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

Log in or Sign up

HELP!! I used combofix but I'm still infected!

garnjan Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member