Webuser Forums: Follow on problem, Computer Riddled

BRIC AT

Here are the results:

Thanks.

ComboFix 08-03-04.2 - SIDNEY 2008-03-05 13:14:45.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.377 [GMT 0:00]
Running from: C:\Documents and Settings\SIDNEY\My Documents\Webuser fixs\ComboFix.exe
Command switches used :: C:\Documents and Settings\SIDNEY\My Documents\Webuser fixs\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\UGES_0001_N122M0502NetInstaller.exe
C:\WINDOWS\system32\__c0014D20.dat
C:\WINDOWS\system32\__c0014F61.dat
C:\WINDOWS\system32\__c0033A79.dat
C:\WINDOWS\system32\__c0052686.dat
C:\WINDOWS\system32\__c006497E.dat
C:\WINDOWS\system32\__c00979B.dat
C:\WINDOWS\system32\__c00C9DF3.dat
C:\WINDOWS\system32\__c00CAB9B.dat
C:\WINDOWS\system32\__c00D2E03.dat
C:\WINDOWS\system32\__c00D99AE.dat
C:\WINDOWS\system32\__c00EECC2.dat

.
((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-03-05 10:33 . 2008-03-05 13:04 517 ---hs---- C:\WINDOWS\system32\dfhkj.ini
2008-02-12 15:33 . 2008-02-12 17:10 1,414,827 ---hs---- C:\WINDOWS\system32\vckxhjof.ini
2008-02-08 12:08 . 2008-03-05 12:32 <DIR> d-------- C:\Program Files\MalwareAlarm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 13:06 --------- d-----w C:\Program Files\Sequelizer
2008-03-05 13:02 42,713 ---h--w C:\WINDOWS\eksplorasi.exe
2008-03-05 13:02 42,713 ----a-w C:\WINDOWS\system32\SIDNEY's Setting.scr
2008-03-05 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-04 15:19 --------- d-----w C:\Program Files\DownloadManager
2008-02-04 12:51 --------- d-----w C:\Program Files\Dell Support Center
2008-02-04 12:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-04 12:50 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-02-04 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-06 10:05 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-03-05 19:40 4,789,792 ----a-w C:\Program Files\picasa2-current.exe
2006-08-20 14:42 11,817,800 ----a-w C:\Program Files\GoogleEarth.exe
2006-07-21 22:21 36,954,272 ----a-w C:\Program Files\AVSVideoTools.exe
2006-07-21 22:07 905,216 ----a-w C:\Program Files\iview398.exe
2006-07-21 20:51 190,048 ----a-w C:\Program Files\Morpheus.exe
2006-07-03 20:34 3,132,676 ----a-w C:\Program Files\DVDnew.exe
2006-03-06 23:44 26,958 ----a-w C:\Program Files\MovieLand Terms.html
2006-04-10 19:36 56 --sh--r C:\WINDOWS\system32\27A1FA1102.sys
2006-04-10 19:36 3,558 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3676DD4A-0FA5-4C22-AFB6-299B8E61989F}]
2007-09-23 14:19 282720 --a------ C:\WINDOWS\system32\jkhfd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24 20480]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"SequelizerUpdate"="C:\Program Files\Sequelizer\sequelizerupdate.lnk" [2006-03-21 09:16 1558]
"Tok-Cirrhatus"="C:\Documents and Settings\SIDNEY\Local Settings\Application Data\smss.exe" [2008-03-05 13:02 42713]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 23:19 393216 C:\WINDOWS\stsystra.exe]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 04:56 761947]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 17:24 684032]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 23:22 497240]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-01 10:18 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-05-06 14:47 1159168]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [2004-03-23 11:20 147968]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-31 09:54 57344]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-05-27 15:54 135168]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-01 02:52 366400]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 17:37 69216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 21:55 54832]
"Bron-Spizaetus"="C:\WINDOWS\ShellNew\sempalong.exe" [2008-03-05 13:02 42713]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
"Tok-Cirrhatus"="C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" [2007-04-07 19:31 42713]

C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\
Empty.pif [2007-04-07 19:31:48 42713]

C:\Documents and Settings\SIDNEY\Start Menu\Programs\Startup\
Empty.pif [2008-03-05 13:02:50 42713]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2006-03-01 10:18:28 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-03-01 10:10:43 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableCMD"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfd]
C:\WINDOWS\system32\jkhfd.dll 2007-09-23 14:19 282720 C:\WINDOWS\system32\jkhfd.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d8dee8a-5c60-11dc-94fd-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c4708e5-ad1c-11db-9467-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-14 14:31:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-05 13:06:19 C:\WINDOWS\Tasks\At1.job"
- C:\Documents and Settings\SIDNEY\Templates\Brengkolang.com
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 13:20:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-03-05 13:21:45
ComboFix-quarantined-files.txt 2008-03-05 13:21:18
ComboFix2.txt 2008-03-04 15:35:04
.
2008-02-13 19:37:36 --- E O F ---

Post Extras