I can't get rid of what I believe to be the Conflicker Worm

mopoy · 12-Oct-2009, 11:56 PM #1

I think I have the Conflicker Worm and have done numerous anti-virus scans along with spyware and adware scans but can't seem to shake this thing that has its grips on my computer. I read about ComboFix on multiple tech sites so I downloaded the how-to guide and the application and ran it exactly as the guide said to and now I don't know what to do next.

HEEEELLLLLPPPPPP!!!!!!!!! Please thanks here is my ComboFix log

ComboFix 09-10-12.02 - rnchi316 10/12/2009 19:14.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1234 [GMT -7:00]
Running from: c:\documents and settings\rnchi316\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091012-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\system32\Cache
c:\windows\system32\drivers\etc\lmhosts

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_NWCWORKSTATION
-------\Service_Iprip
-------\Service_NWCWorkstation

((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-12 23:21 . 2009-10-12 23:21 -------- d-----w- c:\windows\system32\Lang
2009-10-12 18:37 . 2009-10-12 18:37 -------- d-----w- c:\windows\system32\RTCOM
2009-10-12 18:37 . 2008-04-14 12:41 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-10-12 18:37 . 2008-04-14 12:41 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-10-12 18:37 . 2008-04-14 07:49 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2009-10-12 18:37 . 2008-04-14 07:49 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-10-12 18:37 . 2008-04-14 07:15 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-10-12 18:37 . 2008-04-14 07:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-10-12 18:37 . 2009-10-12 22:44 -------- d-----w- c:\windows\LastGood.Tmp
2009-10-12 18:36 . 2009-10-12 18:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\PeerNetworking
2009-10-12 18:35 . 2004-11-02 15:58 163840 ----a-w- c:\windows\system32\igfxres.dll
2009-10-12 18:01 . 2008-04-14 12:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-10-12 16:45 . 2009-10-12 16:45 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Yahoo
2009-10-12 16:43 . 2009-10-12 17:03 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Yahoo!
2009-10-12 16:43 . 2009-10-12 18:01 -------- d-----w- c:\windows\ServicePackFiles
2009-10-12 16:18 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-12 16:18 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-12 16:18 . 2009-05-21 18:46 268288 -c----w- c:\windows\system32\dllcache\httpext.dll
2009-10-12 16:14 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-12 16:14 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-12 16:14 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-12 16:14 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-12 16:13 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-12 16:12 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-12 16:12 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-12 16:12 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-12 16:12 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-12 16:12 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-12 16:12 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-12 16:12 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-12 16:12 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-12 16:12 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-12 16:12 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-12 16:12 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-12 16:12 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-12 16:11 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-12 16:10 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-12 16:10 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-12 16:06 . 2007-08-11 03:46 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-12 16:06 . 2009-10-12 18:08 -------- d--h--w- c:\windows\$hf_mig$
2009-10-12 15:42 . 2008-12-16 12:30 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-10-12 15:16 . 2009-10-12 15:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-12 14:46 . 2009-10-12 15:16 -------- d-----w- c:\documents and settings\rnchi316\Application Data\Apple Computer
2009-10-12 14:46 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-12 14:46 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-12 14:45 . 2009-10-12 14:45 -------- d-----w- c:\program files\iPod
2009-10-12 14:45 . 2009-10-12 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-12 14:45 . 2009-10-12 14:46 -------- d-----w- c:\program files\iTunes
2009-10-12 14:45 . 2009-10-12 14:45 -------- d-----w- c:\program files\Bonjour
2009-10-12 14:44 . 2009-10-12 14:45 -------- d-----w- c:\program files\QuickTime
2009-10-12 14:44 . 2009-10-12 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-12 14:44 . 2009-10-12 14:44 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Apple
2009-10-12 14:44 . 2009-10-12 14:44 -------- d-----w- c:\program files\Apple Software Update
2009-10-12 14:44 . 2009-10-12 14:46 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-12 14:43 . 2009-10-12 14:45 -------- d-----w- c:\program files\Common Files\Apple
2009-10-12 14:43 . 2009-10-12 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-12 14:42 . 2009-10-12 15:16 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Apple Computer
2009-10-12 14:16 . 2009-10-12 14:16 0 ----a-w- c:\windows\nsreg.dat
2009-10-12 14:16 . 2009-10-12 14:16 -------- d-----w- c:\documents and settings\rnchi316\Local Settings\Application Data\Mozilla
2009-10-12 14:10 . 2009-10-12 14:10 -------- d-s---w- c:\documents and settings\rnchi316\UserData
2009-10-12 14:08 . 2009-10-12 14:08 -------- d-----w- c:\program files\Intel
2009-10-12 14:08 . 2009-10-12 14:08 -------- d-----w- C:\Intel10.3
2009-10-12 13:30 . 2009-10-12 13:30 -------- d-----w- c:\documents and settings\rnchi316\WINDOWS
2009-10-12 13:30 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-12 13:15 . 2008-04-14 12:42 10752 ----a-w- c:\windows\system32\smtpapi.dll
2009-10-12 12:21 . 2009-10-12 12:21 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-12 12:08 . 2009-10-12 12:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 12:08 . 2009-10-12 12:08 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 02:08 . 2009-10-12 11:20 13104 ----a-w- c:\documents and settings\rnchi316\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 23:39 . 2009-10-12 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-12 16:43 . 2009-10-12 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-12 16:43 . 2009-10-12 16:41 -------- d-----w- c:\program files\Yahoo!
2009-10-12 16:43 . 2009-10-12 16:43 -------- d-----w- c:\documents and settings\rnchi316\Application Data\Yahoo!
2009-08-05 09:01 . 2004-08-03 12:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-03 12:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:01 . 2004-08-03 12:56 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-09-25 5145912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-09-21 2807808]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/12/2009 8:28 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/12/2009 8:28 AM 20560]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 5:56 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
c:\windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\rnchi316\Application Data\Mozilla\Firefox\Profiles\fwwun1qw.default\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 19:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-10-13 19:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 02:25

Pre-Run: 23,793,348,608 bytes free
Post-Run: 24,746,201,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

207 --- E O F --- 2009-10-12 16:50

Tag Cloud
access acer asus bios bsod computer crash driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop mac malware memory monitor motherboard music network printer problem ram registry router server slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!