Logfile check

View previous topic View next topic Go down

Solved Logfile check

Post by amir20001 on Fri Aug 08, 2008 12:44 pm

my comps been running a bit slow so i thought i might give this a try

Thank You!

Logfile of HijackThis v1.99.1
Scan saved at 8:36:46 AM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DriveHQ\DriveHQ Desktop Express\DriveHQRepository2.30.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\WINDOWS\xmljacodec.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.6.8\webbuying.exe
O4 - HKCU\..\Run: [Tair] "C:\DOCUME~1\amir\MYDOCU~1\MBOLS~1\fast.exe" -vt yazb
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

amir20001
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2008-08-08
Points Points : 30801
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Logfile check

Post by Belahzur on Fri Aug 08, 2008 1:49 pm

Hello Amir.
Your log shows an outerinfo infection, no need to worry, we can fix it.

1. Download this file - [You must be registered and logged in to see this link.]
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Logfile check

Post by amir20001 on Fri Aug 08, 2008 4:15 pm

here it is, thx for the help belahzur
ComboFix 08-08-08.01 - amir 2008-08-08 11:48:05.3 - NTFSx86
Running from: C:\Documents and Settings\amir\My Documents\Downloads\Programs\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\OPTIONS\CABS\_desktop.ini
.
---- Previous Run -------
.
C:\Documents and Settings\amir\Application Data\ASKS~1
C:\Documents and Settings\amir\Application Data\macromedia\Flash Player\#SharedObjects\XNNYNG8V\interclick.com
C:\Documents and Settings\amir\Application Data\macromedia\Flash Player\#SharedObjects\XNNYNG8V\interclick.com\ud.sol
C:\Documents and Settings\amir\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\amir\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\amir\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\amir\My Documents\MBOLS~1
C:\Documents and Settings\amir\My Documents\MBOLS~1\??mbols\
C:\Documents and Settings\amir\My Documents\MBOLS~1\My Sharing Folders.lnk
C:\Documents and Settings\amir\Start Menu\Programs\Outerinfo
C:\Documents and Settings\amir\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\amir\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\install.exe
C:\Program Files\Common Files\Yazzle1396OinUninstaller.exe
C:\Program Files\curity~1
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\Program Files\outerinfo
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\outlook
C:\Program Files\web buying
C:\Program Files\Windows Media Player\rtenemuky.html
C:\Program Files\ystem3~1
C:\temp\17o7
C:\temp\17o7\tmpTF.log
C:\WINDOWS\b.exe
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000014_.tmp.dll
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\smpi1
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))
.

2008-08-06 20:06 . 2008-08-06 20:06 d-------- C:\WebsDemo
2008-08-05 14:43 . 2008-08-05 14:43 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-08-05 11:00 . 2008-08-05 11:00 d-------- C:\Nexon
2008-08-05 11:00 . 2008-08-05 11:00 d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-08-04 19:35 . 2008-08-04 19:35 335 --a------ C:\WINDOWS\mozregistry.dat
2008-08-03 10:25 . 2008-08-03 10:25 d-------- C:\Program Files\THQ
2008-08-03 10:25 . 2008-08-03 10:31 d-------- C:\DOW
2008-08-01 08:07 . 2008-08-01 08:10 5,242,880,000 --ah----- C:\sqmdata123
2008-08-01 07:39 . 2008-08-01 07:39 d-------- C:\Program Files\TrueCrypt
2008-08-01 07:39 . 2008-08-01 08:04 d-------- C:\Documents and Settings\amir\Application Data\TrueCrypt
2008-08-01 07:39 . 2008-08-01 07:39 235,840 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2008-07-28 15:08 . 2008-07-28 15:08 d-------- C:\Program Files\Weedscape
2008-07-28 15:07 . 2008-07-28 15:09 d-------- C:\WINDOWS\.silabclient_store_32
2008-07-27 16:07 . 2008-07-27 16:07 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-07-26 11:12 . 2008-07-26 11:13 d-------- C:\Program Files\NVIDIA Corporation
2008-07-26 11:12 . 2008-07-26 11:12 151,552 --a------ C:\WINDOWS\system32\nvRegDev.dll
2008-07-24 21:37 . 2008-07-24 21:37 d-------- C:\Documents and Settings\amir\Application Data\NCH Software
2008-07-24 21:34 . 2008-07-24 21:34 d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-24 21:29 . 2008-07-24 21:32 d-------- C:\Program Files\Moyea
2008-07-24 21:29 . 2008-07-24 21:29 d-------- C:\Documents and Settings\amir\Application Data\Moyea
2008-07-18 20:45 . 2008-08-06 16:16 d-------- C:\Program Files\Cheat Engine
2008-07-18 20:45 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-07-18 20:45 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-07-18 18:16 . 2008-07-18 18:16 d-------- C:\Program Files\AutoHotkey
2008-07-18 18:14 . 2008-07-18 18:34 d-------- C:\Program Files\Workspace Macro 4.6
2008-07-18 18:09 . 2008-07-18 18:09 d-------- C:\Program Files\JitBit
2008-07-18 17:56 . 2008-08-01 08:02 d-------- C:\Documents and Settings\amir\Application Data\Easy Macro Recorder
2008-07-15 19:09 . 2008-07-15 19:09 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-14 16:33 . 2008-07-14 16:33 d-------- C:\Program Files\Virtual Hottie 2
2008-07-11 16:27 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-07-11 16:27 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-07-11 16:27 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-07-11 16:27 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-07-11 16:27 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-07-11 16:27 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-07-11 16:25 . 2008-07-11 16:25 d-------- C:\Program Files\CAPCOM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 15:48 --------- d-----w C:\Documents and Settings\amir\Application Data\DMCache
2008-08-08 15:41 --------- d-----w C:\Documents and Settings\amir\Application Data\DNA
2008-08-08 14:51 --------- d-----w C:\Program Files\lg_fwupdate
2008-08-08 12:59 --------- d-----w C:\Documents and Settings\amir\Application Data\MegauploadToolbar
2008-08-08 02:42 --------- d-----w C:\Documents and Settings\amir\Application Data\uTorrent
2008-08-07 12:03 --------- d-----w C:\Documents and Settings\amir\Application Data\Xfire
2008-08-05 14:14 --------- d-----w C:\Program Files\Steam
2008-08-03 14:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 12:56 --------- d-----w C:\Documents and Settings\amir\Application Data\IDM
2008-08-02 12:50 --------- d-----w C:\Program Files\Knight Online
2008-08-02 02:20 --------- d-----w C:\Documents and Settings\amir\Application Data\Azureus
2008-08-02 02:14 --------- d-----w C:\Program Files\Ubisoft
2008-08-01 11:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-31 19:53 --------- d-----w C:\Program Files\DriftCity
2008-07-31 18:11 --------- d-s---w C:\Program Files\Xfire
2008-07-30 17:34 --------- d-----w C:\Program Files\Eudemons Online
2008-07-29 11:06 --------- d-----w C:\Program Files\Lx_cats
2008-07-27 19:38 --------- d-----w C:\Program Files\OGPlanet
2008-07-25 01:33 --------- d-----w C:\Program Files\NCH Software
2008-07-18 22:26 --------- d-----w C:\Program Files\AC Tool
2008-07-14 17:38 --------- d-----w C:\Documents and Settings\amir\Application Data\AVG7
2008-07-11 20:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-10 21:12 --------- d-----w C:\Documents and Settings\amir\Application Data\LimeWire
2008-07-10 20:37 --------- d-----w C:\Program Files\uTorrent
2008-07-08 00:36 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-05 18:38 --------- d-----w C:\Program Files\UltraISO
2008-07-05 18:38 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-07-05 18:29 --------- d-----w C:\Program Files\WinISO
2008-07-04 21:00 --------- d-----w C:\Program Files\LimeWire
2008-07-03 21:40 --------- d-----w C:\Program Files\Azureus
2008-06-28 16:47 --------- d-----w C:\Program Files\NCH Swift Sound
2008-06-28 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-06-27 20:36 --------- d-----w C:\Program Files\BBLACK
2008-06-26 04:51 --------- d--h--w C:\Program Files\DISCIPLINE
2008-06-26 04:22 --------- d-----w C:\Program Files\SEKILALA
2008-06-21 13:17 --------- d--h--w C:\Documents and Settings\amir\Application Data\ijjigame
2008-06-20 01:31 --------- d-----w C:\Documents and Settings\amir\Application Data\Thinstall
2008-06-12 19:08 58,800 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-12 02:19 --------- d-----w C:\Documents and Settings\amir\Application Data\Dev-Cpp
2008-05-29 22:40 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-10 01:24 22,328 ----a-w C:\Documents and Settings\amir\Application Data\PnkBstrK.sys
2007-05-21 14:45 167 ----a-w C:\Documents and Settings\amir\8878.bat
2007-05-21 14:44 90,112 ----a-w C:\Documents and Settings\amir\st.exe
2007-05-21 14:44 32,768 ----a-w C:\Documents and Settings\amir\setup9x.exe
2007-05-21 14:44 1,490 ----a-w C:\Documents and Settings\amir\x.dat
2007-05-21 04:09 167 ----a-w C:\Documents and Settings\amir\5336.bat
2006-10-31 19:07 31,223 ----a-w C:\Program Files\nv4_disp.cat
2004-10-01 22:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-05-17 04:32 80 --sh--r C:\WINDOWS\system32\A83D29FD39.dll
2007-08-15 06:23 80 --sh--r C:\WINDOWS\system32\EE830616EA.dll
.

------- Sigcheck -------

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2006-03-09 02:28 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2008-03-03 23:16 359808 5e21671831b215cbbd631048622af9e6 C:\WINDOWS\system32\DllCache\tcpip.sys
2008-03-03 23:16 359808 5e21671831b215cbbd631048622af9e6 C:\WINDOWS\system32\drivers\tcpip.sys

2007-05-12 19:27 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 13:26 86016]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 16:57 1103480]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-10-11 21:25 1961984]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-11 11:25 289088]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-04-05 00:38 2594224]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-11-19 12:15 1216512]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 13:35 49152]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 23:24 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-13 22:06 1397760]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-05-13 10:30 249856]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 11:03 69632]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 05:35 196608]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 16:29 299008]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 09:24 61440]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 20:55 8523776]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [2004-12-09 04:51 3895296]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-29 12:25 6731312]
"D-Link Wireless G WUA-1340"="C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2005-12-15 15:19 2715648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 22:08 580096]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:40 86960]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 20:55 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-01 11:32 185896]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 03:05 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34 213936]
"nwiz"="nwiz.exe" [2007-12-18 20:55 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 08:22 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 15:38 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"D1sableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

amir20001
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2008-08-08
Points Points : 30801
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Logfile check

Post by amir20001 on Fri Aug 08, 2008 4:16 pm

here is the rest of it i could not fit it all in one post
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amir20001\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\MAIET\\Gunz\\PGunZ\\Gunz.exe"=
"C:\\Program Files\\MAIET\\Gunz\\PGunZ\\Name Runnable.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\ShadowFlare\\ShadowFlare.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\DriftCity\\DriftCity.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amir20001\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amir20001\\dark messiah might and magic dedicated server\\srcds.exe"=
"C:\\ijji\\ENGLISH\\u_goonzu.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Nexon\\Combat Arms\\NMService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"3135:TCP"= 3135:TCP:*:Disabled:SolidNetworkManager
"3135:UDP"= 3135:UDP:*:Disabled:SolidNetworkManager
"40454:TCP"= 40454:TCP:*:Disabled:SolidNetworkManager
"40454:UDP"= 40454:UDP:*:Disabled:SolidNetworkManager
"65375:TCP"= 65375:TCP:*:Disabled:SolidNetworkManager
"65375:UDP"= 65375:UDP:*:Disabled:SolidNetworkManager
"27019:TCP"= 27019:TCP:BitComet 27019 TCP
"27019:UDP"= 27019:UDP:BitComet 27019 UDP
"58475:TCP"= 58475:TCP:Pando P2P TCP Listening Port
"58475:UDP"= 58475:UDP:Pando P2P UDP Listening Port

R3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
R3 CIF USB CAMERA Service;CIF USB CAMERA;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2003-10-16 01:58]
R3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-16 16:13]
R3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 20:49]
R3 NTProcDrv;Process creation detector for NT.;C:\Documents and Settings\amir\My Documents\Downloads\Programs\NtProcDrv.sys []
R3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys []
R3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []
R3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
R3 XDva062;XDva062;C:\WINDOWS\system32\XDva062.sys []
R3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
R3 XDva099;XDva099;C:\WINDOWS\system32\XDva099.sys []
R3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []
R3 XDva114;XDva114;C:\WINDOWS\system32\XDva114.sys []
R3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys []
R3 XDva164;XDva164;C:\WINDOWS\system32\XDva164.sys []
R3 XDva167;XDva167;C:\WINDOWS\system32\XDva167.sys []
R3 XDva177;XDva177;C:\WINDOWS\system32\XDva177.sys []
R3 XDva186;XDva186;C:\WINDOWS\system32\XDva186.sys []
R3 XDva189;XDva189;C:\WINDOWS\system32\XDva189.sys []
R3 XDva190;XDva190;C:\WINDOWS\system32\XDva190.sys []
S1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 02:23]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-07-27 16:07]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-25 22:55]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{041218f2-cf77-11dc-934e-00e04d04f1bf}]
\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{041218f7-cf77-11dc-934e-00e04d04f1bf}]
\Shell\AutoRun\command - H:\Setup.exe

*Newly Created Service* - HELPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{133C767F-6EBA-484D-0405-010506060608}]
C:\WINDOWS\system32\Winddl.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Tair - C:\DOCUME~1\amir\MYDOCU~1\MBOLS~1\fast.exe
HKCU-Run-Internet Download Accelerator - C:\Program Files\IDA\ida.exe
HKCU-Run-Vidalia - C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
HKLM-Run-AceGain LiveUpdate - C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\amir\Application Data\Mozilla\Firefox\Profiles\hn1t91j2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - [You must be registered and logged in to see this link.]
FF -: plugin - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - C:\Documents and Settings\amir\Application Data\Mozilla\Firefox\Profiles\hn1t91j2.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\IGN\Download Manager\npfpdlm.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-08-08 11:48:52
Windows 5.1.2600 Service Pack 2 NTFS

amir20001
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2008-08-08
Points Points : 30801
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Logfile check

Post by Belahzur on Fri Aug 08, 2008 4:39 pm

I have some bad news for you. Sad tearing

I have to alert you that your combofix log shows a backdoor trojan.
This is allows hackers remote access of your machine, which means all your passwords are known.

If you do any online banking of any sorts on this machine, you need to get to a machine you know is clean and change any passwords.
Because of this backdoor trojan, even if I get rid of the trojan shown, I have no sure way of knowning your system is clean.

Right now, we have two ways to go. We can format your machine, or we can take out the backdoor trojan.

Let me know in your next post.

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Logfile check

Post by amir20001 on Fri Aug 08, 2008 7:15 pm

well i only use this computer for gaming so no big deal about my passwords
i would like to take out the backdoor trojan

amir20001
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2008-08-08
Points Points : 30801
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Logfile check

Post by Belahzur on Fri Aug 08, 2008 7:19 pm

Okay.
You may want to copy these instructions to a notepad to read from while in safe, because you won't have internet connection to read from here.

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Logfile check

Post by amir20001 on Fri Aug 08, 2008 9:42 pm

here is the report
SDFix: Version 1.214
Run by amir on Fri 08/08/2008 at 03:41 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File
Restoring Missing Security Center Service

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\amir\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#[You must be registered and logged in to see this link.] - Deleted
C:\Program Files\Setup.exe - Deleted
C:\Documents and Settings\amir\x.dat - Deleted

x.dat and z.dat data copied to \SDFix\Data.txt


Folder C:\Documents and Settings\amir\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#[You must be registered and logged in to see this link.] - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-08-08 16:57:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:d577a483
"s2"=dword:4e3b79c8
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:89,7a,45,83,7d,28,ae,dd,e0,ae,88,fc,45,71,cd,94,d4,9a,99,8c,0f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:22,ce,5e,5b,9b,0c,1e,ec,0a,96,10,14,09,50,62,63,51,56,d2,55,88,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,63,1a,62,4b,a8,a8,fc,f3,9f,73,fc,a6,95,17,89,81,c5,..
"khjeh"=hex:d0,9a,a1,ed,c0,99,04,95,d2,af,c2,ef,fc,f0,5b,e4,d1,32,1f,63,6f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:50,78,c3,06,4e,81,2f,8f,f6,aa,88,fb,db,df,6b,b2,bf,6e,cc,b5,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:4c,bd,aa,ce,a6,65,b1,5f,97,dc,84,ae,3e,16,64,ea,7a,4e,3c,e6,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:89,7a,45,83,7d,28,ae,dd,e0,ae,88,fc,45,71,cd,94,d4,9a,99,8c,0f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:22,ce,5e,5b,9b,0c,1e,ec,0a,96,10,14,09,50,62,63,51,56,d2,55,88,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,63,1a,62,4b,a8,a8,fc,f3,9f,73,fc,a6,95,17,89,81,c5,..
"khjeh"=hex:d0,9a,a1,ed,c0,99,04,95,d2,af,c2,ef,fc,f0,5b,e4,d1,32,1f,63,6f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:50,78,c3,06,4e,81,2f,8f,f6,aa,88,fb,db,df,6b,b2,bf,6e,cc,b5,35,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:4c,bd,aa,ce,a6,65,b1,5f,97,dc,84,ae,3e,16,64,ea,7a,4e,3c,e6,5f,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Steam\\SteamApps\\amir20001\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\amir20001\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\MAIET\\Gunz\\PGunZ\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\PGunZ\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\MAIET\\Gunz\\PGunZ\\Name Runnable.exe"="C:\\Program Files\\MAIET\\Gunz\\PGunZ\\Name Runnable.exe:*:Enabled:Gunz"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"="C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\ShadowFlare\\ShadowFlare.exe"="C:\\Program Files\\ShadowFlare\\ShadowFlare.exe:*:Enabled:ShadowFlare"
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\ijji\\ENGLISH\\u_skid.exe"="C:\\ijji\\ENGLISH\\u_skid.exe:*:Enabled:"
"C:\\Program Files\\DriftCity\\DriftCity.exe"="C:\\Program Files\\DriftCity\\DriftCity.exe:*:Enabled:DriftCity"
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"="C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam\\SteamApps\\amir20001\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\amir20001\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\amir20001\\dark messiah might and magic dedicated server\\srcds.exe"="C:\\Program Files\\Steam\\SteamApps\\amir20001\\dark messiah might and magic dedicated server\\srcds.exe:*:Enabled:srcds"
"C:\\ijji\\ENGLISH\\u_goonzu.exe"="C:\\ijji\\ENGLISH\\u_goonzu.exe:*:Enabled:"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe:*:Enabled:Crysis_32_sp_demo"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
"C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 16 Jul 2007 77,901,047 A..H. --- "C:\ijji\ENGLISH\ghjkl;.zip"
Thu 8 Mar 2007 552,960 A..H. --- "C:\Program Files\DISCIPLINE\DISCIPLINE.EXE"
Thu 17 May 2007 80 ..SHR --- "C:\WINDOWS\system32\A83D29FD39.dll"
Wed 15 Aug 2007 80 ..SHR --- "C:\WINDOWS\system32\EE830616EA.dll"
Mon 3 Mar 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 21 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

amir20001
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2008-08-08
Points Points : 30801
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Logfile check

Post by amir20001 on Fri Aug 08, 2008 9:42 pm

this is the new hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 5:36:03 PM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DriveHQ\DriveHQ Desktop Express\DriveHQRepository2.30.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - [You must be registered and logged in to see this link.]
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

amir20001
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2008-08-08
Points Points : 30801
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Logfile check

Post by Belahzur on Fri Aug 08, 2008 9:53 pm

That didn't get it. :hmm:
I'll let the developer know later.
Is Combofix still on your desktop? If not, please re-download it from the link up there. ^

Now open a new notepad file.
Input this into the notepad file:

File::
C:\WINDOWS\system32\Winddl.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{133C767F-6EBA-484D-0405-010506060608}]

Save this as CFScript.txt, save it to your desktop also.
Then drag CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done.

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Logfile check

Post by amir20001 on Fri Aug 08, 2008 10:15 pm

do u want me to post the log ?

amir20001
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2008-08-08
Points Points : 30801
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Logfile check

Post by Belahzur on Fri Aug 08, 2008 10:17 pm

Yes please. :)

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Logfile check

Post by amir20001 on Mon Aug 11, 2008 1:08 pm

srry it took so long i went away for a few days
ComboFix 08-08-10.04 - amir 2008-08-11 8:25:20.5 - NTFSx86
Running from: C:\Documents and Settings\amir\My Documents\Downloads\Programs\ComboFix.exe
Command switches used :: C:\Documents and Settings\amir\Desktop\CFscript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\Winddl.exe
.

((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2008-08-08 18:18 . 2008-08-08 18:18 d-------- C:\Program Files\AskSBar
2008-08-08 18:18 . 2008-08-08 18:18 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-08-08 18:17 . 2008-08-08 18:18 d-------- C:\Program Files\COMODO
2008-08-08 18:17 . 2008-08-08 18:17 d-------- C:\Documents and Settings\amir\Application Data\Comodo
2008-08-08 18:17 . 2008-08-09 19:06 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-08 18:17 . 2008-08-08 18:17 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-08 18:17 . 2008-08-08 18:17 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-08 18:17 . 2008-08-08 18:17 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-08 15:33 . 2008-08-08 15:33 d-------- C:\WINDOWS\ERUNT
2008-08-08 15:25 . 2008-08-08 17:02 d-------- C:\SDFix
2008-08-06 20:06 . 2008-08-06 20:06 d-------- C:\WebsDemo
2008-08-05 14:43 . 2008-08-05 14:43 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-08-05 11:00 . 2008-08-05 11:00 d-------- C:\Nexon
2008-08-05 11:00 . 2008-08-05 11:00 d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-08-04 19:35 . 2008-08-04 19:35 335 --a------ C:\WINDOWS\mozregistry.dat
2008-08-03 10:25 . 2008-08-03 10:25 d-------- C:\Program Files\THQ
2008-08-03 10:25 . 2008-08-03 10:31 d-------- C:\DOW
2008-08-01 08:07 . 2008-08-01 08:10 5,242,880,000 --ah----- C:\sqmdata123
2008-08-01 07:39 . 2008-08-01 07:39 d-------- C:\Program Files\TrueCrypt
2008-08-01 07:39 . 2008-08-01 08:04 d-------- C:\Documents and Settings\amir\Application Data\TrueCrypt
2008-08-01 07:39 . 2008-08-01 07:39 235,840 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2008-07-28 15:08 . 2008-07-28 15:08 d-------- C:\Program Files\Weedscape
2008-07-28 15:07 . 2008-07-28 15:09 d-------- C:\WINDOWS\.silabclient_store_32
2008-07-27 16:07 . 2008-07-27 16:07 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-07-26 11:12 . 2008-07-26 11:13 d-------- C:\Program Files\NVIDIA Corporation
2008-07-26 11:12 . 2008-07-26 11:12 151,552 --a------ C:\WINDOWS\system32\nvRegDev.dll
2008-07-24 21:37 . 2008-07-24 21:37 d-------- C:\Documents and Settings\amir\Application Data\NCH Software
2008-07-24 21:34 . 2008-07-24 21:34 d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-24 21:29 . 2008-07-24 21:32 d-------- C:\Program Files\Moyea
2008-07-24 21:29 . 2008-07-24 21:29 d-------- C:\Documents and Settings\amir\Application Data\Moyea
2008-07-18 20:45 . 2008-08-09 20:09 d-------- C:\Program Files\Cheat Engine
2008-07-18 20:45 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-07-18 20:45 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-07-18 18:16 . 2008-08-08 19:04 d-------- C:\Program Files\AutoHotkey
2008-07-18 18:14 . 2008-07-18 18:34 d-------- C:\Program Files\Workspace Macro 4.6
2008-07-18 18:09 . 2008-07-18 18:09 d-------- C:\Program Files\JitBit
2008-07-18 17:56 . 2008-08-01 08:02 d-------- C:\Documents and Settings\amir\Application Data\Easy Macro Recorder
2008-07-15 19:09 . 2008-07-15 19:09 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-14 16:33 . 2008-07-14 16:33 d-------- C:\Program Files\Virtual Hottie 2
2008-07-11 16:27 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-07-11 16:27 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-07-11 16:27 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-07-11 16:27 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-07-11 16:27 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-07-11 16:27 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-07-11 16:25 . 2008-07-11 16:25 d-------- C:\Program Files\CAPCOM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 12:29 --------- d-----w C:\Documents and Settings\amir\Application Data\DNA
2008-08-11 12:28 --------- d-----w C:\Documents and Settings\amir\Application Data\DMCache
2008-08-11 11:54 --------- d-----w C:\Documents and Settings\amir\Application Data\Xfire
2008-08-11 11:49 --------- d-----w C:\Program Files\lg_fwupdate
2008-08-11 03:36 --------- d-----w C:\Documents and Settings\amir\Application Data\MegauploadToolbar
2008-08-11 02:08 --------- d-----w C:\Program Files\Steam
2008-08-10 03:27 --------- d-----w C:\Program Files\Microsoft Games
2008-08-10 02:28 --------- d-----w C:\Documents and Settings\amir\Application Data\uTorrent
2008-08-10 00:10 --------- d-----w C:\Program Files\Ubisoft
2008-08-09 23:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 12:56 --------- d-----w C:\Documents and Settings\amir\Application Data\IDM
2008-08-02 12:50 --------- d-----w C:\Program Files\Knight Online
2008-08-02 02:20 --------- d-----w C:\Documents and Settings\amir\Application Data\Azureus
2008-08-01 11:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-31 19:53 --------- d-----w C:\Program Files\DriftCity
2008-07-31 18:11 --------- d-s---w C:\Program Files\Xfire
2008-07-30 17:34 --------- d-----w C:\Program Files\Eudemons Online
2008-07-29 11:06 --------- d-----w C:\Program Files\Lx_cats
2008-07-27 19:38 --------- d-----w C:\Program Files\OGPlanet
2008-07-25 01:33 --------- d-----w C:\Program Files\NCH Software
2008-07-18 22:26 --------- d-----w C:\Program Files\AC Tool
2008-07-14 17:38 --------- d-----w C:\Documents and Settings\amir\Application Data\AVG7
2008-07-10 21:12 --------- d-----w C:\Documents and Settings\amir\Application Data\LimeWire
2008-07-10 20:37 --------- d-----w C:\Program Files\uTorrent
2008-07-08 00:36 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-05 18:38 --------- d-----w C:\Program Files\UltraISO
2008-07-05 18:38 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-07-05 18:29 --------- d-----w C:\Program Files\WinISO
2008-07-04 21:00 --------- d-----w C:\Program Files\LimeWire
2008-07-03 21:40 --------- d-----w C:\Program Files\Azureus
2008-06-28 16:47 --------- d-----w C:\Program Files\NCH Swift Sound
2008-06-28 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-06-27 20:36 --------- d-----w C:\Program Files\BBLACK
2008-06-26 04:51 --------- d--h--w C:\Program Files\DISCIPLINE
2008-06-26 04:22 --------- d-----w C:\Program Files\SEKILALA
2008-06-21 13:17 --------- d--h--w C:\Documents and Settings\amir\Application Data\ijjigame
2008-06-20 01:31 --------- d-----w C:\Documents and Settings\amir\Application Data\Thinstall
2008-06-12 02:19 --------- d-----w C:\Documents and Settings\amir\Application Data\Dev-Cpp
2008-04-10 01:24 22,328 ----a-w C:\Documents and Settings\amir\Application Data\PnkBstrK.sys
2007-05-21 14:45 167 ----a-w C:\Documents and Settings\amir\8878.bat
2007-05-21 14:44 90,112 ----a-w C:\Documents and Settings\amir\st.exe
2007-05-21 14:44 32,768 ----a-w C:\Documents and Settings\amir\setup9x.exe
2007-05-21 04:09 167 ----a-w C:\Documents and Settings\amir\5336.bat
2006-10-31 19:07 31,223 ----a-w C:\Program Files\nv4_disp.cat
2004-10-01 22:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-05-17 04:32 80 --sh--r C:\WINDOWS\system32\A83D29FD39.dll
2007-08-15 06:23 80 --sh--r C:\WINDOWS\system32\EE830616EA.dll
.

------- Sigcheck -------

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2006-03-09 02:28 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2008-03-03 23:16 359808 5e21671831b215cbbd631048622af9e6 C:\WINDOWS\system32\DllCache\tcpip.sys
2008-03-03 23:16 359808 5e21671831b215cbbd631048622af9e6 C:\WINDOWS\system32\drivers\tcpip.sys

2007-05-12 19:27 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 20:27:00 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-08-10 00:02:03 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-07-11 20:27:00 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-08-10 00:02:03 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-07-11 20:27:00 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-08-10 00:02:03 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-07-11 20:26:49 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-10 00:01:59 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-11 20:26:52 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-10 00:01:59 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-11 20:26:52 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-10 00:02:00 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-11 20:26:53 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-10 00:02:01 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-11 20:26:55 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-10 00:02:01 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-11 20:26:55 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-10 00:02:02 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-11 20:26:56 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-10 00:02:02 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-11 20:26:56 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-10 00:02:02 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-11 20:26:57 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-10 00:02:03 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-11 20:27:00 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-10 00:02:04 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-07-11 20:27:00 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-08-10 00:02:04 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-07-11 20:27:01 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-08-10 00:02:04 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-07-11 20:27:01 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-08-10 00:02:04 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-07-11 20:27:01 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-08-10 00:02:04 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-07-11 20:26:58 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-08-10 00:02:03 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-08-07 20:27:05 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-08 19:33:39 11,288,576 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-08-08 19:33:39 278,528 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 20:27:05 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-08 19:33:25 11,288,576 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-08-08 19:33:25 278,528 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-08-08 22:17:51 79,760 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
- 2008-05-31 17:00:39 1,631,296 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-10 13:12:13 1,631,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 1998-05-07 15:57:22 143,872 ------w C:\WINDOWS\system32\iacenc.dll
+ 1997-06-13 13:56:08 56,832 ------w C:\WINDOWS\system32\iyvu9_32.dll
.
-- Snapshot reset to current date --

amir20001
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2008-08-08
Points Points : 30801
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Logfile check

Post by amir20001 on Mon Aug 11, 2008 1:09 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 13:26 86016]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 16:57 1103480]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-10-11 21:25 1961984]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-11 11:25 289088]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-04-05 00:38 2594224]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-11-19 12:15 1216512]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 13:35 49152]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 23:24 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-13 22:06 1397760]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-05-13 10:30 249856]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 11:03 69632]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 05:35 196608]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 16:29 299008]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 09:24 61440]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 20:55 8523776]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [2004-12-09 04:51 3895296]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-29 12:25 6731312]
"D-Link Wireless G WUA-1340"="C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2005-12-15 15:19 2715648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 22:08 580096]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:40 86960]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 20:55 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-01 11:32 185896]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 03:05 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34 213936]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-08-08 18:18 278264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-08 18:17 1655552]
"nwiz"="nwiz.exe" [2007-12-18 20:55 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 08:22 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 15:38 219136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"D1sableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amir20001\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\MAIET\\Gunz\\PGunZ\\Gunz.exe"=
"C:\\Program Files\\MAIET\\Gunz\\PGunZ\\Name Runnable.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\ShadowFlare\\ShadowFlare.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\DriftCity\\DriftCity.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amir20001\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amir20001\\dark messiah might and magic dedicated server\\srcds.exe"=
"C:\\ijji\\ENGLISH\\u_goonzu.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Nexon\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"3135:TCP"= 3135:TCP:*:Disabled:SolidNetworkManager
"3135:UDP"= 3135:UDP:*:Disabled:SolidNetworkManager
"40454:TCP"= 40454:TCP:*:Disabled:SolidNetworkManager
"40454:UDP"= 40454:UDP:*:Disabled:SolidNetworkManager
"65375:TCP"= 65375:TCP:*:Disabled:SolidNetworkManager
"65375:UDP"= 65375:UDP:*:Disabled:SolidNetworkManager
"27019:TCP"= 27019:TCP:BitComet 27019 TCP
"27019:UDP"= 27019:UDP:BitComet 27019 UDP
"58475:TCP"= 58475:TCP:Pando P2P TCP Listening Port
"58475:UDP"= 58475:UDP:Pando P2P UDP Listening Port

R3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
R3 CIF USB CAMERA Service;CIF USB CAMERA;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2003-10-16 01:58]
R3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-16 16:13]
R3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 20:49]
R3 NTProcDrv;Process creation detector for NT.;C:\Documents and Settings\amir\My Documents\Downloads\Programs\NtProcDrv.sys []
R3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys []
R3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []
R3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
R3 XDva062;XDva062;C:\WINDOWS\system32\XDva062.sys []
R3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
R3 XDva099;XDva099;C:\WINDOWS\system32\XDva099.sys []
R3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []
R3 XDva114;XDva114;C:\WINDOWS\system32\XDva114.sys []
R3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys []
R3 XDva164;XDva164;C:\WINDOWS\system32\XDva164.sys []
R3 XDva167;XDva167;C:\WINDOWS\system32\XDva167.sys []
R3 XDva177;XDva177;C:\WINDOWS\system32\XDva177.sys []
R3 XDva186;XDva186;C:\WINDOWS\system32\XDva186.sys []
R3 XDva189;XDva189;C:\WINDOWS\system32\XDva189.sys []
R3 XDva190;XDva190;C:\WINDOWS\system32\XDva190.sys []
S1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 02:23]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-08 18:17]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-08 18:17]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-07-27 16:07]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-25 22:55]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{041218f2-cf77-11dc-934e-00e04d04f1bf}]
\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{041218f7-cf77-11dc-934e-00e04d04f1bf}]
\Shell\AutoRun\command - H:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e18ff30-d1cf-11dc-9351-00e04d04f1bf}]
\Shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e18ff31-d1cf-11dc-9351-00e04d04f1bf}]
\Shell\AutoRun\command - F:\aoesetup.exe /autorun
\Shell\directx\command - F:\DirectX\dxsetup.exe
\Shell\dplay\command - F:\DirectX\dplay61a.exe
\Shell\dxdiag\command - F:\goodies\ar40eng.exe
\Shell\dxinfo\command - F:\goodies\DirectX\dxinfo.exe
\Shell\dxtest\command - F:\DirectX\dxdiag.exe
\Shell\dxtool\command - F:\goodies\DirectX\dxtool.exe
\Shell\log\command - F:\goodies\machine\machine.exe -l
\Shell\machine\command - F:\goodies\machine\machine.exe
\Shell\setup\command - F:\aoesetup.exe /autorun
\Shell\zone\command - F:\goodies\mszone\zoneA600.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-08-11 08:31:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-11 8:49:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-11 12:49:30
ComboFix2.txt 2008-08-08 22:09:44
ComboFix3.txt 2008-08-08 15:51:21

Pre-Run: 40,250,187,776 bytes free
Post-Run: 40,281,235,456 bytes free

368 --- E O F --- 2007-12-13 11:47:41

amir20001
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2008-08-08
Points Points : 30801
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Logfile check

Post by Belahzur on Mon Aug 11, 2008 1:18 pm

Thanks for letting me know.
I need to know more about these two files

C:\WINDOWS\system32\A83D29FD39.dll
C:\WINDOWS\system32\EE830616EA.dll


Can you submit them to virustotal and copy and paste the results back here?
[You must be registered and logged in to see this link.]

One more CFScript should do it and we'll see where we stand after this.

Now open a new notepad file.
Input this into the notepad file:

File::
C:\Documents and Settings\amir\8878.bat
C:\Documents and Settings\amir\st.exe
C:\Documents and Settings\amir\5336.bat
C:\Documents and Settings\amir\setup9x.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"D1sableTaskMgr"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e18ff30-d1cf-11dc-9351-00e04d04f1bf}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e18ff31-d1cf-11dc-9351-00e04d04f1bf}]

Save this as CFScript.txt, save it to your desktop also.
Then drag CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Copy the resulting log back here too.

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Logfile check

Post by amir20001 on Mon Aug 11, 2008 1:31 pm

ComboFix 08-08-10.04 - amir 2008-08-11 9:21:37.6 - NTFSx86
Running from: C:\Documents and Settings\amir\My Documents\Downloads\Programs\ComboFix.exe
Command switches used :: C:\Documents and Settings\amir\Desktop\CFscript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\amir\5336.bat
C:\Documents and Settings\amir\8878.bat
C:\Documents and Settings\amir\setup9x.exe
C:\Documents and Settings\amir\st.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\amir\5336.bat
C:\Documents and Settings\amir\8878.bat
C:\Documents and Settings\amir\setup9x.exe
C:\Documents and Settings\amir\st.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2008-08-08 18:18 . 2008-08-08 18:18 d-------- C:\Program Files\AskSBar
2008-08-08 18:18 . 2008-08-08 18:18 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-08-08 18:17 . 2008-08-08 18:18 d-------- C:\Program Files\COMODO
2008-08-08 18:17 . 2008-08-08 18:17 d-------- C:\Documents and Settings\amir\Application Data\Comodo
2008-08-08 18:17 . 2008-08-09 19:06 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-08 18:17 . 2008-08-08 18:17 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-08 18:17 . 2008-08-08 18:17 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-08-08 18:17 . 2008-08-08 18:17 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-08 15:33 . 2008-08-08 15:33 d-------- C:\WINDOWS\ERUNT
2008-08-08 15:25 . 2008-08-08 17:02 d-------- C:\SDFix
2008-08-06 20:06 . 2008-08-06 20:06 d-------- C:\WebsDemo
2008-08-05 14:43 . 2008-08-05 14:43 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-08-05 11:00 . 2008-08-05 11:00 d-------- C:\Nexon
2008-08-05 11:00 . 2008-08-05 11:00 d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-08-04 19:35 . 2008-08-04 19:35 335 --a------ C:\WINDOWS\mozregistry.dat
2008-08-03 10:25 . 2008-08-03 10:25 d-------- C:\Program Files\THQ
2008-08-03 10:25 . 2008-08-03 10:31 d-------- C:\DOW
2008-08-01 08:07 . 2008-08-01 08:10 5,242,880,000 --ah----- C:\sqmdata123
2008-08-01 07:39 . 2008-08-01 07:39 d-------- C:\Program Files\TrueCrypt
2008-08-01 07:39 . 2008-08-01 08:04 d-------- C:\Documents and Settings\amir\Application Data\TrueCrypt
2008-08-01 07:39 . 2008-08-01 07:39 235,840 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2008-07-28 15:08 . 2008-07-28 15:08 d-------- C:\Program Files\Weedscape
2008-07-28 15:07 . 2008-07-28 15:09 d-------- C:\WINDOWS\.silabclient_store_32
2008-07-27 16:07 . 2008-07-27 16:07 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-07-26 11:12 . 2008-07-26 11:13 d-------- C:\Program Files\NVIDIA Corporation
2008-07-26 11:12 . 2008-07-26 11:12 151,552 --a------ C:\WINDOWS\system32\nvRegDev.dll
2008-07-24 21:37 . 2008-07-24 21:37 d-------- C:\Documents and Settings\amir\Application Data\NCH Software
2008-07-24 21:34 . 2008-07-24 21:34 d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-24 21:29 . 2008-07-24 21:32 d-------- C:\Program Files\Moyea
2008-07-24 21:29 . 2008-07-24 21:29 d-------- C:\Documents and Settings\amir\Application Data\Moyea
2008-07-18 20:45 . 2008-08-09 20:09 d-------- C:\Program Files\Cheat Engine
2008-07-18 20:45 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-07-18 20:45 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-07-18 18:16 . 2008-08-08 19:04 d-------- C:\Program Files\AutoHotkey
2008-07-18 18:14 . 2008-07-18 18:34 d-------- C:\Program Files\Workspace Macro 4.6
2008-07-18 18:09 . 2008-07-18 18:09 d-------- C:\Program Files\JitBit
2008-07-18 17:56 . 2008-08-01 08:02 d-------- C:\Documents and Settings\amir\Application Data\Easy Macro Recorder
2008-07-15 19:09 . 2008-07-15 19:09 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-14 16:33 . 2008-07-14 16:33 d-------- C:\Program Files\Virtual Hottie 2
2008-07-11 16:27 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-07-11 16:27 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-07-11 16:27 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-07-11 16:27 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-07-11 16:27 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-07-11 16:27 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-07-11 16:25 . 2008-07-11 16:25 d-------- C:\Program Files\CAPCOM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 13:23 --------- d-----w C:\Documents and Settings\amir\Application Data\DMCache
2008-08-11 13:14 --------- d-----w C:\Documents and Settings\amir\Application Data\DNA
2008-08-11 12:34 --------- d-----w C:\Program Files\lg_fwupdate
2008-08-11 11:54 --------- d-----w C:\Documents and Settings\amir\Application Data\Xfire
2008-08-11 03:36 --------- d-----w C:\Documents and Settings\amir\Application Data\MegauploadToolbar
2008-08-11 02:08 --------- d-----w C:\Program Files\Steam
2008-08-10 03:27 --------- d-----w C:\Program Files\Microsoft Games
2008-08-10 02:28 --------- d-----w C:\Documents and Settings\amir\Application Data\uTorrent
2008-08-10 00:10 --------- d-----w C:\Program Files\Ubisoft
2008-08-09 23:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-03 12:56 --------- d-----w C:\Documents and Settings\amir\Application Data\IDM
2008-08-02 12:50 --------- d-----w C:\Program Files\Knight Online
2008-08-02 02:20 --------- d-----w C:\Documents and Settings\amir\Application Data\Azureus
2008-08-01 11:59 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-31 19:53 --------- d-----w C:\Program Files\DriftCity
2008-07-31 18:11 --------- d-s---w C:\Program Files\Xfire
2008-07-30 17:34 --------- d-----w C:\Program Files\Eudemons Online
2008-07-29 11:06 --------- d-----w C:\Program Files\Lx_cats
2008-07-27 19:38 --------- d-----w C:\Program Files\OGPlanet
2008-07-25 01:33 --------- d-----w C:\Program Files\NCH Software
2008-07-18 22:26 --------- d-----w C:\Program Files\AC Tool
2008-07-14 17:38 --------- d-----w C:\Documents and Settings\amir\Application Data\AVG7
2008-07-11 20:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-10 21:12 --------- d-----w C:\Documents and Settings\amir\Application Data\LimeWire
2008-07-10 20:37 --------- d-----w C:\Program Files\uTorrent
2008-07-08 00:36 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-05 18:38 --------- d-----w C:\Program Files\UltraISO
2008-07-05 18:38 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-07-05 18:29 --------- d-----w C:\Program Files\WinISO
2008-07-04 21:00 --------- d-----w C:\Program Files\LimeWire
2008-07-03 21:40 --------- d-----w C:\Program Files\Azureus
2008-06-28 16:47 --------- d-----w C:\Program Files\NCH Swift Sound
2008-06-28 16:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-06-27 20:36 --------- d-----w C:\Program Files\BBLACK
2008-06-26 04:51 --------- d--h--w C:\Program Files\DISCIPLINE
2008-06-26 04:22 --------- d-----w C:\Program Files\SEKILALA
2008-06-21 13:17 --------- d--h--w C:\Documents and Settings\amir\Application Data\ijjigame
2008-06-20 01:31 --------- d-----w C:\Documents and Settings\amir\Application Data\Thinstall
2008-06-12 19:08 58,800 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-12 02:19 --------- d-----w C:\Documents and Settings\amir\Application Data\Dev-Cpp
2008-05-29 22:40 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-10 01:24 22,328 ----a-w C:\Documents and Settings\amir\Application Data\PnkBstrK.sys
2006-10-31 19:07 31,223 ----a-w C:\Program Files\nv4_disp.cat
2004-10-01 22:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-05-17 04:32 80 --sh--r C:\WINDOWS\system32\A83D29FD39.dll
2007-08-15 06:23 80 --sh--r C:\WINDOWS\system32\EE830616EA.dll
.

------- Sigcheck -------

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2006-03-09 02:28 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2008-03-03 23:16 359808 5e21671831b215cbbd631048622af9e6 C:\WINDOWS\system32\DllCache\tcpip.sys
2008-03-03 23:16 359808 5e21671831b215cbbd631048622af9e6 C:\WINDOWS\system32\drivers\tcpip.sys

2007-05-12 19:27 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
.

amir20001
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2008-08-08
Points Points : 30801
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Logfile check

Post by amir20001 on Mon Aug 11, 2008 1:32 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 13:26 86016]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 16:57 1103480]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-10-11 21:25 1961984]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-11 11:25 289088]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-04-05 00:38 2594224]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-11-19 12:15 1216512]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 13:35 49152]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 23:24 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-13 22:06 1397760]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-05-13 10:30 249856]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-11-02 11:03 69632]
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe" [2005-01-18 05:35 196608]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 16:29 299008]
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe" [2004-09-17 09:24 61440]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 20:55 8523776]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [2004-12-09 04:51 3895296]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-29 12:25 6731312]
"D-Link Wireless G WUA-1340"="C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2005-12-15 15:19 2715648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 22:08 580096]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:40 86960]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 20:55 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-01 11:32 185896]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 03:05 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 16:34 213936]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-08-08 18:18 278264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-08 18:17 1655552]
"nwiz"="nwiz.exe" [2007-12-18 20:55 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 08:22 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 15:38 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amir20001\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\MAIET\\Gunz\\PGunZ\\Gunz.exe"=
"C:\\Program Files\\MAIET\\Gunz\\PGunZ\\Name Runnable.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\ShadowFlare\\ShadowFlare.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\ijji\\ENGLISH\\u_skid.exe"=
"C:\\Program Files\\DriftCity\\DriftCity.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amir20001\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\amir20001\\dark messiah might and magic dedicated server\\srcds.exe"=
"C:\\ijji\\ENGLISH\\u_goonzu.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Nexon\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP)
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"3135:TCP"= 3135:TCP:*:Disabled:SolidNetworkManager
"3135:UDP"= 3135:UDP:*:Disabled:SolidNetworkManager
"40454:TCP"= 40454:TCP:*:Disabled:SolidNetworkManager
"40454:UDP"= 40454:UDP:*:Disabled:SolidNetworkManager
"65375:TCP"= 65375:TCP:*:Disabled:SolidNetworkManager
"65375:UDP"= 65375:UDP:*:Disabled:SolidNetworkManager
"27019:TCP"= 27019:TCP:BitComet 27019 TCP
"27019:UDP"= 27019:UDP:BitComet 27019 UDP
"58475:TCP"= 58475:TCP:Pando P2P TCP Listening Port
"58475:UDP"= 58475:UDP:Pando P2P UDP Listening Port

R3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
R3 CIF USB CAMERA Service;CIF USB CAMERA;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2003-10-16 01:58]
R3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-16 16:13]
R3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 20:49]
R3 NTProcDrv;Process creation detector for NT.;C:\Documents and Settings\amir\My Documents\Downloads\Programs\NtProcDrv.sys []
R3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys []
R3 XDva032;XDva032;C:\WINDOWS\system32\XDva032.sys []
R3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
R3 XDva062;XDva062;C:\WINDOWS\system32\XDva062.sys []
R3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
R3 XDva099;XDva099;C:\WINDOWS\system32\XDva099.sys []
R3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []
R3 XDva114;XDva114;C:\WINDOWS\system32\XDva114.sys []
R3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys []
R3 XDva164;XDva164;C:\WINDOWS\system32\XDva164.sys []
R3 XDva167;XDva167;C:\WINDOWS\system32\XDva167.sys []
R3 XDva177;XDva177;C:\WINDOWS\system32\XDva177.sys []
R3 XDva186;XDva186;C:\WINDOWS\system32\XDva186.sys []
R3 XDva189;XDva189;C:\WINDOWS\system32\XDva189.sys []
S1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 02:23]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-08 18:17]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-08 18:17]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-07-27 16:07]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-25 22:55]
S3 XDva190;XDva190;C:\WINDOWS\system32\XDva190.sys []


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{041218f2-cf77-11dc-934e-00e04d04f1bf}]
\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{041218f7-cf77-11dc-934e-00e04d04f1bf}]
\Shell\AutoRun\command - H:\Setup.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-08-11 09:23:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-08-11 9:25:54
ComboFix-quarantined-files.txt 2008-08-11 13:24:51
ComboFix2.txt 2008-08-11 12:49:35
ComboFix3.txt 2008-08-08 22:09:44
ComboFix4.txt 2008-08-08 15:51:21

Pre-Run: 40,319,533,056 bytes free
Post-Run: 40,307,638,272 bytes free

289 --- E O F --- 2007-12-13 11:47:41

amir20001
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2008-08-08
Points Points : 30801
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Logfile check

Post by Belahzur on Mon Aug 11, 2008 1:37 pm

Looks good.
How's the computer running now compared to before we started cleaning?
I just want to point out that you are running AVG7, I advice you to update to AVG8.
[You must be registered and logged in to see this link.]

(No need to uninstall AVG7, AVG8 removes/overwrites it when you install it)
=====

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

Hopefully this should take care of your problems! Good luck. Big Grin

Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Logfile check

Post by amir20001 on Mon Aug 11, 2008 1:48 pm

ya it seems to be running faster thx a lot for the help
Thank You!

amir20001
Intermediate
Intermediate

Posts Posts : 83
Joined Joined : 2008-08-08
Points Points : 30801
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum