Combofix txt part 1

View previous topic View next topic Go down

Solved Combofix txt part 1

Post by darkromeo77 on Fri Nov 28, 2008 12:24 am

ComboFix 08-11-27.03 - Darkromeo 2008-11-27 18:43:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2268 [GMT -5:00]
Running from: c:\documents and settings\Darkromeo\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\BlueRoses\Application Data\gadcom
c:\documents and settings\BlueRoses\Application Data\gadcom\gadcom.exe
c:\documents and settings\BlueRoses\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\00314325.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0002AF80.bin
c:\program files\MyWebSearch\bar\Cache\0002AFED.bin
c:\program files\MyWebSearch\bar\Cache\0002B07A.bin
c:\program files\MyWebSearch\bar\Cache\0002B0C8.bin
c:\program files\MyWebSearch\bar\Cache\0002B183
c:\program files\MyWebSearch\bar\Cache\0007437F.bin
c:\program files\MyWebSearch\bar\Cache\00074F56.bin
c:\program files\MyWebSearch\bar\Cache\00075B2D.bin
c:\program files\MyWebSearch\bar\Cache\00076753.bin
c:\program files\MyWebSearch\bar\Cache\0007684D.bin
c:\program files\MyWebSearch\bar\Cache\000769F3
c:\program files\MyWebSearch\bar\Cache\00309282.bin
c:\program files\MyWebSearch\bar\Cache\00309457.bin
c:\program files\MyWebSearch\bar\Cache\0030A07C.bin
c:\program files\MyWebSearch\bar\Cache\0030A109.bin
c:\program files\MyWebSearch\bar\Cache\0030A186.bin
c:\program files\MyWebSearch\bar\Cache\00F20035
c:\program files\MyWebSearch\bar\Cache\013BD42C
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Search\COMMON.F3S
c:\program files\MyWebSearch\bar\Search\COMMON\bd_grad.gif
c:\program files\MyWebSearch\bar\Search\COMMON\center.htm
c:\program files\MyWebSearch\bar\Search\COMMON\index.htm
c:\program files\MyWebSearch\bar\Search\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Search\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Search\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Search\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Search\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Search\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\program files\screensavers.com
c:\program files\screensavers.com\SSSInst\bin\SSSInst.dll
c:\program files\screensavers.com\SSSInst\bin\SSSUninst.exe
c:\program files\screensavers.com\Wallpaper\Land of the Dead.jpg
c:\program files\screensavers.com\Wallpaper\swpstart.exe
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\cwhjafqg.dll
c:\windows\system32\drivers\core.cache(2).dsk
c:\windows\system32\drivers\core.cache(3).dsk
c:\windows\system32\drivers\core.cache(4).dsk
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\gqfajhwc.ini
c:\windows\system32\gxtbji(2).dll
c:\windows\system32\hgGAQjHy.dll
c:\windows\system32\ilirlg.dll
c:\windows\system32\kxuifusq.dll
c:\windows\system32\liaynocu.dll
c:\windows\system32\prunnet.exe
c:\windows\system32\pulamiwa.dll
c:\windows\system32\rtavqwpg.dll
c:\windows\system32\siludodi.dll
c:\windows\system32\tinqfz.dll
c:\windows\system32\uconyail.ini
c:\windows\system32\vakumene.dll
c:\windows\system32\yHjQAGgh.ini
c:\windows\system32\yHjQAGgh.ini2
c:\windows\system32\drivers\core.cache.dsk . . . . failed to delete

darkromeo77
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-11-27
OS OS : Windows XP
Points Points : 29319
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Combofix txt part 1

Post by Belahzur on Fri Nov 28, 2008 12:25 am

The log got cut off, please post the rest.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved combofix part 2

Post by darkromeo77 on Fri Nov 28, 2008 12:28 am

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.

2008-11-27 18:56 . 2008-11-27 18:56 318,464 --a------ c:\windows\system32\xxywWPiH.dll
2008-11-27 18:56 . 2008-11-27 19:00 343 --ahs---- c:\windows\system32\HiPWwyxx.ini2
2008-11-27 18:56 . 2008-11-27 19:01 343 --ahs---- c:\windows\system32\HiPWwyxx.ini
2008-11-27 18:54 . 2008-11-27 18:54 d-------- c:\temp\tn3
2008-11-27 18:54 . 2008-11-27 18:54 144,239 --------- c:\windows\system32\drivers\core.cache.dsk
2008-11-27 18:29 . 2008-11-27 18:29 0 --a------ c:\windows\LCDMedia.INI
2008-11-27 10:30 . 2008-11-27 10:30 32,768 --a------ c:\windows\system32\opnnKcCv.dll
2008-11-24 20:53 . 2008-11-24 20:53 32,768 --a------ c:\windows\system32\ddcCSKcd.dll
2008-11-24 20:47 . 2008-11-24 20:47 d-------- c:\program files\iPod
2008-11-24 20:47 . 2008-11-24 21:09 d-------- c:\documents and settings\BlueRoses\Application Data\NI.GSCNS
2008-11-24 20:47 . 2008-11-24 20:48 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\windows\system32\vba
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\windows\system32\PIX
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\windows\system32\mp2
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\windows\system32\IO2
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\windows\system32\FND
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\temp\FT62
2008-11-24 20:39 . 2008-11-24 20:39 86,272 --a------ c:\windows\system32\drivers\diskdumpp.sys
2008-11-24 20:38 . 2008-11-27 18:54 d-------- C:\Temp
2008-11-24 20:38 . 2008-11-24 20:38 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-24 20:38 . 2008-11-24 20:38 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-24 20:38 . 2008-11-24 20:38 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-12 00:41 . 2008-11-12 00:41 d-------- c:\program files\MSXML 4.0
2008-11-11 23:54 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 23:54 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 12:16 . 2008-11-10 12:16 d-------- c:\program files\Common Files\Python
2008-11-10 12:16 . 2001-10-19 12:18 708,696 --a------ c:\windows\system32\python21.dll
2008-11-10 12:16 . 2001-10-19 12:18 290,919 --a------ c:\windows\system32\pythoncom21.dll
2008-11-10 12:16 . 2001-10-19 12:19 57,344 --a------ c:\windows\system32\PyWinTypes21.dll
2008-11-10 12:14 . 2008-11-10 12:14 d-------- c:\program files\SEIKO EPSON Corp
2008-11-10 12:14 . 1999-06-15 11:31 96,768 --a------ c:\windows\SlantAdj.dll
2008-11-10 12:14 . 1999-12-07 02:03 73,216 --a------ c:\windows\ADE.DLL
2008-11-10 12:14 . 1999-04-27 00:17 3,136 --a------ c:\windows\Ade001.bin
2008-11-10 12:14 . 2000-09-08 13:31 72 --a------ c:\windows\system32\epDPE.ini
2008-11-10 12:13 . 2008-11-10 12:16 d-------- c:\program files\Smart Panel
2008-11-10 12:11 . 2008-11-10 12:19 d-------- c:\program files\EPSON
2008-11-06 22:06 . 2008-11-06 22:06 d-------- c:\documents and settings\BlueRoses\Application Data\Kodak
2008-11-01 07:33 . 2008-11-01 11:02 739,702,024 --a------ C:\nice_hardware_big.wmv
2008-10-28 07:21 . 2008-10-28 07:36 374,145,917 --a------ C:\power_pumper_big.wmv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 23:56 --------- d-----w c:\documents and settings\Darkromeo\Application Data\Upromise__RemindU
2008-11-27 15:19 --------- d-----w c:\documents and settings\BlueRoses\Application Data\Upromise__RemindU
2008-11-26 08:03 --------- d-----w c:\program files\QuickTime
2008-11-25 16:49 --------- d-----w c:\program files\Norton Security Scan
2008-11-25 01:48 --------- d-----w c:\program files\iTunes
2008-11-25 01:47 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 01:34 --------- d-----w c:\program files\Safari
2008-11-13 12:29 --------- d-----w c:\program files\World of Warcraft
2008-11-10 17:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 00:50 --------- d-----w c:\documents and settings\BlueRoses\Application Data\Move Networks
2008-11-07 03:00 --------- d-----w c:\program files\Kodak
2008-10-31 05:55 --------- d-----w c:\program files\AIM6
2008-10-31 05:55 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-10 10:02 --------- d-----w c:\program files\DivX
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-01 17:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-27 01:23 --------- d-----w c:\program files\AIM
2008-09-20 00:51 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:14 118,520 ----a-w c:\windows\system32\pxinsi64.exe
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 06:37 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 14:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-07-26 23:03 670 ----a-w c:\documents and settings\BlueRoses\Application Data\wklnhst.dat
2008-05-26 13:27 140 ----a-w c:\documents and settings\Darkromeo\Application Data\wklnhst.dat
2006-04-01 03:48 61,224 ----a-w c:\documents and settings\Darkromeo\GoToAssistDownloadHelper.exe
2007-08-19 21:51 88 --sh--r c:\windows\system32\323EA30520.sys
2007-08-19 21:51 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43F66344-5C63-4CDE-89F7-0DFF617D1B2F}]
2008-11-27 18:56 318464 --a------ c:\windows\system32\xxywWPiH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-11-24 20:53 32768 --a------ c:\windows\system32\ddcCSKcd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4ef8ba9-317a-413e-8873-05e7660c1ad3}]
2008-11-27 19:02 129024 --a------ c:\windows\system32\stkhox.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2005-11-02 188928]
"uprom"="c:\program files\Upromise__RemindU\UpromiseRemindUv.exe" [2007-05-22 263712]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-19 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"CTHelper"="CTHELPER.EXE" [2005-11-08 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 c:\windows\system32\CTXFIHLP.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-05-29 5419008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ZboardTray"="c:\program files\Ideazon\Zboard Software\Driver\ZboardTray.exe" [2005-05-02 380928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-11 114688]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 151552]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-01-05 528384]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2006-12-26 1073152]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\ddcCSKcd.dll" [2008-11-24 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2006-03-31 22:49 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCSKcd]
2008-11-24 20:53 32768 c:\windows\system32\ddcCSKcd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
2003-09-03 06:14 49152 c:\windows\system32\Winlognotif.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\xxywWPiH

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

darkromeo77
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-11-27
OS OS : Windows XP
Points Points : 29319
# Likes # Likes : 0

View user profile

Back to top Go down

Solved combofix part 3

Post by darkromeo77 on Fri Nov 28, 2008 12:29 am

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\TSC.EXE"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 diskdumpp;diskdumpp;c:\windows\system32\drivers\diskdumpp.sys [2008-11-24 86272]
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-09-26 1096192]
S3 GoToAssist;GoToAssist;"c:\program files\Citrix\GoToAssist\514\g2aservice.exe" Start=service [2006-03-31 16680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eaca438-0bfb-11dd-8295-001372e63a46}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2008-10-24 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{12664344-1259-4897-A048-22C1693B3947} - c:\windows\system32\hgGAQjHy.dll
BHO-{45cac5f9-dc11-4d7a-bf9d-9d536d4f0c5e} - c:\windows\system32\towefuzu.dll
Toolbar-{52c8ded3-bf84-40c3-8411-c93238bc3127} - (no file)
WebBrowser-{52C8DED3-BF84-40C3-8411-C93238BC3127} - (no file)
HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKLM-Run-prunnet - c:\windows\system32\prunnet.exe
HKLM-Run-NI.GSCNS - c:\docume~1\BLUERO~1\LOCALS~1\Temp\winvsnet.tmp


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Darkromeo\Application Data\Mozilla\Firefox\Profiles\ta38fmrr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - [You must be registered and logged in to see this link.]
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-27 18:55:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...


c:\windows\system32\HiPWwyxx.ini 343 bytes
c:\windows\system32\HiPWwyxx.ini2 343 bytes
c:\windows\system32\xxywWPiH.dll 318464 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\system32\ddcCSKcd.dll

- - - - - - - > 'explorer.exe'(3684)
c:\program files\Logitech\SetPoint\KEMHook.dll
c:\windows\system32\oleivnnd.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe
c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\CTXFISPI.EXE
c:\program files\Logitech\G-series Software\Applets\LCDClock.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\rundll32.exe
c:\program files\Upromise__RemindU\up.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\progra~1\TRENDM~1\INTERN~1\TSC.EXE
.
**************************************************************************
.
Completion time: 2008-11-27 19:06:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-28 00:06:22

Pre-Run: 123,406,004,224 bytes free
Post-Run: 125,815,820,288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

460 --- E O F --- 2008-11-12 05:44:38

darkromeo77
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-11-27
OS OS : Windows XP
Points Points : 29319
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Combofix txt part 1

Post by Belahzur on Fri Nov 28, 2008 12:37 am

Looking better, but still some malware to get rid of.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\xxywWPiH.dll
c:\windows\system32\HiPWwyxx.ini2
c:\windows\system32\HiPWwyxx.ini
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\opnnKcCv.dll
c:\windows\system32\ddcCSKcd.dll
c:\windows\system32\stkhox.dll

Folder::
c:\program files\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43F66344-5C63-4CDE-89F7-0DFF617D1B2F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4ef8ba9-317a-413e-8873-05e7660c1ad3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCSKcd]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"="msv1_0"
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved New combofix log part 1

Post by darkromeo77 on Fri Nov 28, 2008 1:06 am

ComboFix 08-11-27.03 - Darkromeo 2008-11-27 19:47:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2269 [GMT -5:00]
Running from: c:\documents and settings\Darkromeo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Darkromeo\Desktop\CFscript.txt.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\windows\system32\ddcCSKcd.dll
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\HiPWwyxx.ini
c:\windows\system32\HiPWwyxx.ini2
c:\windows\system32\opnnKcCv.dll
c:\windows\system32\stkhox.dll
c:\windows\system32\xxywWPiH.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0306003B.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\MTS3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
c:\temp\tn3
c:\windows\system32\ddcCSKcd.dll
c:\windows\system32\dnnvielo.ini
c:\windows\system32\dxqvqrqr.dll
c:\windows\system32\HiPWwyxx.ini
c:\windows\system32\HiPWwyxx.ini2
c:\windows\system32\oleivnnd.dll
c:\windows\system32\opnnKcCv.dll
c:\windows\system32\stkhox.dll
c:\windows\system32\xxywWPiH.dll
c:\windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-27 19:54 . 2008-11-27 19:54 d-------- c:\temp\tn3
2008-11-27 19:53 . 2008-11-27 19:53 932 --------- c:\windows\system32\drivers\core.cache.dsk
2008-11-27 18:29 . 2008-11-27 18:29 0 --a------ c:\windows\LCDMedia.INI
2008-11-24 20:47 . 2008-11-24 20:47 d-------- c:\program files\iPod
2008-11-24 20:47 . 2008-11-24 21:09 d-------- c:\documents and settings\BlueRoses\Application Data\NI.GSCNS
2008-11-24 20:47 . 2008-11-24 20:48 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\windows\system32\vba
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\windows\system32\PIX
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\windows\system32\mp2
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\windows\system32\IO2
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\windows\system32\FND
2008-11-24 20:39 . 2008-11-24 20:39 d-------- c:\temp\FT62
2008-11-24 20:39 . 2008-11-24 20:39 86,272 --a------ c:\windows\system32\drivers\diskdumpp.sys
2008-11-24 20:38 . 2008-11-27 19:54 d-------- C:\Temp
2008-11-24 20:38 . 2008-11-24 20:38 115,016 --a------ c:\windows\system32\MSINET.OCX
2008-11-24 20:38 . 2008-11-24 20:38 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-24 20:38 . 2008-11-24 20:38 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-12 00:41 . 2008-11-12 00:41 d-------- c:\program files\MSXML 4.0
2008-11-11 23:54 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 23:54 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 12:16 . 2008-11-10 12:16 d-------- c:\program files\Common Files\Python
2008-11-10 12:16 . 2001-10-19 12:18 708,696 --a------ c:\windows\system32\python21.dll
2008-11-10 12:16 . 2001-10-19 12:18 290,919 --a------ c:\windows\system32\pythoncom21.dll
2008-11-10 12:16 . 2001-10-19 12:19 57,344 --a------ c:\windows\system32\PyWinTypes21.dll
2008-11-10 12:14 . 2008-11-10 12:14 d-------- c:\program files\SEIKO EPSON Corp
2008-11-10 12:14 . 1999-06-15 11:31 96,768 --a------ c:\windows\SlantAdj.dll
2008-11-10 12:14 . 1999-12-07 02:03 73,216 --a------ c:\windows\ADE.DLL
2008-11-10 12:14 . 1999-04-27 00:17 3,136 --a------ c:\windows\Ade001.bin
2008-11-10 12:14 . 2000-09-08 13:31 72 --a------ c:\windows\system32\epDPE.ini
2008-11-10 12:13 . 2008-11-10 12:16 d-------- c:\program files\Smart Panel
2008-11-10 12:11 . 2008-11-10 12:19 d-------- c:\program files\EPSON
2008-11-06 22:06 . 2008-11-06 22:06 d-------- c:\documents and settings\BlueRoses\Application Data\Kodak
2008-11-01 07:33 . 2008-11-01 11:02 739,702,024 --a------ C:\nice_hardware_big.wmv
2008-10-28 07:21 . 2008-10-28 07:36 374,145,917 --a------ C:\power_pumper_big.wmv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 00:56 --------- d-----w c:\documents and settings\Darkromeo\Application Data\Upromise__RemindU
2008-11-27 15:19 --------- d-----w c:\documents and settings\BlueRoses\Application Data\Upromise__RemindU
2008-11-26 08:03 --------- d-----w c:\program files\QuickTime
2008-11-25 16:49 --------- d-----w c:\program files\Norton Security Scan
2008-11-25 01:48 --------- d-----w c:\program files\iTunes
2008-11-25 01:47 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 01:34 --------- d-----w c:\program files\Safari
2008-11-13 12:29 --------- d-----w c:\program files\World of Warcraft
2008-11-10 17:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-08 00:50 --------- d-----w c:\documents and settings\BlueRoses\Application Data\Move Networks
2008-11-07 03:00 --------- d-----w c:\program files\Kodak
2008-10-31 05:55 --------- d-----w c:\program files\AIM6
2008-10-31 05:55 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-15 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-10 10:02 --------- d-----w c:\program files\DivX
2008-10-01 17:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-07-26 23:03 670 ----a-w c:\documents and settings\BlueRoses\Application Data\wklnhst.dat
2008-05-26 13:27 140 ----a-w c:\documents and settings\Darkromeo\Application Data\wklnhst.dat
2006-04-01 03:48 61,224 ----a-w c:\documents and settings\Darkromeo\GoToAssistDownloadHelper.exe
2007-08-19 21:51 88 --sh--r c:\windows\system32\323EA30520.sys
2007-08-19 21:51 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 176201]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2005-11-02 188928]
"uprom"="c:\program files\Upromise__RemindU\UpromiseRemindUv.exe" [2007-05-22 263712]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-19 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"CTHelper"="CTHELPER.EXE" [2005-11-08 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 c:\windows\system32\CTXFIHLP.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 c:\windows\stsystra.exe]

darkromeo77
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-11-27
OS OS : Windows XP
Points Points : 29319
# Likes # Likes : 0

View user profile

Back to top Go down

Solved New Combofix Log Part 2

Post by darkromeo77 on Fri Nov 28, 2008 1:07 am

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-05-29 5419008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ZboardTray"="c:\program files\Ideazon\Zboard Software\Driver\ZboardTray.exe" [2005-05-02 380928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-11 114688]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-07-22 151552]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-01-05 528384]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2006-12-26 1073152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2006-03-31 22:49 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
2003-09-03 06:14 49152 c:\windows\system32\Winlognotif.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_SZ msv1_0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\TSC.EXE"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 diskdumpp;diskdumpp;c:\windows\system32\drivers\diskdumpp.sys [2008-11-24 86272]
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-09-26 1096192]
S3 GoToAssist;GoToAssist;"c:\program files\Citrix\GoToAssist\514\g2aservice.exe" Start=service [2006-03-31 16680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eaca438-0bfb-11dd-8295-001372e63a46}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2008-10-24 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-11-27 19:54:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe
c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe
c:\windows\system32\dllhost.exe
c:\program files\Ideazon\Zboard Software\Driver\Zboard.exe
c:\windows\system32\CTXFISPI.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\Logitech\G-series Software\Applets\LCDMedia.exe
c:\program files\Logitech\G-series Software\Applets\LCDClock.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Upromise__RemindU\up.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2008-11-27 20:03:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-28 01:03:07
ComboFix2.txt 2008-11-28 00:06:41

Pre-Run: 126,320,459,776 bytes free
Post-Run: 126,311,903,232 bytes free

281 --- E O F --- 2008-11-12 05:44:38

darkromeo77
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-11-27
OS OS : Windows XP
Points Points : 29319
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Combofix txt part 1

Post by Belahzur on Fri Nov 28, 2008 1:10 am

One file left, CF can't delete it.
This will be able to though.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to delete:
c:\windows\system32\drivers\core.cache.dsk

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Don't tick the box below.
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Avenger txt

Post by darkromeo77 on Fri Nov 28, 2008 1:29 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\drivers\core.cache.dsk" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

darkromeo77
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-11-27
OS OS : Windows XP
Points Points : 29319
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Fresh HJT

Post by darkromeo77 on Fri Nov 28, 2008 1:30 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:07 PM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Upromise__RemindU\UpromiseRemindUv.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Upromise__RemindU\up.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Darkromeo\Desktop\HiJackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [uprom] "C:\Program Files\Upromise__RemindU\UpromiseRemindUv.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Search - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: RemindU - [You must be registered and logged in to see this link.] and Settings\Darkromeo\Application Data\Upromise__RemindU\uprot\uproC5.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O9 - Extra button: RemindU - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - [You must be registered and logged in to see this link.] and Settings\Darkromeo\Application Data\Upromise__RemindU\uprot\uproC5.htm (HKCU)
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 14214 bytes

darkromeo77
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-11-27
OS OS : Windows XP
Points Points : 29319
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Popups

Post by darkromeo77 on Fri Nov 28, 2008 1:31 am

Still getting popups though. Any program you recomend to help with this or to keep problem from recurring?

darkromeo77
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-11-27
OS OS : Windows XP
Points Points : 29319
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Combofix txt part 1

Post by Belahzur on Fri Nov 28, 2008 3:52 pm

I'm curious as to why Zboard software needs to use the policies key.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)


  • Press "Fix Checked"
  • Close Hijack This.


Do you know what Zboard software is?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Combofix txt part 1

Post by darkromeo77 on Sat Nov 29, 2008 4:35 am

Zboard software was for my gaming keyboard that I no longer use. Used it for warcraft for a short while. The keyboard enables you to swap out keysets for different games.

darkromeo77
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-11-27
OS OS : Windows XP
Points Points : 29319
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Combofix txt part 1

Post by Belahzur on Sat Nov 29, 2008 1:33 pm

Okay, please delete this folder:
C:\Program Files\Ideazon

What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Popups

Post by darkromeo77 on Sat Nov 29, 2008 9:34 pm

Still getting many popups that are becoming a real nuisance.

darkromeo77
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-11-27
OS OS : Windows XP
Points Points : 29319
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Combofix txt part 1

Post by Belahzur on Sat Nov 29, 2008 10:02 pm

Hello.
Have you installed any of these programs recently?

* Go-astro
* GoRecord
* HotTVPlayer
* Instant Access
* MailSkinner
* Messenger Skinner
* Instant Access
* Internet GameBox
* Sudoplanet
* Webmediaplayer


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Combofix txt part 1

Post by Belahzur on Sat Nov 29, 2008 10:27 pm

Please download Navilog1 by IL-MAFIOSO:
[You must be registered and logged in to see this link.]

* Extract its contents to the desktop.
* Double click on navilog1.exe to install it on your computer.
* When the installation is complete, the tool will start automatically.
* If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.
* Press E for English from the language Menu.
* Type 1 in the next Menu to select Search and press Enter.
* Wait for the Scan to finish (It may take a reasonable amount of time)
* Press any key as requested .
* A new document will be produced: fixnavi.txt.
* Please copy/paste the contents of this report in your next reply.


The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved fixnavilog

Post by darkromeo77 on Mon Dec 01, 2008 3:08 am

Search Navipromo version 3.6.9 began on Sun 11/30/2008 at 21:47:53.20

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Actual User Account : "Darkromeo"

Updated on 05.11.2008 at 21h00 by IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 7.0.5730.11
Filesystem type : NTFS

Search done in normal mode

*** Searching for installed Software ***


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Program Files" ***


*** Search folders in "C:\Documents and Settings\All Users\startm~1\programs" ***


*** Search folders in "C:\Documents and Settings\All Users\startm~1" ***


*** Search folders in "c:\docume~1\alluse~1\applic~1" ***


*** Search folders in "C:\Documents and Settings\Darkromeo\applic~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\BLUERO~1\applic~1" ***


*** Search folders in "C:\Documents and Settings\Darkromeo\locals~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Search folders in "C:\DOCUME~1\BLUERO~1\locals~1\applic~1" ***


*** Search folders in "C:\Documents and Settings\Darkromeo\startm~1\programs" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***


*** Search folders in "C:\DOCUME~1\BLUERO~1\startm~1\programs" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : [You must be registered and logged in to see this link.]



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\Darkromeo\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Scan in "C:\DOCUME~1\BLUERO~1\locals~1\applic~1" *



*** Search files ***



*** Search specific Registry keys ***


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\Darkromeo\locals~1\applic~1" :


* In "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* In "C:\DOCUME~1\BLUERO~1\locals~1\applic~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :



*** Search completed on Sun 11/30/2008 at 22:06:08.70 ***

darkromeo77
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-11-27
OS OS : Windows XP
Points Points : 29319
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Combofix txt part 1

Post by Belahzur on Mon Dec 01, 2008 12:40 pm

Darn.
It's not navipromo.

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Scan report

Post by darkromeo77 on Tue Dec 02, 2008 4:23 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 1, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 01, 2008 18:39:03
Records in database: 1429900
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 106692
Threat name: 27
Infected objects: 50
Suspicious objects: 0
Duration of the scan: 01:44:18


File name / Threat name / Threats count
C:\Program Files\Upromise__RemindU\up.exe/C:\Program Files\Upromise__RemindU\up.exe Infected: not-a-virus:AdWare.Win32.WebRebates.x 1
C:\Documents and Settings\BlueRoses\Shared\spin me right round dope.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Darkromeo\Local Settings\Temp\lhsvXreV.exe Infected: not-a-virus:AdWare.Win32.BHO.efr 1
C:\Documents and Settings\Darkromeo\Local Settings\Temp\sSBVbpEe.exe Infected: Worm.Win32.Pinit.gen 1
C:\Documents and Settings\Darkromeo\Local Settings\Temporary Internet Files\Content.IE5\T0H76C0T\placeholder-1327327-527140254[1].htm Infected: Trojan-Downloader.JS.Psyme.amg 1
C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\12.tmp Infected: EICAR-Test-File 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1D.tmp Infected: Trojan-Downloader.Win32.Agent.aoep 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1E.tmp Infected: Trojan-Downloader.Win32.Agent.aoep 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\227.tmp Infected: Trojan-Downloader.Win32.Agent.aoep 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\CC.tmp Infected: EICAR-Test-File 1
C:\Program Files\Upromise__RemindU\up.exe Infected: not-a-virus:AdWare.Win32.WebRebates.x 1
C:\Qoobox\Quarantine\C\Documents and Settings\BlueRoses\Application Data\gadcom\gadcom.exe.vir Infected: Trojan.Win32.Agent.aorq 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.af 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aq 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.at 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ad 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ba 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.as 1
C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll.vir Infected: not-a-virus:AdWare.Win32.Comet.ac 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dxqvqrqr.dll.vir Infected: Backdoor.Win32.Aimbot.jn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\oleivnnd.dll.vir Infected: Trojan.Win32.Monder.aann 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir Infected: Trojan.Win32.VB.hbm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\stkhox.dll.vir Infected: Backdoor.Win32.Aimbot.jn 1
C:\WINDOWS\system32\getwn32.dll Infected: not-a-virus:AdWare.Win32.BHO.efk 1
C:\WINDOWS\system32\IO2\FES9U13.exe Infected: not-a-virus:AdWare.Win32.WebHancer.f 1
C:\WINDOWS\system32\IO2\FES9U13.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
C:\WINDOWS\system32\TDSSxfum.dll Infected: Trojan.Win32.Agent.arvz 1
C:\WINDOWS\system32\twext.exe Infected: Worm.Win32.Pinit.gen 1
C:\WINDOWS\system32\uesiuqcr.exe Infected: not-a-virus:AdWare.Win32.BHO.efr 1
C:\WINDOWS\system32\wertyu.dll Infected: not-a-virus:AdWare.Win32.BHO.efr 1

The selected area was scanned.

darkromeo77
Novice
Novice

Posts Posts : 25
Joined Joined : 2008-11-27
OS OS : Windows XP
Points Points : 29319
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Combofix txt part 1

Post by Doctor Inferno on Tue Dec 09, 2008 2:36 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104584
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum