Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Am The Infected


  • This topic is locked This topic is locked
16 replies to this topic

#16 benjira

benjira
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 04 January 2008 - 10:30 PM

Here are my ComboFix Log Files



ComboFix 08-01-04.1 - Administrator 2008-01-04 21:06:42.1 - NTFSx86
Running from: C:\Documents and Settings\Administrator.BRUCEHOME\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-04 21:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOZE\NirCmd.exe
2008-01-04 17:10 . 2008-01-04 17:10 <DIR> d-------- C:\WINDOZE\ERUNT
2008-01-04 15:04 . 2008-01-04 18:07 1,043,860 ---hs---- C:\WINDOZE\system32\rexksnaq.ini
2008-01-04 12:34 . 2008-01-03 21:41 1,212,976 --a------ C:\SDFix.exe
2008-01-04 11:14 . 2008-01-04 11:14 <DIR> d-------- C:\Documents and Settings\Bruce\DoctorWeb
2008-01-04 08:34 . 2008-01-04 08:34 <DIR> d-------- C:\Documents and Settings\Administrator.BRUCEHOME\DoctorWeb
2008-01-04 08:29 . 2008-01-04 08:29 <DIR> d-------- C:\Program Files\CCleaner
2008-01-04 08:12 . 2008-01-04 08:16 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-01-04 01:58 . 2008-01-04 09:28 604 --a------ C:\WINDOZE\system32\tmp.reg
2008-01-04 01:56 . 2007-09-05 23:22 289,144 --a------ C:\WINDOZE\system32\VCCLSID.exe
2008-01-04 01:56 . 2006-04-27 16:49 288,417 --a------ C:\WINDOZE\system32\SrchSTS.exe
2008-01-04 01:56 . 2007-12-20 23:11 81,920 --a------ C:\WINDOZE\system32\IEDFix.exe
2008-01-04 01:56 . 2003-06-05 20:13 53,248 --a------ C:\WINDOZE\system32\Process.exe
2008-01-04 01:56 . 2004-07-31 17:50 51,200 --a------ C:\WINDOZE\system32\dumphive.exe
2008-01-04 01:56 . 2007-10-03 23:36 25,600 --a------ C:\WINDOZE\system32\WS2Fix.exe
2008-01-04 00:05 . 2008-01-04 00:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOZE\Application Data\SUPERAntiSpyware.com
2008-01-04 00:04 . 2008-01-04 01:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-04 00:04 . 2008-01-04 00:04 <DIR> d-------- C:\Documents and Settings\Administrator.BRUCEHOME\Application Data\SUPERAntiSpyware.com
2008-01-03 23:15 . 2008-01-04 11:01 <DIR> d-------- C:\VundoFix Backups
2008-01-03 20:39 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOZE\system32\dllcache\usbstor.sys
2008-01-03 19:18 . 2007-12-04 09:51 42,912 --a------ C:\WINDOZE\system32\drivers\aswTdi.sys
2008-01-03 19:18 . 2007-12-04 09:49 26,624 --a------ C:\WINDOZE\system32\drivers\aavmker4.sys
2008-01-03 19:18 . 2007-12-04 09:53 23,152 --a------ C:\WINDOZE\system32\drivers\aswRdr.sys
2008-01-03 19:17 . 2008-01-03 19:17 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-03 19:17 . 2003-03-18 16:20 1,060,864 --a------ C:\WINDOZE\system32\MFC71.dll
2008-01-03 19:17 . 2007-12-04 08:04 837,496 --a------ C:\WINDOZE\system32\aswBoot.exe
2008-01-03 19:17 . 2003-03-18 15:14 499,712 --a------ C:\WINDOZE\system32\MSVCP71.dll
2008-01-03 19:17 . 2004-01-09 04:13 380,928 --a------ C:\WINDOZE\system32\actskin4.ocx
2008-01-03 19:17 . 2003-02-20 22:42 348,160 --a------ C:\WINDOZE\system32\MSVCR71.dll
2008-01-03 19:17 . 2007-12-04 07:54 95,608 --a------ C:\WINDOZE\system32\AvastSS.scr
2008-01-03 19:17 . 2007-12-04 09:55 94,544 --a------ C:\WINDOZE\system32\drivers\aswmon2.sys
2008-01-03 19:17 . 2007-12-04 09:56 93,264 --a------ C:\WINDOZE\system32\drivers\aswmon.sys
2008-01-03 14:04 . 2008-01-03 14:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Avanquest
2008-01-03 09:35 . 2008-01-03 09:35 0 --a------ C:\WINDOZE\nsreg.dat
2008-01-03 03:09 . 2008-01-03 03:09 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Avanquest
2008-01-03 03:06 . 2008-01-03 03:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOZE\Application Data\BVRP Software
2008-01-03 03:05 . 2008-01-03 03:05 <DIR> dr-hs---- C:\_Backup.RC
2008-01-03 03:05 . 2008-01-03 03:05 <DIR> d--h----- C:\_Backup
2008-01-03 03:00 . 2008-01-03 03:00 <DIR> d-------- C:\Documents and Settings\Administrator.BRUCEHOME\Application Data\Avanquest
2008-01-03 02:59 . 2008-01-03 02:59 23,600 --a------ C:\WINDOZE\system32\drivers\TVICHW32.SYS
2008-01-03 02:56 . 2008-01-03 02:56 <DIR> d-------- C:\Program Files\Avanquest
2008-01-03 02:53 . 2008-01-03 23:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 02:37 . 2008-01-03 02:37 <DIR> d-------- C:\Program Files\Avance Sound Manager
2008-01-03 02:37 . 2002-06-29 18:05 654,508 --a------ C:\WINDOZE\system32\drivers\ALCXWDM.SYS
2008-01-03 02:37 . 2002-06-29 18:05 617,984 --a------ C:\WINDOZE\system32\ALSNDMGR.CPL
2008-01-03 02:37 . 2002-06-29 18:05 208,896 --------- C:\WINDOZE\alcupd.exe
2008-01-03 02:37 . 2002-06-29 18:05 141,016 --a------ C:\WINDOZE\system32\ALSNDMGR.WAV
2008-01-03 02:37 . 2002-06-29 18:05 135,168 --------- C:\WINDOZE\alcrmv.exe
2008-01-03 02:37 . 2002-06-29 18:05 46,592 --a------ C:\WINDOZE\SOUNDMAN.EXE
2008-01-03 02:37 . 2002-06-29 18:05 584 --------- C:\WINDOZE\system32\drivers\alcxinit.dat
2008-01-03 02:37 . 2002-06-29 18:05 164 --------- C:\WINDOZE\avrack.ini
2008-01-03 02:26 . 2008-01-03 02:26 559 --a------ C:\WINDOZE\PhotoImpression.ini
2008-01-03 02:25 . 2008-01-03 02:25 <DIR> d-------- C:\Documents and Settings\All Users.WINDOZE\Application Data\MSN6
2008-01-03 02:25 . 2008-01-03 02:25 <DIR> d-------- C:\Documents and Settings\Administrator.BRUCEHOME\Application Data\MSN6
2008-01-03 02:09 . 2008-01-03 02:09 <DIR> d-------- C:\Program Files\SiSoftware
2008-01-03 02:01 . 2005-06-21 16:43 163,840 --a------ C:\WINDOZE\system32\igfxres.dll
2008-01-03 02:00 . 2008-01-03 02:00 <DIR> d-------- C:\Documents and Settings\ADMINI~1~BRU\LOCALS~1
2008-01-03 01:07 . 2008-01-03 12:12 <DIR> d--h----- C:\WINDOZE\$hf_mig$
2008-01-03 01:07 . 2005-06-28 10:21 22,752 --a------ C:\WINDOZE\system32\spupdsvc.exe
2008-01-03 01:06 . 2008-01-03 01:06 13,646 --a------ C:\WINDOZE\system32\wpa.bak
2008-01-03 01:00 . 2008-01-03 01:10 <DIR> d-------- C:\Documents and Settings\All Users.WINDOZE\Application Data\Spybot - Search & Destroy
2007-12-29 11:39 . 2007-12-29 11:39 <DIR> d-------- C:\Temp\cEeer12

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
1/3/2008 18:50 --------- d-----w C:\Program Files\Norton AntiVirus
1/3/2008 18:49 --------- d-----w C:\Program Files\MSN Messenger
1/3/2008 18:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
1/3/2008 7:37 --------- d-----w C:\Program Files\AvRack
12/31/2007 17:17 --------- d-----w C:\Program Files\Lexmark X5100 Series
12/30/2007 23:04 --------- d-----w C:\Documents and Settings\Bruce\Application Data\Netscape
12/29/2007 18:01 --------- d-----w C:\Program Files\QuickTime
12/29/2007 18:01 --------- d-----w C:\Program Files\Microsoft Works
12/29/2007 17:08 --------- d-----w C:\Program Files\Plaxo
12/29/2007 16:41 --------- d-----w C:\Program Files\Picasa
12/29/2007 0:31 --------- d-----w C:\Documents and Settings\Bruce\Application Data\ZoomBrowser EX
12/15/2007 0:35 --------- d-----w C:\Program Files\BellSouth
12/9/2007 23:03 --------- d-----w C:\Documents and Settings\Bruce\Application Data\WeatherBug
12/6/2007 0:01 --------- d-----w C:\Program Files\Symantec
11/13/2007 10:25 20,480 #NAME? C:\WINDOZE\system32\drivers\secdrv.sys
10/29/2007 22:43 1,287,680 #NAME? C:\WINDOZE\system32\quartz.dll
10/27/2007 22:39 230,912 #NAME? C:\WINDOZE\system32\wmasf.dll
3/10/2007 21:51 9,436,018 #NAME? C:\Program Files\AutoGordianKnot.2.40.Setup.exe
2/19/2007 0:31 19,203,280 #NAME? C:\Program Files\nsb-install-8-1-2.exe
1/6/2007 14:30 4,766,808 #NAME? C:\Program Files\BellSouthMessengerSetup43.exe
11/30/2006 1:53 36,076,512 #NAME? C:\Program Files\NAV071400.exe
2/25/2006 22:55 3,910,704 #NAME? C:\Program Files\BellSouthMessengerSetup42.exe
12/15/2005 1:53 6,811,904 #NAME? C:\Program Files\psa2011se_us.exe
12/18/2004 0:16 1,951,432 #NAME? C:\Program Files\ppviewer.exe
11/20/2004 14:57 26,953,157 #NAME? C:\Program Files\NAV10ESD.exe
11/10/2004 0:56 487,544 #NAME? C:\Program Files\msgr6suite.exe
9/13/2003 2:45 603,943 #NAME? C:\Program Files\Pink Floyd.exe
9/13/2003 2:45 407,240 #NAME? C:\Program Files\Pink Floyd.scr
9/13/2003 2:45 40,960 #NAME? C:\Program Files\Pink Floyd.dll
9/13/2003 2:45 18,192 #NAME? C:\Program Files\Pink Floyd.dat
.
<pre>			
----a-w		   445,952 2007-12-31 16:36:57  C:\Documents and Settings\Administrator.BRUCEHOME\Desktop\bruces stuff\Lexmark X5100 Series\lxbabmgr .exe			
----a-w			79,224 2008-01-04 06:42:05  C:\Program Files\Alwil Software\Avast4\ashDisp .exe			
----a-w		   445,952 2007-12-31 16:36:57  C:\Program Files\Lexmark X5100 Series\lxbabmgr .exe			
----a-w		 1,694,208 2008-01-03 22:14:31  C:\Program Files\Messenger\msmsgs .exe			
----a-w			15,360 2008-01-03 01:59:01  C:\WINDOWS\system32\ctfmon .exe			
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22ee8a8a-49b8-4840-9ee0-81b3f6b47ec6}]
C:\WINDOZE\system32\uflxsuds.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray="C:\WINDOZE\system32\igfxtray.exe" [ ]
HotKeysCmds="C:\WINDOZE\system32\hkcmd.exe" [ ]
SoundMan="SOUNDMAN.EXE" [2002-06-29 18:05 46592 C:\WINDOZE\SOUNDMAN.EXE]
VirusScannerPro="C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe" [ ]
b06aa6a4="C:\WINDOZE\system32\qanskxer.dll" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R3 KFilter;KFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys [2007-09-05 10:54]
R3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\MailScan.sys [2007-09-11 02:32]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 21:22:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 21:29:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 02:28:55

BC AdBot (Login to Remove)

 


#17 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:09 PM

Posted 04 January 2008 - 11:02 PM

I have moved your Hijackthis log to the Misplaced HJT Logs forum. You posted your log in a forum not intended for these logs analysis.

Your log can be found here.

Please follow all directions that I posted as a reply to your log. Following these instructions will ensure that your hijackthis log is properly posted so it can be reviewed in a timely manner.

If you have any questions please respond in that thread. To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users