Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pcsecutiry Lab


  • This topic is locked This topic is locked
3 replies to this topic

#1 Sagi

Sagi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 10 January 2008 - 10:10 PM

Hi! My computer got infected with PCsecurity lab or dio cleaner. I later got rid of it by running hijackThis and ad-aware programs. But, my computer is behaving quite strange. I am sure there are several spywares and malwares and viruses. I just ran Combofix. Here is the log. Can anybody help please?

----------------------
ComboFix 08-01-04.1 - Owner 2008-01-10 20:50:13.9 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\Owner\Application Data\ICROSO~1.NET
C:\Documents and Settings\Pallavi\Application Data\macromedia\Flash Player\#SharedObjects\BQL2WQPU\www.broadcaster.com
C:\Documents and Settings\Pallavi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Program Files\akl
C:\Program Files\amsys
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\e-zshopper
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Logitech\Video\ISStart.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\p2pnetworks
C:\Program Files\Spruce
C:\Program Files\sstem~1
C:\Program Files\sstem~1\s?stem\
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Temp\1cb
C:\temp\tn3
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\default.htm
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\BELKIN\F5D5050\PostCopy.exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\kkdsrngr.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qomjjig.dll
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini2
C:\WINDOWS\system32\qwinlldq.exe
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturq.exe
c:\WINDOWS\System32\ZoomingHook.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\core
-------\DomainService
-------\Network Monitor




((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-10 20:40 . 2008-01-10 20:40 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-10 13:30 . 2004-08-04 07:00 450,794 -ra------ C:\txtsetup.sif
2008-01-10 13:30 . 2004-08-04 07:00 260,272 -ra------ C:\$LDR$
2008-01-10 13:30 . 2008-01-09 21:59 211 --ahs---- C:\BOOT.BAK
2008-01-09 22:25 . 2004-08-04 07:00 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2008-01-09 22:25 . 2004-08-04 07:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2008-01-09 22:25 . 2004-08-04 07:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-01-09 22:22 . 2004-08-04 07:00 131,584 --a--c--- C:\WINDOWS\system32\dllcache\pmxviceo.dll
2008-01-09 22:21 . 2004-08-04 07:00 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
2008-01-09 22:17 . 2004-08-04 07:00 101,888 --a--c--- C:\WINDOWS\system32\dllcache\evntagnt.dll
2008-01-09 22:16 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-09 22:15 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2008-01-09 22:15 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2008-01-09 22:15 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2008-01-09 22:11 . 2008-01-09 22:11 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-09 22:10 . 2008-01-09 22:10 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-09 22:10 . 2008-01-09 22:10 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-09 22:10 . 2008-01-09 22:10 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-09 22:10 . 2008-01-09 22:10 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-09 22:09 . 2004-08-04 07:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-01-09 22:09 . 2004-08-04 07:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-01-09 22:09 . 2004-08-04 07:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-01-09 22:09 . 2004-08-04 07:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-01-09 22:07 . 2004-08-04 07:00 172,032 --a--c--- C:\WINDOWS\system32\dllcache\icwhelp.dll
2008-01-09 22:07 . 2004-08-04 07:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwconn.dll
2008-01-09 22:07 . 2004-08-04 07:00 49,152 --a--c--- C:\WINDOWS\system32\dllcache\icwutil.dll
2008-01-09 22:07 . 2004-08-04 07:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll
2008-01-09 22:07 . 2004-08-04 07:00 24,576 --a--c--- C:\WINDOWS\system32\dllcache\icwrmind.exe
2008-01-09 22:07 . 2004-08-04 07:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe
2008-01-09 22:06 . 2004-08-04 07:00 214,528 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-01-09 22:06 . 2004-08-04 07:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe
2008-01-09 22:06 . 2004-08-04 07:00 38,912 --a--c--- C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-01-09 22:06 . 2004-08-04 07:00 18,432 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2008-01-09 22:05 . 2004-08-04 07:00 93,184 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2008-01-09 21:59 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-01-09 21:59 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-01-09 21:59 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-01-09 21:59 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-01-09 21:57 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-01-09 21:54 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-01-09 21:52 . 2008-01-09 21:52 34 --a------ C:\WINDOWS\system\oeminfo.ini
2008-01-09 21:37 . 2004-08-04 07:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-01-09 21:37 . 2004-08-04 07:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-01-09 21:37 . 2004-08-04 07:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-01-09 21:37 . 2004-08-04 07:00 16,254 --a------ C:\WINDOWS\system32\PINTLPAE.HLP
2008-01-09 21:37 . 2004-08-04 07:00 14,821 --a------ C:\WINDOWS\system32\PINTLPAD.HLP
2008-01-09 21:37 . 2004-08-04 07:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-01-09 21:37 . 2004-08-04 07:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-01-05 21:03 . 2004-08-19 17:57 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-05 21:03 . 2004-08-19 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-01-05 21:03 . 2004-08-19 19:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-05 21:03 . 2004-08-25 17:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
2008-01-05 21:03 . 2004-08-19 19:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-01-03 20:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 12:36 . 2008-01-01 12:36 0 --a------ C:\WINDOWS\TPTray .INI
2007-12-31 09:44 . 2007-12-31 09:44 0 --a------ C:\WINDOWS\CeEKey .INI
2007-12-28 14:04 . 2007-12-28 14:04 <DIR> d-------- C:\Documents and Settings\Pallavi\Application Data\Sonic
2007-12-28 00:42 . 2008-01-09 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-27 08:21 . 2008-01-10 07:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-26 22:52 . 2007-12-26 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-26 22:51 . 2007-12-26 22:51 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-12-26 22:47 . 2007-12-27 07:53 <DIR> d--hs---- C:\WINDOWS\T3duZXI
2007-12-26 22:47 . 2007-12-29 23:06 <DIR> d-------- C:\WINDOWS\system32\to9
2007-12-26 22:47 . 2007-12-29 23:06 <DIR> d-------- C:\WINDOWS\system32\dj2
2007-12-26 22:47 . 2007-12-27 07:53 <DIR> d-------- C:\WINDOWS\system32\bbc9
2007-12-26 22:47 . 2007-12-26 22:47 <DIR> d-------- C:\WINDOWS\system32\ardCo02
2007-12-26 22:47 . 2007-12-26 22:47 <DIR> d-------- C:\Temp\cEeer12
2007-12-26 22:47 . 2008-01-10 20:26 <DIR> d-------- C:\Temp
2007-12-16 00:49 . 2007-12-16 00:49 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-15 03:37 . 2003-05-24 03:13 270,336 --a------ C:\WINDOWS\system32\PlugPlayPCIDevice.exe
2007-12-15 03:37 . 2004-02-19 16:35 163,840 --a------ C:\WINDOWS\system32\MFCFirstRemove.exe
2007-12-15 03:37 . 2004-04-23 11:06 32,768 --a------ C:\WINDOWS\system32\RmWLAN.exe
2007-12-15 03:37 . 2004-02-17 18:14 32,768 --a------ C:\WINDOWS\system32\CloseACU.exe
2007-12-15 03:37 . 2004-06-10 11:03 28,672 --a------ C:\WINDOWS\system32\InstallInf.exe
2007-12-15 03:37 . 2002-12-03 15:10 766 --a------ C:\WINDOWS\system32\AddRemove.ico
2007-12-15 03:27 . 2004-02-22 18:01 192,512 --a------ C:\WINDOWS\system32\AdavVideoDec.dll
2007-12-15 03:27 . 2003-12-18 09:03 126,976 --a------ C:\WINDOWS\system32\AdavAudioDec.dll
2007-12-15 03:27 . 2004-02-26 10:34 110,592 --a------ C:\WINDOWS\system32\ArcSpl.ax
2007-12-15 03:27 . 2004-02-22 18:01 48,128 --a------ C:\WINDOWS\system32\mpgvideo.ax
2007-12-15 03:27 . 2003-12-18 09:03 47,616 --a------ C:\WINDOWS\system32\mpgaudio.ax
2007-12-15 03:21 . 2002-09-29 10:56 139,264 --a------ C:\WINDOWS\system32\PhotoBase Screen Saver.scr
2007-12-15 03:14 . 2007-12-15 03:14 <DIR> d-------- C:\Intel 802.11 b
2007-12-15 02:50 . 2001-08-23 16:25 1,706,800 --------- C:\WINDOWS\system32\gdip4d0f.rra
2007-12-14 08:31 . 2007-12-14 08:31 12,598 --a------ C:\WINDOWS\system32\wpa.bak
2007-12-14 05:14 . 2004-08-04 07:00 1,086,058 -ra------ C:\WINDOWS\SETE9.tmp
2007-12-14 05:14 . 2004-08-04 07:00 1,042,903 -ra------ C:\WINDOWS\SETE6.tmp
2007-12-14 05:14 . 2004-08-04 07:00 13,753 -ra------ C:\WINDOWS\SETF5.tmp
2007-12-14 05:14 . 2004-08-04 07:00 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat
2007-12-14 00:01 . 2008-01-09 11:37 501,760,000 --a------ C:\WINDOWS\MEMORY.DMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 01:25 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-10 20:58 --------- d-----w C:\Program Files\QuickTime
2008-01-10 02:01 --------- d-----w C:\Program Files\StorageSync
2008-01-10 02:00 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-10 02:00 --------- d-----w C:\Program Files\Real
2008-01-10 02:00 --------- d-----w C:\Program Files\Common Files\Real
2008-01-06 02:46 --------- d-----w C:\Program Files\ewido anti-malware
2008-01-06 02:04 --------- d-----w C:\Program Files\Notebook Maximizer
2008-01-06 01:56 --------- d-----w C:\Program Files\Apoint2K
2007-12-28 04:49 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-20 15:23 --------- d-----w C:\Program Files\DYMO Label
2007-12-16 13:38 --------- d-----w C:\Program Files\Google
2007-12-15 08:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-15 08:37 --------- d-----w C:\Program Files\Atheros
2007-12-10 05:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\SopCast
2007-11-19 02:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\MPEG Streamclip
2006-08-31 18:52 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-05-06 04:48 32 --sha-w C:\WINDOWS\{279E686A-BBCC-477B-9FC4-F3BED81B0F0F}.dat
2005-05-06 04:49 32 --sha-w C:\WINDOWS\{506B4DD4-9CAA-4D96-B661-EE318432BC97}.dat
2005-05-06 04:47 32 --sha-w C:\WINDOWS\{82878BED-5E7D-4BA3-A613-13F2467C7151}.dat
2005-05-06 04:47 32 --sha-w C:\WINDOWS\{A7F3EDB7-52B0-4B09-B93B-DC6CCC13295A}.dat
2005-05-06 04:50 32 --sha-w C:\WINDOWS\{AA7E17FC-AE10-4A81-BF56-9C4B849C4456}.dat
2005-05-06 04:47 32 --sha-w C:\WINDOWS\{EBD22BC9-9A48-496C-B02F-4CCE7823A6E8}.dat
2005-05-06 04:50 32 --sha-w C:\WINDOWS\system32\{3ED68878-7AF0-423E-8348-3058CE9004E2}.dat
2005-05-06 04:47 32 --sha-w C:\WINDOWS\system32\{6896B05C-841E-4CE3-ADFA-6773FA89955C}.dat
2005-05-06 04:49 32 --sha-w C:\WINDOWS\system32\{D1DBC3CF-DE6E-404F-9849-B3A0E0439445}.dat
2005-05-06 04:48 32 --sha-w C:\WINDOWS\system32\{D6443C10-8B82-42DC-A321-F6488A7D7421}.dat
2005-05-06 04:47 32 --sha-w C:\WINDOWS\system32\{D80E93B8-1C3A-4AA6-8426-8CD7370D41BC}.dat
2005-05-06 04:47 32 --sha-w C:\WINDOWS\system32\{FF49C292-991E-4B20-AE59-549D2C73218C}.dat
2005-07-29 21:24 472 --sha-r C:\WINDOWS\T3duZXI\naxRtrK.vbs
.
<pre>
----a-w		   192,512 2008-01-06 01:03:18  C:\Program Files\Apoint2K\Apoint .exe
----a-w		   180,269 2007-12-30 03:03:38  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w			40,960 2008-01-05 02:39:29  C:\Program Files\Notebook Maximizer\maximizer_startup .exe
----a-w		 3,032,576 2008-01-07 12:09:55  C:\Program Files\StorageSync\StrgSync .exe
----a-w		 1,089,589 2008-01-05 02:39:32  C:\Program Files\Toshiba\Touch and Launch\PadExe .exe
----a-w			53,248 2008-01-06 01:03:20  C:\Program Files\Toshiba\TouchPad\TPTray .exe
----a-w			57,359 2007-12-27 12:58:21  C:\RECYCLER\NPROTECT\[u]0[/u]0563198 .exe
----a-w		   159,744 2008-01-05 02:39:53  C:\TOSHIBA\Ivp\ISM\pinger .exe
----a-w		   208,952 2008-01-07 17:46:42  C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
</pre>


((((((((((((((((((((((((((((( snapshot@2008-01-10_20.37.58.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-10 20:36:24 3,658 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{2F5A6BCD-E490-4688-AA50-7A94B66D83CB}.bin
+ 2008-01-11 01:42:04 4,388 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{2F5A6BCD-E490-4688-AA50-7A94B66D83CB}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{461bc5b0-1783-4571-8fe8-45c70e3681af}]
C:\WINDOWS\system32\mniqbyu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{477840F3-BA52-44D9-8E41-38D61CAA010F}]
C:\WINDOWS\system32\egmulhxk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96B172AD-197D-491B-B7CE-699C58CA7061}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB572C62-36BD-402D-B6D5-340AEF2911EC}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"Bcot"="C:\PROGRA~1\SSTEM~1\services.exe" [ ]
"Ttmf"="C:\Documents and Settings\Owner\Application Data\?icrosoft.NET\r?ndll.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [ ]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [ ]
"troy44"="C:\WINDOWS\troy44.exe" [ ]
"{24-45-54-48-ZN}"="c:\windows\system32\dwdsrngt .exe" [ ]
"troy44 "="C:\WINDOWS\troy44 .exe" [ ]
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [ ]
"PostCopy"="C:\WINDOWS\system32\BELKIN\F5D5050\PostCopy.exe" [ ]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [ ]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [ ]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [ ]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 17:00 88363 C:\WINDOWS\agrsmmsg.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [ ]
"smoothview"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [ ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [ ]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [ ]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [ ]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:00 53760 C:\WINDOWS\system32\narrator.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 07:00 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

S3 ADM8511;%ADM8511.Service.DispName%;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 15:11]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);C:\WINDOWS\system32\Drivers\grmn0200.sys [2006-01-22 00:30]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;C:\WINDOWS\system32\Drivers\grmn1200.sys [2000-07-17 09:57]
S3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2002-08-14 08:03]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-07 22:18:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2007-11-09 22:30:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-01-11 01:44:14 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 20:56:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 20:59:23
ComboFix-quarantined-files.txt 2008-01-11 01:59:19
.
2007-11-14 16:21:24 --- E O F ---

----------------------


Please advice

BC AdBot (Login to Remove)

 


#2 Sagi

Sagi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 13 January 2008 - 11:23 AM

No body responded to my thread. Am I missing something?

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:27 PM

Posted 24 January 2008 - 01:32 PM

Hi Sagi

There is a huge backlog as you might see.

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:27 PM

Posted 02 February 2008 - 06:00 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users