Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Log


  • Please log in to reply
1 reply to this topic

#1 joecjs

joecjs

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 29 January 2008 - 11:23 PM

Still having a little bit of trouble with pop-ups.

My windows installer no longer works. I tried re-installing and so forth. It stopped working right after using combofix I believe.

Any help is appreciated.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gebyyyy.dll
C:\WINDOWS\system32\iifef.dll
C:\WINDOWS\system32\sthrvorv.dll
C:\Documents and Settings\Joe Stezar\Application Data\install.dat
C:\Documents and Settings\Joe Stezar\Application Data\SKS~1
C:\Documents and Settings\Joe Stezar\err.log
C:\Documents and Settings\Joe Stezar\ResErrors.log
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1165297416.old
C:\Program Files\WinBudget\bin\crap.1165946871.old
C:\Program Files\WinBudget\bin\crap.1165990791.old
C:\Program Files\WinBudget\bin\matrix.dll.1165946870.old
C:\Program Files\WinBudget\bin\matrix.dll.1165990791.old
C:\Program Files\WinBudget\bin\matrix.dll.1166983206.old
C:\Program Files\WinBudget\bin\matrix.dll.1167462263.old
C:\Program Files\WinBudget\bin\matrix.dll.1167718438.old
C:\Program Files\WinBudget\bin\matrix.dll.1167973680.old
C:\Program Files\WinBudget\bin\matrix.dll.1168239138.old
C:\Program Files\WinBudget\bin\matrix.dll.1168496958.old
C:\Program Files\WinBudget\bin\matrix.dll.1168943054.old
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\_000103_.tmp.dll
C:\WINDOWS\system32\bvfbbcxi.ini
C:\WINDOWS\system32\ctnyfmpg.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
C:\WINDOWS\system32\dxwaujrl.dll
C:\WINDOWS\system32\eytrgalj.ini
C:\WINDOWS\system32\fefii.ini
C:\WINDOWS\system32\fefii.ini2
C:\WINDOWS\system32\gbcypmns.dll
C:\WINDOWS\system32\gebyyyy.dll
C:\WINDOWS\system32\gtlqtkuu.dll
C:\WINDOWS\system32\halpmdjt.ini
C:\WINDOWS\system32\iifef.dll
C:\WINDOWS\system32\ldoqfnfw.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mrgwcdim.ini
C:\WINDOWS\system32\mrtqcdyn.ini
C:\WINDOWS\system32\nydcqtrm.dll
C:\WINDOWS\system32\omikbilh.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\phtttshs.dll
C:\WINDOWS\system32\qqekjjyu.dll
C:\WINDOWS\system32\sctshldg.ini
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\sthrvorv.dll
C:\WINDOWS\system32\sthrvorv.dllbox
C:\WINDOWS\system32\uyvmthdv.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wlpqhshn.ini
C:\WINDOWS\system32\wvjxmwhf.exe
C:\WINDOWS\system32\ytariold.dllbox
C:\WINDOWS\wbun.exe
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\DomainService
-------\nm


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-29 17:54 . 2008-01-29 17:54 <DIR> d-------- C:\TEMP\tn3
2008-01-28 17:06 . 2007-03-28 12:58 211 --a------ C:\Boot.bak
2008-01-28 17:05 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-28 16:32 . 2008-01-28 16:32 147,520 --a------ C:\WINDOWS\system32\gdlhstcs.dll
2008-01-28 12:42 . 2008-01-28 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-27 23:26 . 2008-01-27 23:26 <DIR> d-------- C:\Documents and Settings\Joe Stezar\Application Data\Grisoft
2008-01-27 23:25 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-26 11:03 . 2008-01-26 11:03 147,520 --------- C:\WINDOWS\system32\ixcbbfvb.dll
2008-01-24 19:25 . 2008-01-26 10:49 <DIR> d-------- C:\WINDOWS\system32\wnzs6
2008-01-24 19:25 . 2008-01-25 17:17 <DIR> d-------- C:\WINDOWS\system32\ni4
2008-01-24 19:25 . 2008-01-24 19:25 <DIR> d-------- C:\WINDOWS\system32\etz1
2008-01-24 19:25 . 2008-01-25 17:20 <DIR> d-------- C:\WINDOWS\system32\comg7
2008-01-24 19:25 . 2008-01-26 10:49 <DIR> d--hs---- C:\WINDOWS\Sm9lIFN0ZXphcg
2008-01-24 19:25 . 2008-01-24 19:25 <DIR> d-------- C:\TEMP\gTiis19
2008-01-24 19:25 . 2008-01-24 19:25 86,016 --a------ C:\WINDOWS\system32\drivers\agpcpqq.sys
2008-01-24 19:25 . 2008-01-29 17:54 932 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-24 19:23 . 2008-01-26 16:31 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-24 19:23 . 2008-01-24 19:23 <DIR> d-------- C:\TEMP\cXzz9
2008-01-23 15:25 . 2008-01-23 20:27 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-22 00:13 . 2008-01-22 00:13 <DIR> d-------- C:\Documents and Settings\Joe Stezar\Application Data\Nero
2008-01-22 00:05 . 2008-01-22 00:05 <DIR> d-------- C:\Program Files\Nero
2008-01-22 00:05 . 2008-01-22 00:11 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-22 00:05 . 2008-01-22 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 03:25 --------- d-----w C:\Documents and Settings\Joe Stezar\Application Data\Azureus
2008-01-19 23:20 --------- d-----w C:\Program Files\Azureus
2007-12-13 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2005-09-28 02:28 9,516,504 -c--a-w C:\Documents and Settings\Joe Stezar\DesktopDoctor1.0.exe
2002-07-27 00:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2003-03-31 12:00 94,784 -csh--w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2007-10-23 02:57 421,391 --sh--w C:\WINDOWS\repair\mcc.bak1
2007-10-24 04:01 420,450 --sh--w C:\WINDOWS\repair\mcc.bak2
2007-10-24 04:01 420,450 --sh--w C:\WINDOWS\repair\mcc.ini2
2005-08-02 21:46 0 --sha-r C:\WINDOWS\Sm9lIFN0ZXphcg\asappsrv.dll
2005-08-02 21:58 0 --sha-r C:\WINDOWS\Sm9lIFN0ZXphcg\command.exe
2004-08-04 07:56 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28 549,376 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56 11,776 --sha-w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1619F669-61FF-1B2C-F8BE-11A3E488ACEF}]
C:\WINDOWS\system32\vgddd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2C0D414-156D-49A4-831F-E959B55BE0E8}]
2007-08-02 08:43 0 --a------ C:\Program Files\Messenger\meno83122.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [ ]
"BO1HelperStartUp"="C:\PROGRA~1\BUTTER~1\BO1HEL~1.exe" [ ]
"Smiley District"="C:\Program Files\SmileyDistrict\plugin.exe" [ ]
"GrooveMonitor"="G:\Office\Office12\GrooveMonitor.exe" [ ]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-01-23 17:42 196608]
"MimBoot"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe" [2004-12-10 21:44 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-12-10 21:44 110592]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 08:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 20:44 271672]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 21:20 866584]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 11:16 1283328]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 19:26 406016]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 11:01 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2005-01-05 00:45:06 118784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsrp]
vtsrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iifef.dll

R1 agpcpqq;agpcpqq;C:\WINDOWS\system32\drivers\agpcpqq.sys [2008-01-24 19:25]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-09-21 11:17]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-03-12 19:32]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 NUVision;Pinnacle DVC 80 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 14:55]
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2002-10-14 00:40]
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2002-10-14 00:40]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-03-12 18:57]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 21:44:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-29 22:58:36 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2004-08-05 03:06:45 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2004-05-18 00:16:31 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 17:56:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-01-29 18:04:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-29 23:04:14

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:01 PM

Posted 11 February 2008 - 04:05 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users