Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Internet Connection After Using Hjt And Combofix


  • Please log in to reply
1 reply to this topic

#1 pokz08

pokz08

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 05 February 2008 - 06:12 AM

Hi,

My icons and taskbar started to appear and disappear every few seconds after logging in and after a few cycle the icons did not appear again. I have used HJT and Combofix and it solved the problem of the icons ( they don't disappear anymore. However, after rebooting my internet connection is no longer accessible. Even my anti-virus software was unable to update. I have tried to successfully repair my network connection but still no success in restoring the internet.

P.S. My modem works fine as I'm using a differnt PC connected to the same modem/router. I am using Win XP SP2.


HJT Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:37 AM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] rem "nwiz.exe" /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Atomic Clock] C:\Program Files\FreeLabs\Atomic Time Synchronizer\Atomic Time Synchronizer.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [GBMPro8Agent] C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173963899651
O20 - AppInit_DLLs: secuload.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)

--
End of file - 8269 bytes


Combofix Log

ComboFix 08-02.05.1 - Noriel 2008-02-05 7:17:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.180 [GMT 8:00]
Running from: H:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ddcyxxu.dll
C:\WINDOWS\system32\oppop.dll
C:\WINDOWS\system32\au3305adc.dll
C:\WINDOWS\system32\ddcyxxu.dll
C:\WINDOWS\system32\oppop.dll
C:\WINDOWS\system32\poppo.ini
C:\WINDOWS\system32\poppo.ini2
C:\WINDOWS\system32\winoqx32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\nm


((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-05 06:53 . 2008-02-05 06:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-04 15:53 . 2008-02-04 15:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 14:03 . 2008-02-04 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-04 06:48 . 2008-02-04 17:46 <DIR> d-------- C:\Documents and Settings\Noriel\Application Data\Thinstall
2008-02-03 17:07 . 2008-02-03 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Genie-Soft
2008-02-03 14:34 . 2008-02-03 14:34 <DIR> d-------- C:\Documents and Settings\Noriel\Application Data\Genie-soft
2008-02-03 14:32 . 2008-02-03 14:32 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.008\Application Data\SiteAdvisor
2008-02-03 14:29 . 2008-02-03 14:29 <DIR> d-------- C:\Program Files\Genie-Soft
2008-02-03 14:29 . 2006-11-02 00:50 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
2008-02-03 13:09 . 2008-02-03 13:09 <DIR> d-------- C:\WINDOWS\system32\DX9
2008-02-03 13:09 . 2004-10-18 11:25 208,851 --a------ C:\WINDOWS\system32\drivers\wf88vcap.sys
2008-02-03 13:09 . 2004-10-18 11:25 34,789 --a------ C:\WINDOWS\system32\drivers\wf88tune.sys
2008-02-03 13:09 . 2004-10-18 11:25 10,324 --a------ C:\WINDOWS\system32\drivers\WF88XBAR.sys
2008-02-03 13:09 . 2002-06-03 22:52 2,238 --a------ C:\WINDOWS\system32\WFDRV.ico
2008-02-03 13:07 . 2008-02-03 13:07 <DIR> d-------- C:\WINDOWS\system32\WinFox
2008-02-03 13:07 . 2008-02-03 13:09 <DIR> d-------- C:\WINDOWS\system32\WinFast
2008-02-03 13:07 . 2003-09-05 09:57 9,469 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys
2008-02-03 06:58 . 2006-05-05 19:21 4,608 --a------ C:\WINDOWS\system32\drivers\nvport.sys
2008-02-03 06:36 . 2008-02-03 06:36 <DIR> d-------- C:\Program Files\CBS Software
2008-01-31 17:06 . 2008-01-31 17:06 <DIR> d-------- C:\Program Files\THQ
2008-01-27 20:38 . 2008-01-27 20:38 <DIR> d-------- C:\Program Files\Bonjour
2008-01-27 20:36 . 2008-01-27 20:37 <DIR> d-------- C:\Program Files\QuickTime
2008-01-27 20:34 . 2008-01-27 20:34 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-27 20:33 . 2008-01-27 20:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-27 20:33 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-27 20:32 . 2008-01-27 20:32 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-27 20:32 . 2008-01-27 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-19 17:17 . 2008-01-19 17:17 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-19 12:41 . 2008-01-19 12:41 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.007\Application Data\SiteAdvisor
2008-01-17 21:51 . 2008-01-24 15:48 <DIR> d-------- C:\Program Files\Aimersoft
2008-01-17 20:56 . 2008-01-17 20:56 <DIR> d-------- C:\Documents and Settings\Noriel\.dvdcss
2008-01-17 20:55 . 2008-01-18 22:42 <DIR> d-------- C:\Program Files\Any DVD Converter Professional
2008-01-17 20:55 . 2008-01-18 22:42 <DIR> d-------- C:\Documents and Settings\Noriel\Application Data\Any DVD Converter Professional
2008-01-17 20:19 . 2008-02-03 07:28 <DIR> d-------- C:\Program Files\DAP
2008-01-17 20:19 . 2008-01-17 20:19 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-01-17 20:19 . 2008-01-17 20:19 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-01-17 20:19 . 2008-01-17 20:19 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-01-17 18:38 . 2008-01-17 18:44 <DIR> d-------- C:\Program Files\Apollo DVD Copy
2008-01-17 18:38 . 2008-01-17 18:38 66 --a------ C:\WINDOWS\Apollo DVD Copy.INI
2008-01-17 13:50 . 2008-01-17 14:05 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-01-17 13:50 . 2008-01-17 13:51 <DIR> d-------- C:\Documents and Settings\Noriel\Application Data\IDM
2008-01-16 20:01 . 2002-01-05 14:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-01-16 17:23 . 2008-01-16 17:23 <DIR> d-------- C:\Temp\G--_01
2008-01-16 17:23 . 2008-01-16 17:23 <DIR> d-------- C:\Temp
2008-01-16 17:19 . 2005-11-21 13:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-01-16 17:19 . 2005-11-21 13:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-01-15 13:03 . 2008-01-15 13:37 196 --a------ C:\WINDOWS\IfoEdit.INI
2008-01-15 11:54 . 2008-01-15 11:54 <DIR> d-------- C:\Program Files\DVD Shrink
2008-01-15 11:54 . 2008-01-24 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-14 06:30 . 2008-01-14 06:30 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.006\Application Data\SiteAdvisor
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 09:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-04 09:36 --------- d-----w C:\Program Files\Google
2008-02-04 09:22 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-04 07:53 --------- d-----w C:\Documents and Settings\Noriel\Application Data\Lavasoft
2008-02-04 07:52 --------- d-----w C:\Program Files\Lavasoft
2008-02-04 05:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-04 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-03 05:55 --------- d-----w C:\Program Files\Sytexis Software
2008-02-03 05:35 --------- d-----w C:\Program Files\Advanced Registry Doctor
2008-02-03 05:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2008-02-01 10:37 --------- d-----w C:\Documents and Settings\Noriel\Application Data\Wildfire
2008-01-27 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-19 11:30 --------- d-----w C:\Documents and Settings\Noriel\Application Data\dvdcss
2008-01-19 09:17 --------- d-----w C:\Program Files\ABC Amber LIT Converter
2008-01-17 07:01 --------- d-----w C:\Documents and Settings\Noriel\Application Data\Azureus
2008-01-17 06:02 --------- d-----w C:\Documents and Settings\Noriel\Application Data\DMCache
2008-01-16 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-16 08:18 --------- d-----w C:\Documents and Settings\Noriel\Application Data\LimeWire
2008-01-09 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOC425
2007-12-22 07:18 --------- d-----w C:\Program Files\LimeWire
2007-12-21 02:01 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-20 06:10 129,520 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-20 05:54 118,256 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-19 19:00 44,608 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-14 04:47 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY.004\Application Data\SiteAdvisor
2007-12-14 03:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-09 03:07 --------- d-----w C:\Program Files\Joost
2007-12-08 04:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-07-23 04:57 304,040 ----a-w C:\Documents and Settings\Noriel\xBBrowser.exe
2005-03-31 14:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 21:00 79224]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-02-15 09:45 1115728]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 10:39 36904]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 06:56 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="rem nwiz.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"Atomic Clock"="C:\Program Files\FreeLabs\Atomic Time Synchronizer\Atomic Time Synchronizer.exe" [2007-01-10 00:41 200704]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [2007-08-08 19:49 338432]
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-10-16 12:05 103864]
"RegistryMechanic"="" []
"GBMPro8Agent"="C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-01-27 09:55 230016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\Noriel\Start Menu\Programs\Startup\
Scheduler.lnk - C:\Program Files\SpyCatcher\Scheduler daemon.exe [2007-11-28 19:43:24 86133]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SpyCatcher Protector.lnk - C:\Program Files\SpyCatcher\Protector.exe [2007-11-28 19:43:24 91576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2007-04-07 10:34 60416 C:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=secuload.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCProTray.lnk]
backup=C:\WINDOWS\pss\NCProTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]
backup=C:\WINDOWS\pss\SpyCatcher Protector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Noriel^Start Menu^Programs^Startup^ImationFlashDetect.lnk]
backup=C:\WINDOWS\pss\ImationFlashDetect.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Noriel^Start Menu^Programs^Startup^Scheduler.lnk]
backup=C:\WINDOWS\pss\Scheduler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-10-28 16:25 94208 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 2005-10-19 14:39 135168 C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-17 11:32 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 1999-10-11 09:00 41984 C:\WINDOWS\CTRegRun.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-17 11:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2002-12-02 20:56 40960 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2005-11-22 17:38 221184 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
--a------ 2006-09-13 09:58 2154496 C:\Program Files\VDOTool\TBPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]
--a------ 2008-01-27 09:55 230016 C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Invisible Secrets 4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 21:43 7630848 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 21:43 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-27 19:22 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2003-12-08 17:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-08-14 18:39 20066856 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2004-06-10 13:48 286720 C:\WINDOWS\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedConnectStartUp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2005-05-31 01:04 1415824 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyCatcher Reminder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-07-12 00:00 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 11:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{597a9960-195a-11dc-b175-0018f317b2ab}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c34bd0-7b0a-11dc-b24b-0018f317b2ab}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 12:34:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-03 09:01:49 C:\WINDOWS\Tasks\GBM - New Backup Job(1)-Differential.job"
- C:\Program Files\Genie-Soft\GBMPro8\GBM8.exeN-e -job
"2008-02-03 09:01:48 C:\WINDOWS\Tasks\GBM - New Backup Job(1)-Full.job"
- C:\Program Files\Genie-Soft\GBMPro8\GBM8.exeN-e -job
"2008-02-04 23:41:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 07:38:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-02-05 7:46:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 23:46:18
.
2008-02-02 22:20:48 --- E O F ---

Thanks in advance.

BC AdBot (Login to Remove)

 


m

#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:30 AM

Posted 15 February 2008 - 04:52 AM

Hi pokz08, :thumbsup:

Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.

If you still need help please post a new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide for use before posting a HijackThis Log , and I'll be happy to look at it for you.

Thanks for your patience. :blink:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users