Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With The Amvo.exe, D6fagcs8.cmd Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 koda.keith

koda.keith

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 16 February 2008 - 07:10 PM

I've never had such a hard time removing a virus in my life. I recently reloaded my pc and then this virus appeared. My pc is running extremely slow and getting into my computer folder takes forever. I currently have Symantec Anti virus Corporate running by doesn't help one bit.
Apart from Norton I've used:
Stinger
Housecall Anti Virus
Combo fix
Advanced window care
Mcafee Rootkit Detective
and a few others which hasn't even helped. The file d6fagcs8.cmd is in my c drive but it is hidden and cannot b deleted but i've been able to delete the amvo.exe using regedit from the run command but i still have the hacktool.rootkit virus.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:41 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Documents and Settings\Keith Bernard\Desktop\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [RegDoctor] C:\Program Files\RegDoctor\RegDoctor.exe -Quick
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?3e93e16b049849dd941861994f9a861d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?3e93e16b049849dd941861994f9a861d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 5709 bytes


and this is my combo fix log


ComboFix 08-02-17.2 - Keith Bernard 2008-02-17 5:25:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2408 [GMT -3:00]
Running from: C:\Documents and Settings\Keith Bernard\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-17 01:22 . 2008-02-17 01:23 <DIR> d-------- C:\Program Files\RegDoctor
2008-02-17 01:22 . 2005-02-12 15:43 245,760 --a------ C:\WINDOWS\system32\vbalColumnTreeView6.ocx
2008-02-17 01:22 . 2004-03-08 18:00 152,848 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-02-17 01:22 . 1999-08-02 16:11 57,344 --a------ C:\WINDOWS\system32\CGZipLibrary.DLL
2008-02-17 01:22 . 2003-01-26 13:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-02-17 01:22 . 1999-03-12 01:20 18,728 --a------ C:\WINDOWS\system32\ISHF_Ex.tlb
2008-02-17 01:22 . 1998-03-18 16:45 8,096 --a------ C:\WINDOWS\system32\OLEGUIDS.TLB
2008-02-17 01:03 . 2008-02-17 01:03 <DIR> d-------- C:\Program Files\ASTRA32
2008-02-17 00:43 . 2008-02-17 00:43 <DIR> d-------- C:\Documents and Settings\Keith Bernard\Application Data\IObit
2008-02-17 00:08 . 2008-02-17 00:08 <DIR> d-------- C:\Documents and Settings\Keith Bernard\Application Data\Share-to-Web Upload Folder
2008-02-17 00:08 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-17 00:08 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-17 00:07 . 2008-02-17 00:07 <DIR> d-------- C:\sj659
2008-02-17 00:07 . 2008-02-17 00:51 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-02-17 00:07 . 2008-02-17 00:07 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-02-17 00:02 . 2008-02-17 00:02 <DIR> d---s---- C:\Documents and Settings\Keith Bernard\UserData
2008-02-17 00:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-17 00:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-17 00:02 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-16 11:32 . 2008-02-16 11:32 <DIR> d-------- C:\Program Files\IObit
2008-02-15 23:50 . 2004-08-12 10:34 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-15 23:49 . 2008-02-15 23:49 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-15 23:49 . 2008-02-15 23:49 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-02-15 23:28 . 2008-02-15 23:28 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-02-15 23:25 . 2008-02-15 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-02-15 23:24 . 2008-02-15 23:24 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-15 23:24 . 2008-02-15 23:26 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-02-15 23:24 . 2008-02-15 23:24 <DIR> d-------- C:\Documents and Settings\Keith Bernard\Application Data\Corel
2008-02-15 23:24 . 2008-02-16 00:05 2,828 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-02-15 23:24 . 2008-02-16 00:05 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\B3697478F7.sys
2008-02-15 23:20 . 2008-02-15 23:20 <DIR> d-------- C:\Program Files\Common Files\Protexis
2008-02-15 23:20 . 2008-02-15 23:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2008-02-15 23:19 . 2008-02-15 23:19 <DIR> d-------- C:\Program Files\Corel
2008-02-15 23:19 . 2008-02-15 23:19 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-15 23:08 . 2008-02-15 23:08 <DIR> d-------- C:\WINDOWS\Sun
2008-02-15 23:03 . 2008-02-15 23:03 1,158 --a------ C:\WINDOWS\mozver.dat
2008-02-15 23:02 . 2008-02-15 23:02 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-02-15 22:54 . 2008-02-15 22:54 <DIR> d-------- C:\Program Files\Java
2008-02-15 22:54 . 2008-02-15 22:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-15 22:54 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-02-15 22:50 . 2008-02-15 23:24 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-15 22:50 . 2008-02-15 23:24 <DIR> d-------- C:\Program Files\MSN Messenger
2008-02-15 22:50 . 2008-02-15 22:50 <DIR> d-------- C:\Documents and Settings\Keith Bernard\Contacts
2008-02-15 21:43 . 2008-02-15 23:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-15 21:38 . 2008-02-15 21:38 <DIR> d-------- C:\Documents and Settings\Keith Bernard\Application Data\Talkback
2008-02-15 21:38 . 2008-02-15 21:38 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-15 21:36 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-02-15 21:36 . 2008-02-15 21:37 376 --a------ C:\WINDOWS\ODBC.INI
2008-02-15 21:35 . 2008-02-15 21:35 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-15 21:35 . 2008-02-15 21:35 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-02-15 21:34 . 2008-02-15 21:35 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-15 21:26 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-15 21:26 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-15 21:26 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-02-15 21:26 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-02-15 21:09 . 2008-02-15 21:10 <DIR> d-------- C:\Program Files\Winamp
2008-02-15 21:09 . 2008-02-15 21:10 <DIR> d-------- C:\Documents and Settings\Keith Bernard\Application Data\Winamp
2008-02-15 20:40 . 2008-02-15 20:40 0 --a------ C:\WINDOWS\vpc32.INI
2008-02-15 07:26 . 2008-02-15 07:26 <DIR> d-------- C:\Documents and Settings\Keith Bernard\Application Data\AdobeUM
2008-02-15 07:25 . 2008-02-15 07:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-15 07:23 . 2008-02-15 07:23 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-02-15 07:23 . 2008-02-15 07:23 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-02-15 07:23 . 2008-02-15 07:23 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-02-15 07:23 . 2008-02-15 07:23 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-02-15 07:23 . 2006-04-13 14:33 8,192 --a------ C:\WINDOWS\system32\drivers\BS_I2cIo.sys
2008-02-15 07:19 . 2008-02-15 07:19 <DIR> d-------- C:\Program Files\BIOSTAR
2008-02-15 07:18 . 2008-02-15 07:18 <DIR> d-------- C:\Program Files\AMD
2008-02-15 07:18 . 2005-03-09 15:53 36,352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-02-15 07:17 . 2008-02-15 07:17 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-02-15 07:17 . 2007-02-06 13:43 90,880 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-02-15 07:17 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-02-15 07:17 . 2004-08-03 23:15 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-02-15 07:17 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-02-15 07:17 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
2008-02-15 07:17 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-02-15 07:17 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-02-15 07:17 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-02-15 07:16 . 2008-02-15 07:16 <DIR> d-------- C:\Program Files\Realtek
2008-02-15 07:16 . 2008-02-17 00:07 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-02-15 07:16 . 2008-02-15 07:19 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-02-15 07:15 . 2008-02-15 07:23 <DIR> d-------- C:\WINDOWS\nview
2008-02-15 07:15 . 2007-03-20 02:07 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-02-15 07:15 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-15 07:15 . 2007-03-20 02:07 111,544 --a------ C:\WINDOWS\system32\nvapps.xml
2008-02-15 07:15 . 2007-03-20 02:07 17,177 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-02-15 07:14 . 2008-02-15 07:14 <DIR> d-------- C:\Documents and Settings\Keith Bernard\Application Data\InstallShield
2008-02-15 07:14 . 2006-11-08 09:48 356,352 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-02-15 07:14 . 2007-03-09 12:37 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-02-15 07:14 . 2006-10-19 10:36 1,864 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-02-15 07:13 . 2005-03-16 03:23 13,696 -ra------ C:\WINDOWS\system32\drivers\BIOS.sys
2008-02-15 07:08 . 2008-02-17 04:29 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-02-15 07:08 . 2008-02-15 07:09 <DIR> d-------- C:\Program Files\Symantec
2008-02-15 07:08 . 2008-02-15 21:30 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-15 07:08 . 2008-02-15 07:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-15 07:08 . 2005-09-17 00:20 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-15 07:08 . 2005-09-17 00:20 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-15 07:05 . 2008-02-15 21:26 103,461 -r-hs---- C:\d6fagcs8.cmd
2008-02-15 07:00 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 01:05 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-02-15 10:16 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-15 09:49 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 12:16 37376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 12:38 163840]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]
"RegDoctor"="C:\Program Files\RegDoctor\RegDoctor.exe" [2008-02-17 01:23 2256896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-20 02:07 8425472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-03-20 02:07 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 03:23]
R1 BS_I2cIo;BS_I2cIo;C:\WINDOWS\system32\drivers\BS_I2cIo.sys [2006-04-13 14:33]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;C:\Program Files\ASTRA32\ASTRA32.sys [2007-02-22 11:28]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da75bef9-dbab-11dc-bc79-c985f3b52e8b}]
\Shell\AutoRun\command - E:\d6fagcs8.cmd
\Shell\explore\Command - E:\d6fagcs8.cmd
\Shell\open\Command - E:\d6fagcs8.cmd

.
Contents of the 'Scheduled Tasks' folder
"2008-02-17 07:43:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 05:26:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 5:26:41
ComboFix-quarantined-files.txt 2008-02-17 08:26:39
.
2008-02-16 00:43:59 --- E O F ---

Edited by koda.keith, 16 February 2008 - 07:18 PM.


BC AdBot (Login to Remove)

 


m

#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:56 PM

Posted 02 March 2008 - 08:24 AM

Hi koda.keith

Is E drive your USB stick?

If so, you will need to first format it.

After that:

Delete your copy of combofix.

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:56 PM

Posted 11 March 2008 - 08:57 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users