Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Have To Run Over N Over Again


  • Please log in to reply
1 reply to this topic

#1 joe_49er

joe_49er

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 21 February 2008 - 01:38 AM

I have run Combofix several times. But my problem still continues. so here i post my hijackthis log file and combofix log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:36 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HTTP-Tunnel\HTTP-TunnelClient.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\Rka\Trestrer\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.180.1.2:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FDAF529-2746-4895-B8B5-1A57D41C8433}: NameServer = 164.100.3.1,164.100.17.1
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6797 bytes


ComboFix 08-02.01.4 - NEW 2007-02-21 10:39:06.10 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.568 [GMT 5.5:30]
Running from: E:\Rka\Trestrer\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\u.bat . . . . failed to delete
F:\u.bat . . . . failed to delete
G:\u.bat . . . . failed to delete
I:\Autorun.inf . . . . failed to delete
J:\Autorun.inf . . . . failed to delete
K:\Autorun.inf . . . . failed to delete
L:\Autorun.inf . . . . failed to delete
E:\u.bat . . . . failed to delete
F:\u.bat . . . . failed to delete
G:\u.bat . . . . failed to delete
I:\Autorun.inf . . . . failed to delete
J:\Autorun.inf . . . . failed to delete
K:\Autorun.inf . . . . failed to delete
L:\Autorun.inf . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-02-15 14:35 . 2008-02-15 14:34 104,813 -r-hs---- C:\3wcxx91.cmd
2008-02-12 15:48 . 2007-11-13 08:26 710,031 -rahs---- C:\WINDOWS\system32\kinza.exe
2008-02-12 15:48 . 2007-11-08 20:05 155,760 --ahs---- C:\WINDOWS\system32\fiber.exe
2008-02-12 15:48 . 2007-11-08 20:05 99,840 --ahs---- C:\WINDOWS\system32\imapde.dll
2008-02-12 15:48 . 2007-11-08 20:05 13,480 --ahs---- C:\WINDOWS\system32\imapdc.vxd
2008-02-12 15:48 . 2007-11-13 08:24 4,635 --ah----- C:\WINDOWS\system32\boot.vbs
2008-02-12 13:20 . 2008-02-12 13:20 <DIR> d-------- C:\Documents and Settings\NEW\Application Data\Nokia Multimedia Player
2008-02-08 13:46 . 2008-02-08 13:46 <DIR> d---s---- C:\Documents and Settings\NEW\UserData
2008-02-05 10:57 . 2008-02-05 10:57 <DIR> d-------- C:\Program Files\Google
2008-02-05 10:44 . 2008-02-05 10:44 <DIR> d-------- C:\Program Files\DivX
2008-02-03 09:42 . 2008-02-03 09:42 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-02-03 09:42 . 2008-02-03 09:42 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-02-03 09:41 . 2008-02-03 09:41 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-02-03 09:40 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-02-03 09:40 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-02-03 09:40 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-02-03 09:40 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-02-03 09:40 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-02-02 15:56 . 2008-02-02 15:56 82 --a------ C:\WINDOWS\mafosav.INI
2008-02-02 10:57 . 2008-02-02 10:57 <DIR> dr-h----- C:\Documents and Settings\NEW\Application Data\SecuROM
2008-02-02 10:56 . 2008-02-02 10:56 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-02-02 10:53 . 2005-10-20 04:59 81,920 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-01-29 11:55 . 2008-01-29 11:55 <DIR> d-------- C:\Program Files\Total Video Converter
2008-01-29 11:24 . 2008-01-22 12:55 2,764 --a------ C:\WINDOWS\system32\$$$mclip.cfg
2008-01-29 09:51 . 2008-01-29 09:51 <DIR> d-------- C:\Documents and Settings\NEW\Application Data\Ahead
2008-01-28 12:14 . 2008-01-28 12:14 0 --a------ C:\WINDOWS\vpc32.INI
2008-01-28 11:47 . 2008-01-29 09:37 77 --a------ C:\WINDOWS\lsoon.ini
2008-01-28 11:38 . 2008-01-28 11:38 2 -rahs---- C:\WINDOWS\winstart.bat
2008-01-28 11:37 . 2008-01-28 11:37 <DIR> d-------- C:\Documents and Settings\NEW\Application Data\Regrun
2008-01-28 11:37 . 2008-01-28 11:37 <DIR> d-------- C:\backreg
2008-01-28 11:37 . 2003-09-06 15:55 57,556 --a------ C:\WINDOWS\guard.bmp
2008-01-28 11:36 . 2008-01-28 11:36 <DIR> d-------- C:\Program Files\Greatis
2008-01-28 11:24 . 2008-01-28 12:42 250 --a------ C:\WINDOWS\gmer.ini
2008-01-28 10:14 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-28 10:14 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-28 10:13 . 2008-01-28 10:13 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-01-28 10:13 . 2008-01-28 10:14 <DIR> d-------- C:\Program Files\Symantec
2008-01-28 10:13 . 2008-01-28 10:13 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-28 10:13 . 2008-01-28 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-28 10:09 . 2008-01-28 10:09 <DIR> d-------- C:\WINDOWS\system32\fads
2008-01-28 10:09 . 2008-01-28 10:09 <DIR> d-------- C:\WINDOWS\system32\AdCache
2008-01-28 10:09 . 2008-01-28 10:09 <DIR> d-------- C:\Program Files\FlashGet
2008-01-28 09:55 . 2008-01-28 09:55 103,781 -r-hs---- C:\xo8wr9.exe
2008-01-28 09:55 . 2008-01-28 09:56 512 --a------ C:\WINDOWS\randseed.rnd
2008-01-24 15:53 . 2008-01-24 15:53 <DIR> d-------- C:\Documents and Settings\NEW\Phone Browser
2008-01-24 15:47 . 2008-01-24 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-24 15:46 . 2008-01-24 15:46 <DIR> d-------- C:\Program Files\DIFX
2008-01-24 15:46 . 2008-01-24 15:46 <DIR> d-------- C:\Documents and Settings\NEW\Application Data\PC Suite
2008-01-24 15:46 . 2008-01-24 15:46 <DIR> d-------- C:\Documents and Settings\NEW\Application Data\Nokia
2008-01-24 15:45 . 2008-01-24 15:45 <DIR> d-------- C:\Program Files\Nokia
2008-01-24 15:45 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-01-24 15:44 . 2008-01-24 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-01-23 15:25 . 2008-01-23 15:27 178 --a------ C:\WINDOWS\3DHOME.INI
2008-01-23 14:55 . 2008-01-23 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-23 14:54 . 2008-01-23 14:54 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-23 13:43 . 2008-01-23 13:43 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-23 12:50 . 2008-01-23 12:50 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-23 12:50 . 2008-01-23 12:50 <DIR> d-------- C:\Program Files\Autodesk
2008-01-23 12:50 . 2008-01-23 12:50 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-01-23 12:50 . 2008-01-23 12:50 54,784 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-23 12:50 . 2008-01-23 12:50 12,464 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2008-01-23 12:49 . 2008-01-23 12:49 <DIR> d-------- C:\Program Files\AutoCAD 2004
2008-01-23 12:49 . 2008-01-23 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-23 11:54 . 2008-01-23 11:54 <DIR> d-------- C:\Documents and Settings\NEW\Application Data\Autodesk
2008-01-23 11:51 . 2008-01-23 11:51 <DIR> d-------- C:\Program Files\Common Files\Wextech Shared
2008-01-23 11:51 . 2008-01-23 11:51 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-01-23 11:51 . 2008-01-23 11:51 <DIR> d-------- C:\Program Files\Autodesk Architectural Desktop 3
2008-01-23 11:18 . 2008-01-23 11:18 <DIR> d-------- C:\Documents and Settings\NEW\Application Data\Wildfire
2008-01-23 11:18 . 2008-01-23 11:18 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-01-23 09:55 . 2008-01-23 09:56 <DIR> d-------- C:\Program Files\IObit
2008-01-22 11:43 . 2008-01-22 11:43 <DIR> d-------- C:\Program Files\Oxygen Software
2008-01-22 11:38 . 2008-01-22 11:38 67 --a------ C:\WINDOWS\#1 DVD Ripper.INI
2008-01-22 11:36 . 2008-01-22 11:36 <DIR> d-------- C:\Documents and Settings\NEW\Application Data\Vso
2008-01-22 11:36 . 2008-01-22 11:38 87,608 --a------ C:\Documents and Settings\NEW\Application Data\ezpinst.exe
2008-01-22 11:36 . 2008-01-22 11:36 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-22 11:36 . 2008-01-22 11:38 47,360 --a------ C:\Documents and Settings\NEW\Application Data\pcouffin.sys
2008-01-22 11:14 . 2008-01-22 11:14 <DIR> d-------- C:\Program Files\DVDZip Pro 3.0.1.1
2008-01-22 11:14 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-01-22 11:14 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-01-22 11:14 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-01-22 11:14 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-01-19 12:54 . 2008-02-01 10:40 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-01-19 10:06 . 2008-02-05 10:44 1,292 --a------ C:\WINDOWS\mozver.dat
2008-01-19 09:36 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-01-19 09:36 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-01-18 18:17 . 2008-01-18 18:17 <DIR> d-------- C:\Program Files\Intel
2008-01-18 18:17 . 2006-10-10 17:03 10,288 --------- C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-01-18 18:17 . 2004-08-13 08:26 5,810 --------- C:\WINDOWS\system32\drivers\ASACPI.sys
2008-01-18 18:11 . 2008-01-18 18:11 <DIR> d-------- C:\Documents and Settings\NEW\Application Data\CyberLink
2008-01-18 17:14 . 2008-01-18 17:14 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-01-18 16:06 . 2006-08-01 12:32 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-01-18 16:05 . 2008-01-18 16:05 <DIR> d-------- C:\Program Files\Realtek
2008-01-18 16:05 . 2007-01-12 14:24 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
2008-01-18 16:05 . 2008-01-18 16:05 11,058 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-01-18 15:50 . 2007-03-23 16:49 9,715,200 -r------- C:\WINDOWS\RTLCPL.exe
2008-01-18 15:50 . 2007-04-10 16:34 4,397,568 --------- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-01-18 15:50 . 2007-04-04 14:52 1,822,720 -r------- C:\WINDOWS\SkyTel.exe
2008-01-18 15:50 . 2007-01-16 08:09 1,191,936 -r------- C:\WINDOWS\RtlUpd.exe
2008-01-18 15:50 . 2006-08-18 04:28 282,624 -r------- C:\WINDOWS\system32\RTSndMgr.cpl
2008-01-18 15:50 . 2006-07-21 13:44 86,016 -r------- C:\WINDOWS\SoundMan.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 04:43 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2007-12-06 10:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeptunesAdve
2007-12-06 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-12-06 10:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-06 03:50 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
1997-06-22 21:30 123,664 --sha-w C:\WINDOWS\system32\Msjint35.dll
1997-06-23 06:36 24,848 --sha-w C:\WINDOWS\system32\Msjter35.dll
1997-07-21 14:00 1,045,776 --sha-w C:\WINDOWS\system32\Msjet35.dll
1997-06-23 06:36 252,176 --sha-w C:\WINDOWS\system32\Msrd2x35.dll
1997-06-23 06:36 287,504 --sha-w C:\WINDOWS\system32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-11 18:16 4670968]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-05 18:43 114688]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-05 18:40 94208]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 12:58 16126464 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30 85184]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 19:26 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 19:26 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\NEW\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [2007-01-01 14:21:30 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2006-10-23 12:28 3727360 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2006-10-05 18:41 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-11 18:16 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 08:14]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47c3ce72-d212-11dc-9ec1-001bfcad7709}]
\Shell\AutoRun\command - M:\kinza.exe
\Shell\explore\Command - M:\kinza.exe
\Shell\open\Command - M:\kinza.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51e87d9f-c4b1-11dc-9ea1-001bfcad7709}]
\Shell\AutoRun\command - M:\x.com
\Shell\explore\Command - M:\x.com
\Shell\open\Command - M:\x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51e87da0-c4b1-11dc-9ea1-001bfcad7709}]
\Shell\AutoRun\command - N:\x.com
\Shell\explore\Command - N:\x.com
\Shell\open\Command - N:\x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55f37603-996f-11db-a8f3-001bfcad7709}]
\Shell\AutoRun\command - K:\2ifetri.cmd
\Shell\explore\Command - K:\2ifetri.cmd
\Shell\open\Command - K:\2ifetri.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69f58580-c97f-11dc-a8f8-9b1916cad09a}]
\Shell\AutoRun\command - wscript.exe VirusRemoval.vbs
\Shell\open\Command - wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bccda2fd-9977-11db-a8f4-001bfcad7709}]
\Shell\AutoRun\command - I:\3wcxx91.cmd
\Shell\explore\Command - I:\3wcxx91.cmd
\Shell\open\Command - I:\3wcxx91.cmd

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 10:43:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2008-02-01 10:44:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 05:14:32
ComboFix5.txt 2008-02-01 04:08:40
ComboFix4.txt 2008-02-01 10:23:34
ComboFix3.txt 2008-02-01 04:03:52
ComboFix2.txt 2008-02-01 03:58:24



BC AdBot (Login to Remove)

 


#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:06:49 AM

Posted 03 March 2008 - 12:00 AM

Hi and welcome,

Sorry for dealy.
If you still need help please post a fresh hijackthis log.
Can you also zip up and attach the other combofix logs that were created please?

They all should be here:

C:\qoobox (with name of combofix*.txt) (* being a number)

And --- what is drive E:\ ?
A flash drive or another hard drive?

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users