Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix


  • This topic is locked This topic is locked
2 replies to this topic

#1 dido

dido

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 01 June 2008 - 11:32 PM

can anyone help me... i can't cut and paste or even run internet explorer.
i was on whats the tech and i found combofix. but since i could go online on my laptop i used my other computer to download the fild and i did run combofix from a usb drive. this is the log below. what can i do the problem is still there.

thank in advance guys guys.


ComboFix 08-06-01.6 - Dido 2008-06-01 23:01:25.1 - NTFSx86
Running from: G:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\2.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\MTEfgMoq.ini
C:\WINDOWS\system32\MTEfgMoq.ini2
C:\WINDOWS\system32\nnnnOiJd.dll
C:\WINDOWS\system32\qoMgfETM.dll
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\tmp3_127453682260.bk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_Routing
-------\Service_WServing


((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-06-01 22:16 . 2008-06-01 22:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-06-01 08:51 . 2008-06-01 08:51 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-06-01 08:51 . 2008-06-01 08:51 4 --a------ C:\WINDOWS\system32\DB5E9E
2008-06-01 04:45 . 2008-06-01 04:45 5,632 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-06-01 00:07 . 2008-06-01 00:16 <DIR> d-------- C:\NSS
2008-05-31 22:51 . 2008-05-31 22:51 <DIR> d-------- C:\Documents and Settings\PATRICIA\Application Data\Symantec
2008-05-31 21:16 . 2008-05-31 21:16 <DIR> d-------- C:\WINDOWS\MVUNINST
2008-05-31 21:16 . 2008-05-31 21:17 <DIR> d-------- C:\Program Files\Memorex exPressit Label Design Studio
2008-05-31 21:16 . 2008-05-31 21:16 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-05-31 21:16 . 2002-01-05 02:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-05-31 10:56 . 2008-05-31 10:56 <DIR> d-------- C:\N360_BACKUP
2008-05-31 07:40 . 2008-05-31 10:48 <DIR> d-------- C:\Documents and Settings\Dido\Application Data\Symantec
2008-05-31 07:31 . 2008-05-31 07:31 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-05-31 07:31 . 2008-05-31 21:20 <DIR> d-------- C:\Program Files\Norton 360
2008-05-31 07:24 . 2008-05-31 07:35 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 07:24 . 2008-05-31 07:35 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 07:24 . 2008-05-31 07:35 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 07:24 . 2008-05-31 07:35 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 07:22 . 2008-05-31 07:35 <DIR> d-------- C:\Program Files\Symantec
2008-05-31 07:22 . 2008-05-31 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 06:24 . 2008-05-31 06:24 <DIR> d-------- C:\Documents and Settings\Dido\Application Data\RTPlayer
2008-05-30 21:26 . 2008-05-31 06:51 <DIR> d-------- C:\Documents and Settings\Dido\Application Data\tunebite
2008-05-30 20:53 . 2008-05-31 21:11 <DIR> d-------- C:\Documents and Settings\Dido\Application Data\Apple Computer
2008-05-30 20:36 . 2007-05-16 18:10 19,200 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
2008-05-30 17:35 . 2008-05-30 17:35 <DIR> d-------- C:\WINDOWS\system32\Logs
2008-05-30 17:21 . 2008-05-31 06:51 <DIR> d-------- C:\Program Files\Tunebite
2008-05-30 17:01 . 2008-06-01 20:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-30 17:01 . 2008-05-30 17:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-30 16:19 . 2008-05-30 16:19 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2008-05-30 16:12 . 2008-05-30 18:20 <DIR> d-------- C:\Documents and Settings\PATRICIA\Application Data\Tunebite
2008-05-30 16:11 . 2008-05-30 16:11 <DIR> d-------- C:\Program Files\RapidSolution
2008-05-30 16:11 . 2008-05-30 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-05-30 00:14 . 2008-05-30 00:15 <DIR> d-------- C:\Program Files\iTunes
2008-05-30 00:14 . 2008-05-30 00:14 <DIR> d-------- C:\Program Files\iPod
2008-05-30 00:11 . 2008-05-30 00:12 <DIR> d-------- C:\Program Files\QuickTime
2008-05-29 23:41 . 2008-05-30 00:02 <DIR> d-------- C:\Documents and Settings\PATRICIA\Application Data\Apple Computer
2008-05-29 23:39 . 2008-05-29 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-29 23:38 . 2008-05-29 23:38 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-29 23:38 . 2008-05-30 00:23 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-29 23:38 . 2008-05-29 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-29 21:07 . 2008-06-01 04:52 0 --a------ C:\WINDOWS\wininit.ini
2008-05-29 20:08 . 2008-05-29 20:15 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-29 20:00 . 2008-05-29 20:00 <DIR> d-------- C:\PerfLogs
2008-05-10 08:10 . 2008-05-10 08:10 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-10 08:09 . 2008-05-10 08:11 <DIR> d-------- C:\Program Files\Windows Live
2008-05-10 08:09 . 2008-05-10 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-09 09:14 . 2008-06-01 06:57 <DIR> d-------- C:\Program Files\AutoCAD Architecture 2008
2008-05-03 23:08 . 2008-05-03 23:08 <DIR> d-------- C:\Program Files\Softouch
2008-05-03 23:08 . 2008-05-03 23:08 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-05-03 23:08 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2008-05-03 23:08 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL
2008-05-03 23:07 . 2008-05-03 23:07 <DIR> d-------- C:\Documents and Settings\PATRICIA\Application Data\Softouch
2008-05-03 23:07 . 2008-05-03 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Softouch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 03:57 --------- d-----w C:\Documents and Settings\Dido\Application Data\U3
2008-06-02 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-01 15:19 --------- d-----w C:\Documents and Settings\PATRICIA\Application Data\U3
2008-06-01 11:59 --------- d-----w C:\Documents and Settings\Dido\Application Data\Autodesk
2008-06-01 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-01 05:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 18:30 --------- d-----w C:\Program Files\Google
2008-05-31 11:57 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-31 11:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-31 11:53 --------- d-----w C:\Documents and Settings\Dido\Application Data\uTorrent
2008-05-30 23:21 --------- d-----w C:\Documents and Settings\PATRICIA\Application Data\Skype
2008-05-30 21:12 --------- d-----w C:\Documents and Settings\PATRICIA\Application Data\uTorrent
2008-05-30 19:14 --------- d-----w C:\Documents and Settings\PATRICIA\Application Data\skypePM
2008-05-30 04:53 --------- d-----w C:\Program Files\Rhapsody
2008-05-30 01:32 --------- d-----w C:\Program Files\MagicISO
2008-05-30 01:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 01:28 --------- d-----w C:\Program Files\InterVideo
2008-05-30 01:21 --------- d-----w C:\Program Files\321StudiosRF
2008-05-30 01:20 --------- d-----w C:\Program Files\Toshiba Games
2008-05-09 14:23 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-02 01:37 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-02 01:19 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-05-02 01:05 --------- d-----w C:\Program Files\Skype
2008-05-02 01:05 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-02 01:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-02 01:01 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2008-05-02 01:01 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-04-09 01:26 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-04 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
.

------- Sigcheck -------

2008-05-31 14:44 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe

2005-03-02 13:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 10:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 07:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 13:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 07:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2005-10-20 22:38 661504 af785c4947676a7fc1673fdc5c8d0b5b C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2007-06-27 09:40 824320 d6ed5e042c5207553e7f5e842918137f C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-08-20 05:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-10-10 18:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-06 21:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 08:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2004-08-04 07:00 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2005-10-20 22:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
2006-01-09 13:02 662016 dde9597a3311748c1519444e2bc147bd C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 07:46 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 09:35 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINDOWS\ie7\wininet.dll
2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
2007-06-27 09:34 823808 8068cbb58fe60cc95aeb2cff70178208 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 05:04 824832 774435e499d8e9643ec961a6103c361f C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 18:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-06 21:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 08:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\system32\wininet.dll
2008-03-01 08:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\system32\dllcache\wininet.dll

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 07:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 07:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe

2004-08-04 07:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 07:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-01 19:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2004-08-04 07:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2005-09-28 18:35 2015744 48472d224e1703882b4de0e28e205e9b C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 04:15 2017280 2dfb215e291e3d9b1cf9a6739b3bf16c C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-01 20:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2004-08-04 07:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2005-09-28 19:02 2136064 25c36dbc46e8eff2a811769a60715ac5 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 04:53 2137600 e6679c3023b17d8b78946bc5df53fa20 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 07:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 07:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe

2004-08-04 07:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe

2004-08-04 07:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44d5941b-6ddb-4918-8e56-3d34b61a1ca8}]
C:\WINDOWS\system32\ktmvsqsa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-23 21:08 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-31 07:33 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll" [2008-02-23 21:08 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-02-23 21:08 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@={4433A54A-1AC8-432F-90FC-85F045CF383C}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@={F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@={476D0EA3-80F9-48B5-B70B-05E677C9C148}

[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 02:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-31 13:31 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 07:00 158208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 09:50 988512]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 14:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 13:41 602182]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 14:37 51048]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 00:40 196608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 20:29 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-02-24 12:49 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--a------ 2006-03-10 20:00 245760 C:\WINDOWS\system32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\847ec000]
C:\WINDOWS\system32\tdtosjhp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM874df39c]
C:\WINDOWS\system32\almcrhyq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-11-28 15:52 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-11-28 15:55 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-11-28 15:55 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 14:45 279912 c:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 14:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
--a------ 2006-02-24 12:37 30208 C:\Program Files\Protector Suite QL\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tempreg]
regsvr32 /s C:\Program Files\s300\s300_1203215110.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
--a------ 2006-03-16 19:34 593920 C:\WINDOWS\system32\TFNF5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThpSrv]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-15 11:06 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosHKCW.exe]
--a------ 2005-05-17 13:42 49152 C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
--a------ 2005-06-28 22:43 126976 C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2006-03-10 14:01 315392 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSODDCtl]
--a------ 2006-03-10 14:01 110592 C:\WINDOWS\system32\TPSODDCtl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2006-02-02 14:11 73728 C:\Program Files\Toshiba\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AFinding"=2 (0x2)
"Browser"=2 (0x2)
"iPod Service"=3 (0x3)
"lanmanserver"=2 (0x2)
"seclogon"=2 (0x2)
"Routing"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MSCamSvc"=2 (0x2)
"Messenger"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d7ad5d1-d69e-11dc-aab7-000e7b4222e6}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 05:02:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-01 04:33:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-02 00:59:43 C:\WINDOWS\Tasks\LifeChatTask.job"
- C:\Program Files\Microsoft LifeChat\LifeChat.exe
"2008-05-17 15:03:23 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IcePick_exe.job"
- c:\Program Files\Microsoft LifeCam\IcePick.exe
"2008-05-02 01:21:33 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job"
- C:\Program Files\Microsoft LifeCam\LifeExp.exe
"2008-05-30 20:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 23:11:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Apoint2K\ApntEx.exe
.
**************************************************************************
.
Completion time: 2008-06-01 23:15:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-02 04:15:05

Pre-Run: 50,314,706,944 bytes free
Post-Run: 50,219,896,832 bytes free

372 --- E O F --- 2008-05-30 01:02:12

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 PM

Posted 28 June 2008 - 01:32 PM

Hello dido,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:02 PM

Posted 09 July 2008 - 10:36 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users