Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Let Me Know Am I Infected


  • This topic is locked This topic is locked
1 reply to this topic

#1 Shiva Kumar

Shiva Kumar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 27 June 2008 - 12:50 AM

When I have run combofix it cleared max but still I have few problems.

Here I am Posting the logs please check and let me know what is the status so that I can take further steps.

I am waiting for your reply thanking you.








ComboFix 08-06-20.4 - SBC02 2008-06-25 11:57:56.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.587 [GMT 5.5:30]
Running from: D:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-25 11:43 . 2008-06-25 11:43 <DIR> d-------- C:\log
2008-06-24 22:21 . 2008-06-24 22:21 <DIR> d--hs---- C:\FOUND.000
2008-05-29 22:28 . 2008-05-29 22:28 <DIR> d-------- C:\Program Files\Common Files\SRC Shared
2008-05-29 22:28 . 2008-05-29 22:28 <DIR> d-------- C:\Documents and Settings\SBC02\Application Data\SmarThru4
2008-05-29 22:27 . 1997-05-26 14:55 23,040 --a------ C:\WINDOWS\system32\irisco32.dll
2008-05-29 22:27 . 2008-05-29 22:27 124 --a------ C:\WINDOWS\Readiris.ini
2008-05-29 22:26 . 2008-05-29 22:26 <DIR> d-------- C:\Program Files\SmarThru 4
2008-05-29 22:26 . 2008-05-29 22:26 <DIR> d-------- C:\Program Files\Readiris10
2008-05-29 22:23 . 2006-08-16 08:51 151,552 --a------ C:\WINDOWS\system32\SUGE1CI.exe
2008-05-29 22:23 . 2006-08-16 08:51 57,344 --a------ C:\WINDOWS\system32\SUGE1CI.dll
2008-05-29 22:23 . 2006-08-16 08:52 22,663 --a------ C:\WINDOWS\system32\SUGE1LMK.DLL
2008-05-29 22:23 . 2006-08-16 08:26 11,502 --------- C:\WINDOWS\Dr. Printer Icon.ico
2008-05-29 22:23 . 2006-08-16 08:52 556 --a------ C:\WINDOWS\system32\SUGE1lmk.smt
2008-05-29 22:21 . 2008-05-29 22:21 <DIR> d-------- C:\Program Files\SAMSUNG
2008-05-29 22:19 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-29 22:19 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-29 22:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-29 22:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-28 15:52 . 2001-08-23 17:30 22,016 --a------ C:\WINDOWS\system32\dllcache\agt0408.dll
2008-05-28 15:52 . 2001-08-23 17:30 19,968 --a------ C:\WINDOWS\system32\dllcache\agt040e.dll
2008-05-28 15:52 . 2001-08-23 17:30 19,456 --a------ C:\WINDOWS\system32\dllcache\agt041f.dll
2008-05-28 15:52 . 2001-08-23 17:30 19,456 --a------ C:\WINDOWS\system32\dllcache\agt0419.dll
2008-05-28 15:52 . 2001-08-23 17:30 19,456 --a------ C:\WINDOWS\system32\dllcache\agt0415.dll
2008-05-28 15:52 . 2001-08-23 17:30 19,456 --a------ C:\WINDOWS\system32\dllcache\agt0405.dll
2008-05-28 15:52 . 2004-08-04 00:56 8,704 --a------ C:\WINDOWS\system32\dllcache\batt.dll
2008-05-28 12:23 . 2004-08-08 17:49 49,152 --a------ C:\WINDOWS\system32\LogonDll.dll
2008-05-28 12:22 . 2008-05-28 12:22 7,926,554 --------- C:\Persi0.sys
2008-05-28 12:21 . 2008-05-28 12:21 <DIR> d-------- C:\Program Files\Faronics
2008-05-28 12:09 . 2008-05-28 12:09 <DIR> d-------- C:\Documents and Settings\SBC02\Application Data\Rediff.com
2008-05-28 11:58 . 2008-05-28 11:58 17,381 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-05-28 11:56 . 2008-05-28 11:58 823 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-28 11:55 . 2008-05-28 11:55 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-05-28 11:54 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-28 11:47 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-05-28 11:47 . 2008-05-28 11:47 376 --a------ C:\WINDOWS\ODBC.INI
2008-05-28 11:46 . 2008-05-28 11:46 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-28 11:46 . 2008-05-28 11:46 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-28 11:45 . 2008-05-28 11:45 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-28 11:42 . 2008-05-28 11:42 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-28 11:42 . 2008-05-28 11:42 <DIR> dr-h----- C:\MSOCache
2008-05-28 11:41 . 2008-05-28 11:41 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-28 11:37 . 2008-05-28 11:37 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-05-28 11:37 . 2008-05-28 11:37 <DIR> d-------- C:\Program Files\DIFX
2008-05-28 11:37 . 2006-07-01 22:39 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-28 11:36 . 2008-05-28 11:36 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-05-28 11:36 . 2008-05-28 11:36 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-05-28 11:36 . 2008-05-28 11:36 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-05-28 11:36 . 2008-05-28 11:36 17,241 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-28 11:33 . 2008-05-28 11:33 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-05-28 11:33 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-05-28 11:33 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-05-28 11:33 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-05-28 11:33 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\dllcache\drmk.sys
2008-05-28 11:33 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-05-28 11:33 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\dllcache\ksuser.dll
2008-05-28 11:32 . 2007-03-23 16:49 9,715,200 --a------ C:\WINDOWS\RTLCPL.EXE
2008-05-28 11:32 . 2007-10-02 14:02 4,613,120 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-05-28 11:32 . 2007-08-03 10:52 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
2008-05-28 11:32 . 2007-07-26 15:36 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2008-05-28 11:32 . 2006-08-18 04:28 282,624 --a------ C:\WINDOWS\system32\RTSndMgr.CPL
2008-05-28 11:32 . 2006-07-21 13:44 86,016 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-05-28 11:32 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-28 11:31 . 2008-05-28 11:31 <DIR> d-------- C:\Program Files\Realtek
2008-05-28 11:31 . 2007-09-27 11:50 16,844,800 --a------ C:\WINDOWS\RTHDCPL.EXE
2008-05-28 11:31 . 2006-05-04 13:56 2,808,832 --a------ C:\WINDOWS\ALCWZRD.EXE
2008-05-28 11:31 . 2007-06-28 14:14 2,165,760 --a------ C:\WINDOWS\MicCal.exe
2008-05-28 11:31 . 2007-07-26 14:39 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
2008-05-28 11:31 . 2008-05-28 11:31 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-05-28 11:31 . 2005-09-21 07:55 299,008 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-05-28 11:31 . 2005-05-03 16:13 69,632 --a------ C:\WINDOWS\ALCMTR.EXE
2008-05-28 11:30 . 2008-05-28 11:30 <DIR> d-------- C:\WINDOWS\ASUSInstAll
2008-05-28 11:29 . 2008-05-28 11:29 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-05-28 11:29 . 2008-05-28 11:29 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-28 11:29 . 2008-05-28 11:29 22 --a------ C:\WINDOWS\FileName
2008-05-28 11:28 . 2008-05-28 11:28 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-28 11:27 . 2008-05-28 11:27 <DIR> d-------- C:\WINDOWS\nview
2008-05-28 11:26 . 2008-05-28 11:26 <DIR> d-------- C:\Documents and Settings\SBC02\Application Data\InstallShield
2008-05-28 11:26 . 2006-12-18 16:33 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-28 11:26 . 2008-05-28 11:34 17,493 --a------ C:\WINDOWS\Ascd_log.ini
2008-05-28 11:25 . 2008-05-28 11:25 <DIR> d-------- C:\Program Files\Java
2008-05-28 11:25 . 2007-08-01 09:09 12,536 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-28 11:25 . 2004-08-11 21:30 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-05-28 11:21 . 2008-05-28 11:21 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-28 11:21 . 2008-05-28 11:21 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-28 11:21 . 2008-05-28 11:21 <DIR> d-------- C:\j2sdk1.4.2_17
2008-05-28 11:19 . 2008-05-28 11:19 <DIR> d-------- C:\Program Files\Real
2008-05-28 11:10 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe
2008-05-28 11:10 . 2007-07-11 16:09 20,480 --a------ C:\WINDOWS\FixCamera.exe
2008-05-28 11:06 . 2008-05-28 11:06 <DIR> d-------- C:\Documents and Settings\SBC02
2008-05-28 11:03 . 2008-05-28 11:03 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-28 11:03 . 2008-05-28 11:03 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-05-28 09:58 . 2008-05-28 09:58 <DIR> d--hs---- C:\Recycled
2008-05-28 09:57 . 2008-05-28 09:57 <DIR> d-------- C:\Program Files\Webroot
2008-05-28 09:57 . 2008-05-28 09:57 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2008-05-28 09:57 . 2008-05-28 09:57 <DIR> d-------- C:\Documents and Settings\SBC02\Application Data\Webroot
2008-05-28 09:57 . 2008-05-28 09:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-28 09:57 . 2007-11-26 14:47 194,888 --a------ C:\WINDOWS\Unwash6.exe
2008-05-28 09:54 . 2008-05-28 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-28 09:48 . 2008-05-28 09:48 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-28 09:26 . 2008-05-29 22:32 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-28 09:26 . 2008-05-29 22:32 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-28 09:26 . 2008-05-29 22:32 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-28 09:26 . 2008-05-29 22:32 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-28 09:23 . 2008-05-28 09:23 <DIR> d-------- C:\kav

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 06:28 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-28 06:28 218,624 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
2008-05-28 05:58 203,776 ----a-w C:\WINDOWS\system32\clrviddc.dll
2008-05-28 05:50 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-28 05:50 4,096 ------w C:\Program Files\Common Files\Real
2008-05-28 05:50 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-28 05:29 --------- d-----w C:\Documents and Settings\SBC02\Application Data\vlc
2008-05-28 05:28 --------- d-----w C:\Program Files\VideoLAN
2008-05-28 05:24 --------- d-----w C:\Program Files\Google
2008-05-28 05:23 --------- d-----w C:\Program Files\Rediff Bol
2008-05-28 05:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-28 05:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-28 05:13 --------- d-----w C:\Program Files\TypingMaster
2008-05-28 05:04 --------- d-----w C:\Program Files\microsoft frontpage
.

------- Sigcheck -------

2007-08-13 18:54 923648 2951df2f438bb4d287a621b8538ed332 C:\WINDOWS\system32\wininet.dll
2007-08-13 18:54 923648 2951df2f438bb4d287a621b8538ed332 C:\WINDOWS\system32\dllcache\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ie7\wininet.dll

2004-08-03 19:26 2114048 c0244047052a24fa7b99b280dc6fd497 C:\WINDOWS\explorer.exe
2004-08-03 19:26 2114048 c0244047052a24fa7b99b280dc6fd497 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"="C:\Program Files\Webroot\Washer\WashIdx.exe" [2007-11-26 14:47 55624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 04:05 7634944]
"nwiz"="nwiz.exe" [2006-10-31 04:05 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-31 04:05 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 11:50 16844800 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2007-08-03 10:52 1826816 C:\WINDOWS\SkyTel.exe]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
LogonDll.dll 2004-08-08 17:49 49152 C:\WINDOWS\system32\LogonDll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R0 DeepFrz;DeepFrz;C:\WINDOWS\system32\drivers\DeepFrz.sys [2004-08-08 17:41]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 11:58:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\LogonDll.dll
.
Completion time: 2008-06-25 11:58:44
ComboFix-quarantined-files.txt 2008-06-25 06:28:44
ComboFix2.txt 2008-06-25 06:18:50

Pre-Run: 2,577,199,104 bytes free
Post-Run: 2,569,285,632 bytes free

194

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:59 PM

Posted 27 June 2008 - 06:48 AM

Please note the message text in blue at the top of this forum.

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Further, you did not follow the required instructions for using ComboFix which are provided when the tool is used under proper supervision as its log indicates your machine does not have the Recovery Console installed.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff

Edited by quietman7, 27 June 2008 - 06:48 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users