Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Log... Help


  • Please log in to reply
1 reply to this topic

#1 JKOGA

JKOGA

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 12 August 2008 - 05:19 PM

Can anyone tell me if my problems are fixed... i used combofix and this is the log...
WOOPS I DIDNT READ THE FORUM GUIDLINES... I have trojan... mmchost.dll
I tried using... lsp no luck... so i used combofix.... maybe i'll get kicked of the forum for this... =(

------------------------------------------------------------------------------------

ComboFix 08-08-12.01 - JKOGA 2008-08-12 14:48:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.643 [GMT -7:00]
Running from: C:\Documents and Settings\JKOGA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JKOGA\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\JKOGA\Application Data\macromedia\Flash Player\#SharedObjects\3DEYPVG7\interclick.com
C:\Documents and Settings\JKOGA\Application Data\macromedia\Flash Player\#SharedObjects\3DEYPVG7\interclick.com\ud.sol
C:\Documents and Settings\JKOGA\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\JKOGA\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\riched32.dll
C:\WINDOWS\system32\KarnaDrv.dll
C:\WINDOWS\system32\mmchost.dll
C:\WINDOWS\system32\sss.exe
C:\WINDOWS\system32\syspilog.pil
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SEICTRL


((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-12 09:58 . 2008-08-12 09:58 4,608 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-08-06 13:17 . 15,360 C:\WINDOWS\system32\dbi102.dll
2008-07-31 20:33 . 2008-07-31 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-31 18:42 . 2008-07-31 18:42 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-31 18:42 . 2008-04-07 05:38 45,392 -ra------ C:\WINDOWS\system32\AdobePDF.dll
2008-07-31 18:42 . 2008-04-07 05:38 22,872 -ra------ C:\WINDOWS\system32\AdobePDFUI.dll
2008-07-31 17:13 . 2008-07-31 17:49 <DIR> d-------- C:\Documents and Settings\JKOGA\Application Data\Download Manager
2008-07-28 16:29 . 2008-07-28 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-28 15:31 . 2008-07-28 16:58 <DIR> d-------- C:\Perl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 19:12 --------- d-----w C:\Program Files\Corporation Tool Box
2008-08-12 18:08 --------- d-----w C:\Program Files\activePDF
2008-08-12 17:17 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-08-12 17:17 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-08-11 23:49 41,110 ----a-w C:\Documents and Settings\JKOGA\Application Data\wklnhst.dat
2008-08-10 02:53 --------- d-----w C:\Program Files\Full Tilt Poker
2008-08-01 01:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-21 22:34 --------- d-----w C:\Program Files\Dl_cats
2008-07-08 18:54 --------- d-----w C:\Program Files\Instant Sales Copy
2008-06-26 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-06-26 15:00 --------- d-----w C:\Program Files\TechSmith
2008-06-26 15:00 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-06-25 23:28 --------- d-----w C:\Documents and Settings\JKOGA\Application Data\AdobeUM
2008-06-23 20:22 --------- d-----w C:\Documents and Settings\JKOGA\Application Data\HP
2008-06-23 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-23 19:32 --------- d-----w C:\Program Files\AIM6
2008-06-23 19:32 --------- d-----w C:\Documents and Settings\JKOGA\Application Data\acccore
2008-06-23 19:31 --------- d-----w C:\Program Files\Viewpoint
2008-06-23 19:31 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-23 19:31 --------- d-----w C:\Program Files\AIM Search
2008-06-23 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-23 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-23 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 04:58 --------- d-----w C:\Program Files\eCoverGenerator
2008-06-16 04:33 --------- d-----w C:\Program Files\EBook Generator
2008-06-15 21:37 --------- d-----w C:\Program Files\Header Generator
2008-06-15 21:23 --------- d-----w C:\Program Files\Armand Morin
2008-06-14 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 05:03 --------- d-----w C:\Program Files\Add-in Express
2008-06-12 23:38 --------- d-----w C:\Documents and Settings\JKOGA\Application Data\Image Zone Express
2008-06-12 21:10 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-06-12 21:08 --------- d-----w C:\Documents and Settings\JKOGA\Application Data\VersionTracker Pro
2008-06-12 20:56 --------- d-----w C:\Documents and Settings\JKOGA\Application Data\MSNInstaller
2008-06-12 20:55 --------- d-----w C:\Program Files\LimeWire
2008-06-12 04:53 79,464 ----a-w C:\Documents and Settings\JKOGA\Application Data\GDIPFONTCACHEV1.DAT
2008-05-22 01:07 56,912 ----a-w C:\Documents and Settings\JKOGA\g2mdlhlpx.exe
2006-10-16 07:17 8 --sh--r C:\WINDOWS\system32\6F44937CF3.sys
2007-02-25 03:58 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-12 13:47 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 14:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 14:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 14:45 118784]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 12:58 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 09:48 761947]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 18:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 18:29 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 20:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 15:49 1121280]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 10:26 110592]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 10:49 163840]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00 1005096]
"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-10-07 09:01 430080]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [2005-09-07 06:37 290816]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-08-02 13:49 26112]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-09-14 06:51 73728]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 13:02 564496]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 13:06 2196240]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 02:25 37232]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 22:43 640376]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 14:30 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-02 13:41:48 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R2 DLCDCustomerConnect;DLCDCustomerConnect;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\DLCDserv.exe [2005-09-14 06:52]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 14:38]
R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-10-28 05:41]
S2 seictrl;Security Control;c:\windows\system32\rundll32.exe dbi102.dll,scan []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

*Newly Created Service* - SEICTRL
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (JKO-JKOGA).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-07-08 18:18]

2008-06-25 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
- C:\Program Files\SpywareBot\SpywareBot.exe []

2008-06-25 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
- C:\Program Files\SpywareBot []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ModemOnHold - C:\Program Files\NetWaiting\netWaiting.exe
HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-SpywareBot - C:\Program Files\SpywareBot\SpywareBot.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\JKOGA\Application Data\Mozilla\Firefox\Profiles\z5s60r34.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 14:57:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdserv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\SpamKiller\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
.
**************************************************************************
.
Completion time: 2008-08-12 15:04:01 - machine was rebooted [JKOGA]
ComboFix-quarantined-files.txt 2008-08-12 22:03:55

Pre-Run: 62,697,054,208 bytes free
Post-Run: 63,866,040,320 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

227 --- E O F --- 2008-07-09 08:04:45

Edited by JKOGA, 12 August 2008 - 05:32 PM.


BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:37 AM

Posted 24 August 2008 - 12:52 PM

Hello JKOGA

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Hijackthis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users