Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

evaluate my logs plz

Started by styllix , Jun 25 2008 02:37 AM

  • Please log in to reply

#1
styllix
Posted 25 June 2008 - 02:37 AM

styllix

    New Member

  • Member
  • Pip
  • 3 posts
ComboFix 08-06-20.4 - Stylix 2008-06-25 16:31:01.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.75 [GMT 4.5:30]
Running from: C:\Documents and Settings\Stylix\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stylix\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Stylix\Application Data\ShoppingReport
C:\Documents and Settings\Stylix\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Stylix\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Stylix\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Stylix\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Stylix\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Stylix\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Stylix\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.

2008-06-25 16:03 . 2008-06-25 16:03 <DIR> d-------- C:\logs
2008-06-25 09:52 . 2008-06-25 09:52 <DIR> d-------- C:\Documents and Settings\Stylix\Application Data\DNA
2008-06-25 07:23 . 2008-06-25 07:23 <DIR> d--hs---- C:\FOUND.002
2008-06-25 01:29 . 2008-06-25 01:29 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-06-24 00:13 . 2008-06-24 00:13 <DIR> d-------- C:\Program Files\uTorrent
2008-06-23 23:47 . 2008-06-23 23:47 <DIR> d-------- C:\Program Files\DNA
2008-06-23 23:26 . 2008-06-23 23:26 <DIR> d-------- C:\Documents and Settings\Stylix\Application Data\uTorrent
2008-06-23 21:21 . 2008-06-23 21:21 <DIR> d-------- C:\Documents and Settings\Stylix\Application Data\vlc
2008-06-23 17:19 . 2008-06-23 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Launcher
2008-06-23 11:21 . 2008-06-23 11:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Graboid Inc
2008-06-23 11:19 . 2008-06-23 11:19 <DIR> d-------- C:\Documents and Settings\Stylix\Application Data\MozillaControl
2008-06-23 11:18 . 2008-06-23 11:18 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-23 11:18 . 2008-06-23 11:18 <DIR> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-06-23 11:18 . 2008-06-23 11:18 <DIR> d-------- C:\Program Files\Graboid
2008-06-22 21:56 . 2003-07-16 12:14 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-06-22 21:55 . 2003-05-29 00:01 91,648 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2008-06-22 21:55 . 2003-12-10 00:13 76,054 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2008-06-22 21:55 . 2003-05-21 01:27 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-06-22 21:55 . 2000-06-07 00:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-06-22 21:28 . 2001-09-04 01:04 182 --a------ C:\WINDOWS\system32\EBPPORT4.DAT
2008-06-22 21:26 . 2008-06-22 21:26 <DIR> d-------- C:\Program Files\EPSON
2008-06-22 21:06 . 2008-06-22 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-22 19:14 . 2008-06-22 19:14 91,373 --a------ C:\WINDOWS\EPSTPLOG.BAK
2008-06-22 19:01 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-21 14:59 . 2008-06-21 14:59 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-19 22:34 . 2008-06-19 22:34 <DIR> d--hs---- C:\FOUND.001
2008-06-18 21:23 . 2008-06-18 21:23 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-18 17:52 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-18 17:51 . 2008-06-18 17:51 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-18 17:30 . 2008-04-23 08:05 6,068,224 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-18 17:30 . 2007-04-17 14:02 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-18 17:30 . 2007-03-08 09:40 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-18 17:30 . 2008-04-23 08:05 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-18 17:30 . 2008-04-23 08:05 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-18 17:30 . 2008-04-23 08:05 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-18 17:30 . 2008-04-23 08:05 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-18 17:30 . 2008-04-23 08:05 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-18 17:30 . 2008-04-22 12:32 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-18 16:34 . 2008-06-18 16:34 <DIR> d-------- C:\Documents and Settings\Stylix\Incomplete
2008-06-18 16:33 . 2008-06-18 16:33 <DIR> d-------- C:\Program Files\LimeWireTurbo
2008-06-18 16:33 . 2008-06-18 16:33 <DIR> d-------- C:\Documents and Settings\Stylix\Application Data\LimeWireTurbo
2008-06-17 11:09 . 2008-06-17 11:09 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-17 10:58 . 2008-06-17 10:58 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-17 10:58 . 1999-02-16 20:49 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-06-17 10:58 . 2004-07-14 15:26 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-06-17 10:58 . 2005-02-04 10:21 40,960 --a------ C:\WINDOWS\system32\FxHorizBtn.ocx
2008-06-17 10:58 . 2003-03-06 10:43 36,864 --a------ C:\WINDOWS\system32\FxPanel.ocx
2008-06-17 10:58 . 2000-06-13 00:00 2,493 --a------ C:\WINDOWS\system32\COMCTL32.DEP
2008-06-16 14:37 . 2008-06-16 14:37 <DIR> d-------- C:\Program Files\Chikka Messenger
2008-06-16 14:37 . 2008-06-16 14:37 <DIR> d-------- C:\Documents and Settings\Stylix\ChikkaDefault
2008-06-14 10:26 . 2008-06-14 10:26 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
2008-06-14 10:26 . 2008-06-14 10:26 <DIR> d-------- C:\Program Files\Replay Media Catcher
2008-06-14 09:39 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-14 09:38 . 2008-06-14 09:38 <DIR> d-------- C:\Program Files\Java
2008-06-14 09:32 . 2008-06-14 09:32 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-14 09:28 . 2008-06-14 09:28 <DIR> d-------- C:\Documents and Settings\Stylix\.limewire
2008-06-14 07:17 . 2008-06-14 07:17 <DIR> d-------- C:\Documents and Settings\Stylix\Application Data\Yahoo!
2008-06-14 07:08 . 2008-06-14 07:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-14 07:05 . 2008-06-14 07:05 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-05 14:48 . 2008-06-18 20:50 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-02 02:58 . 2008-06-02 02:58 <DIR> d-------- C:\Documents and Settings\Stylix\Application Data\CyberLink
2008-06-02 02:58 . 2008-06-02 02:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-30 15:14 . 2008-05-30 15:14 <DIR> d--hs---- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 10:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-24 05:22 --------- d-----w C:\Program Files\CyberLink
2008-05-24 05:19 --------- d-----w C:\Documents and Settings\Stylix\Application Data\Ahead
2008-05-24 05:15 --------- d-----w C:\Program Files\Nero
2008-05-24 05:15 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-24 05:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-22 08:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 08:02 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

------- Sigcheck -------

2008-01-22 01:08 360704 a11391be25035570ae4b8970920f2c74 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-23 23:47 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-06 16:08 1443072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 02:00 99840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-23 08:05 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^Stylix^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Stylix\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Stylix^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Stylix\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
C:\WINDOWS\system32\kavo.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\BIN\\javaw.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13352:TCP"= 13352:TCP:BitComet 13352 TCP
"13352:UDP"= 13352:UDP:BitComet 13352 UDP

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-06 16:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52985fc2-0034-11dd-8c81-00012e0d10cd}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nircmd.exe execmd CALL batexe\progstart.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{730182dc-0255-11dd-8ee9-806d6172696f}]
\Shell\AutoRun\command - F:\uuhgt.bat
\Shell\explore\Command - F:\uuhgt.bat
\Shell\open\Command - F:\uuhgt.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e42c78a4-0133-11dd-9378-00012e0d10cd}]
\Shell\Auto\command - transmit.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL transmit.exe
\Shell\explore\command - transmit.exe
\Shell\open\command - transmit.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e42c78a5-0133-11dd-9378-00012e0d10cd}]
\Shell\Auto\command - F:\transmit.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL transmit.exe
\Shell\explore\command - F:\transmit.exe
\Shell\open\command - F:\transmit.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e611a0aa-0254-11dd-937d-00012e0d10cd}]
\Shell\Auto\command - F:\transmit.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL transmit.exe
\Shell\explore\command - F:\transmit.exe
\Shell\open\command - F:\transmit.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 16:32:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

C:\WINDOWS\EXPLORER.EXE [1624] 0xFFB11730

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-25 16:32:28
ComboFix-quarantined-files.txt 2008-06-25 12:02:28

Pre-Run: 11,865,669,632 bytes free
Post-Run: 11,838,046,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

211
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP