Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Metajuan :: W32.Trats :: Trojan.Vundo (logs included)[RESOLVED]

Started by skillet2k , Feb 29 2008 05:10 PM

  • Please log in to reply

#1
skillet2k
Posted 29 February 2008 - 05:10 PM

skillet2k

    New Member

  • Member
  • Pip
  • 3 posts
-----edit------

***HIJACK THIS & THEN COMBO FIX DID THE JOB***

I'm sure its only about 85% good...but @ least I have control over my PC again

-----edit------




Hijack first.
Combo Fix next.

I think i just downloaded a bad file. Please help.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:04 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Starfield\Desktop Notifier\wben.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon........&bm=ms_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.224.110:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtsqr.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Verizon SMB Toolbar - {4E7BD74F-2B8D-469E-D0EA-FD61A78FAC7D} - C:\PROGRA~1\vzsmbtb\vzsmbtb.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [7808df29] rundll32.exe "C:\WINDOWS\system32\ymixclky.dll",b
O4 - HKCU\..\Run: [wben] "C:\Program Files\Starfield\Desktop Notifier\wben.exe"
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...DSL/tgctlcm.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = escodom.com
O17 - HKLM\Software\..\Telephony: DomainName = escodom.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = escodom.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = escodom.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = escodom.com
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6474 bytes



=========================================================



ComboFix 08-02-25.3 - ian 2008-02-29 17:29:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.211 [GMT -5:00]
Running from: C:\Documents and Settings\Ian\Desktop\ComboFix.exe


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\Helper\1201179456.dll
C:\WINDOWS\Media\F2233warxy11.dll
C:\WINDOWS\system32\ahwrkcag.dll
C:\WINDOWS\system32\atxpgjpy.dll
C:\WINDOWS\system32\awvimvbg.dll
C:\WINDOWS\system32\bdsppgom.dll
C:\WINDOWS\system32\bgkuljel.dll
C:\WINDOWS\system32\cdhxoxch.dll
C:\WINDOWS\system32\cetmchsm.dll
C:\WINDOWS\system32\cggxlndk.dll
C:\WINDOWS\system32\dsqwqpsl.ini
C:\WINDOWS\system32\fdcriplh.dll
C:\WINDOWS\system32\ftsljcao.ini
C:\WINDOWS\system32\gijncbob.dll
C:\WINDOWS\system32\haladrgs.dll
C:\WINDOWS\system32\hhvdrupd.dll
C:\WINDOWS\system32\hlbtkngb.dll
C:\WINDOWS\system32\hmqoyfmh.dll
C:\WINDOWS\system32\jbyrsrra.dll
C:\WINDOWS\system32\jownrgcc.dll
C:\WINDOWS\system32\jrvhknnt.dll
C:\WINDOWS\system32\kddyfmyj.dll
C:\WINDOWS\system32\knmtltwo.dll
C:\WINDOWS\system32\kragpbmr.dll
C:\WINDOWS\system32\lonlcnlt.dll
C:\WINDOWS\system32\lspqwqsd.dll
C:\WINDOWS\system32\nbahnbqr.dll
C:\WINDOWS\system32\nbkpsatp.dll
C:\WINDOWS\system32\nmyfsuko.dll
C:\WINDOWS\system32\oacjlstf.dll
C:\WINDOWS\system32\oljhsgrs.dll
C:\WINDOWS\system32\otegenhf.dll
C:\WINDOWS\system32\phngsrka.dll
C:\WINDOWS\system32\phttveyn.dll
C:\WINDOWS\system32\quxgswnq.dll
C:\WINDOWS\system32\rduypllk.dll
C:\WINDOWS\system32\rjmmlrhb.dll
C:\WINDOWS\system32\rmbpgark.ini
C:\WINDOWS\system32\rqbnhabn.ini
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.ini2
C:\WINDOWS\system32\rswtiyqt.dll
C:\WINDOWS\system32\sfxewwhf.dll
C:\WINDOWS\system32\srwipfns.dll
C:\WINDOWS\system32\sspbbsta.dll
C:\WINDOWS\system32\teqxarux.dll
C:\WINDOWS\system32\ucdxoich.dll
C:\WINDOWS\system32\vasblmuu.dll
C:\WINDOWS\system32\vbdifjpr.dll
C:\WINDOWS\system32\vscnebpe.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtsqr.exe
C:\WINDOWS\system32\wftngsir.dll
C:\WINDOWS\system32\wnqqyegq.dll
C:\WINDOWS\system32\wpvowmpq.dll
C:\WINDOWS\system32\wxwgjvir.dll
C:\WINDOWS\system32\yklcximy.ini
C:\WINDOWS\system32\ymixclky.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.

2008-02-29 15:38 . 2008-02-29 15:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-29 15:30 . 2008-02-29 15:30 50,688 --a------ C:\Program Files\ATF-Cleaner.exe
2008-02-29 14:55 . 2008-02-29 15:38 2,874 ---hs---- C:\WINDOWS\system32\swrjovqj.ini
2008-02-29 13:49 . 2008-02-29 14:55 2,754 ---hs---- C:\WINDOWS\system32\ndpqkuta.ini
2008-02-29 12:07 . 2008-02-29 12:07 2,574 ---hs---- C:\WINDOWS\system32\bcagpdpt.ini
2008-02-29 11:07 . 2008-02-29 11:07 2,514 ---hs---- C:\WINDOWS\system32\jbpgqlyk.ini
2008-02-29 10:07 . 2008-02-29 10:08 2,454 ---hs---- C:\WINDOWS\system32\okqefdli.ini
2008-02-28 17:51 . 2008-02-29 10:02 2,394 ---hs---- C:\WINDOWS\system32\okftosso.ini
2008-02-28 16:51 . 2008-02-28 16:51 2,274 ---hs---- C:\WINDOWS\system32\yqnnelsb.ini
2008-02-28 15:51 . 2008-02-28 15:51 2,214 ---hs---- C:\WINDOWS\system32\tyewakyg.ini
2008-02-28 14:48 . 2008-02-28 15:18 2,154 ---hs---- C:\WINDOWS\system32\hsheihbj.ini
2008-02-28 13:52 . 2008-02-28 14:26 1,974 ---hs---- C:\WINDOWS\system32\ftauumpn.ini
2008-02-27 16:25 . 2008-02-28 13:47 1,854 ---hs---- C:\WINDOWS\system32\mykuckjh.ini
2008-02-27 15:24 . 2008-02-27 15:58 1,734 ---hs---- C:\WINDOWS\system32\lbalpdjy.ini
2008-02-27 15:24 . 2008-02-27 15:24 1,614 ---hs---- C:\WINDOWS\system32\eytewukx.tmp
2008-02-27 14:27 . 2008-02-27 14:27 1,614 ---hs---- C:\WINDOWS\system32\eytewukx.ini
2008-02-27 13:27 . 2008-02-27 13:27 1,554 ---hs---- C:\WINDOWS\system32\dmkfhjcp.ini
2008-02-27 12:27 . 2008-02-27 12:27 1,494 ---hs---- C:\WINDOWS\system32\rgepfhel.ini
2008-02-27 11:27 . 2008-02-27 11:27 1,434 ---hs---- C:\WINDOWS\system32\iigqhfkv.ini
2008-02-27 10:28 . 2008-02-27 11:15 1,374 ---hs---- C:\WINDOWS\system32\qkrgyumf.ini
2008-02-27 09:28 . 2008-02-27 09:28 1,254 ---hs---- C:\WINDOWS\system32\tmuumrlj.ini
2008-02-27 08:27 . 2008-02-27 08:40 1,194 ---hs---- C:\WINDOWS\system32\sfkvwxdq.ini
2008-02-27 07:26 . 2008-02-27 07:58 1,074 ---hs---- C:\WINDOWS\system32\bviqkdcs.ini
2008-02-26 20:58 . 2008-02-26 21:05 954 ---hs---- C:\WINDOWS\system32\cpacfiha.ini
2008-02-26 17:37 . 2008-02-26 20:55 834 ---hs---- C:\WINDOWS\system32\vlhqjuhk.ini
2008-02-26 16:40 . 2008-02-26 16:40 654 ---hs---- C:\WINDOWS\system32\bieahxsu.ini
2008-02-26 15:34 . 2008-02-26 15:34 594 ---hs---- C:\WINDOWS\system32\yclqfxwq.ini
2008-02-26 14:16 . 2008-02-26 14:17 534 ---hs---- C:\WINDOWS\system32\etcjkeri.ini
2008-02-26 13:16 . 2008-02-26 13:17 474 ---hs---- C:\WINDOWS\system32\axifsutp.ini
2008-02-26 12:13 . 2008-02-26 12:14 414 ---hs---- C:\WINDOWS\system32\vdlhhori.ini
2008-02-26 09:50 . 2008-02-26 09:50 <DIR> d-------- C:\Documents and Settings\Ian\Application Data\Smith Micro
2008-02-26 09:48 . 2008-02-26 09:48 354 ---hs---- C:\WINDOWS\system32\qocvwnmr.ini
2008-02-26 08:11 . 2008-02-26 08:11 294 ---hs---- C:\WINDOWS\system32\vgyenhdn.ini
2008-02-25 17:14 . 2008-02-26 07:03 414 ---hs---- C:\WINDOWS\system32\mkrsakjs.ini
2008-02-25 16:11 . 2008-02-25 16:11 294 ---hs---- C:\WINDOWS\system32\oskhoojn.ini
2008-02-25 14:11 . 2008-02-25 15:11 714 ---hs---- C:\WINDOWS\system32\mjifrdli.ini
2008-02-25 13:08 . 2008-02-25 13:08 654 ---hs---- C:\WINDOWS\system32\wmntornk.ini
2008-02-25 12:11 . 2008-02-25 12:11 594 ---hs---- C:\WINDOWS\system32\hosskkgq.ini
2008-02-25 11:14 . 2008-02-25 11:14 534 ---hs---- C:\WINDOWS\system32\yjrnbnvg.ini
2008-02-25 10:11 . 2008-02-25 10:11 474 ---hs---- C:\WINDOWS\system32\ocgqydjx.ini
2008-02-25 09:11 . 2008-02-25 09:11 414 ---hs---- C:\WINDOWS\system32\sxpphfmb.ini
2008-02-25 08:11 . 2008-02-25 09:11 354 ---hs---- C:\WINDOWS\system32\vjefwtem.ini
2008-02-25 07:14 . 2008-02-25 07:14 294 ---hs---- C:\WINDOWS\system32\hthnuehi.ini
2008-02-21 16:25 . 2008-02-21 16:25 <DIR> d-------- C:\Program Files\Verizon Wireless
2008-02-21 16:25 . 2008-02-21 16:25 <DIR> d-------- C:\Program Files\Sierra Wireless
2008-02-21 16:25 . 2008-02-21 16:25 <DIR> d-------- C:\Program Files\Novatel Wireless
2008-02-21 11:38 . 2008-02-21 16:30 354 ---hs---- C:\WINDOWS\system32\mjfvuaif.ini
2008-02-20 11:23 . 2008-02-21 10:15 954 ---hs---- C:\WINDOWS\system32\jwrdlsvt.ini
2008-02-19 08:14 . 2008-02-20 11:17 834 ---hs---- C:\WINDOWS\system32\smxcijeg.ini
2008-02-18 08:11 . 2008-02-19 08:11 414 ---hs---- C:\WINDOWS\system32\hvyacwif.ini
2008-02-15 16:14 . 2008-02-15 16:14 294 ---hs---- C:\WINDOWS\system32\yklmrmky.ini
2008-02-15 16:12 . 2006-07-07 05:14 <DIR> d-------- C:\Documents and Settings\brad\Application Data\SampleView
2008-02-15 16:12 . 2008-01-24 10:55 <DIR> d-------- C:\Documents and Settings\brad\Application Data\Apple Computer
2008-02-12 10:46 . 2008-02-25 07:10 2,184 --a------ C:\WINDOWS\system32\wpa.dbl
2008-02-12 10:35 . 2008-02-20 11:21 3,788 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-02-11 10:22 . 2008-02-12 10:22 294 ---hs---- C:\WINDOWS\system32\ywltghvf.ini
2008-02-07 16:22 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-07 15:16 . 2008-02-07 15:16 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-02-07 15:16 . 2008-02-11 10:12 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-02-07 15:15 . 2008-02-11 10:02 <DIR> d-------- C:\Program Files\Symantec
2008-02-07 15:15 . 2008-02-11 10:02 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-07 15:15 . 2008-02-11 10:02 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-07 15:15 . 2008-02-11 10:02 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-07 15:15 . 2008-02-11 10:02 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-06 11:42 . 2008-02-06 11:47 158,208 --a------ C:\WINDOWS\system32\dllcache\msconfig.exe
2008-02-06 11:02 . 2008-02-06 11:02 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-02-04 16:08 . 2008-02-29 16:10 <DIR> d-------- C:\Program Files\Starfield
2008-01-29 10:58 . 2008-02-04 10:36 13,353 --a------ C:\WINDOWS\BM7b3becb5.xml
2008-01-29 10:58 . 2008-02-04 11:46 22 --a------ C:\WINDOWS\pskt.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 19:28 256 ----a-w C:\Documents and Settings\Ian\pool.bin
2008-02-28 20:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-07 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-07 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-07 19:57 --------- d-----w C:\Program Files\Norton 360
2008-02-07 19:40 --------- d-----w C:\Documents and Settings\Ian\Application Data\Symantec
2008-01-28 15:56 --------- d-----w C:\Program Files\iTunes
2008-01-24 21:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VZSMBTB
2008-01-24 16:12 26,624 ----a-w C:\WINDOWS\lsass .exe
2008-01-24 15:20 56,091,104 ----a-w C:\N3601U15D.exe
2008-01-24 13:24 --------- d-----w C:\Documents and Settings\STOREADMIN\Application Data\VZSMBTB
2008-01-24 12:57 --------- d-----w C:\Program Files\QuickTime
2008-01-23 16:10 --------- d-----w C:\Program Files\Winamp
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-10 21:12 --------- d-----w C:\Program Files\eMusic Download Manager
2008-01-10 21:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 21:05 --------- d-----w C:\Documents and Settings\Ian\Application Data\InstallShield
2008-01-08 23:15 --------- d-----w C:\Documents and Settings\Ian\Application Data\Blackberry Desktop
.
<pre>
----a-w			39,792 2008-01-24 14:57:59  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w		   925,696 2008-01-24 14:57:57  C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w		   716,800 2008-01-24 14:57:57  C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
----a-w		 2,321,600 2008-01-24 13:14:04  C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater .exe
----a-w		   116,072 2008-02-06 16:38:06  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w		   479,232 2008-01-24 14:58:02  C:\Program Files\Google\Gmail Notifier\gnotify .exe
----a-w			68,856 2008-01-24 14:59:06  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		   172,094 2008-01-24 14:57:59  C:\Program Files\HPQ\Default Settings\cpqset .exe
----a-w		   267,048 2008-01-24 14:58:04  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			26,112 2008-01-24 13:28:32  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w		   761,948 2008-01-24 14:57:57  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w			26,624 2008-01-24 16:12:36  C:\WINDOWS\lsass .exe
----a-w		 1,187,840 2008-01-24 13:19:03  C:\WINDOWS\SMINST\Recguard .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0EA-FD61A78FAC7D}]
2006-11-07 15:53 1894400 --a------ C:\PROGRA~1\vzsmbtb\vzsmbtb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-07 16:09 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{4E7BD74F-2B8D-469E-D0EA-FD61A78FAC7D}

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-d0ea-fd61a78fac7d}]
[HKEY_CLASSES_ROOT\vzsmbtb.VZSMBTB]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-D0EA-FD61A78FAC7D}"= C:\PROGRA~1\vzsmbtb\vzsmbtb.dll [2006-11-07 15:53 1894400]

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-d0ea-fd61a78fac7d}]
[HKEY_CLASSES_ROOT\vzsmbtb.VZSMBTB]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wben"="C:\Program Files\Starfield\Desktop Notifier\wben.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 11:56 131072]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [ ]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53 714608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 10:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7808df29]
C:\WINDOWS\system32\qnkrycyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-01-29 20:00 88203 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\Sminst\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PCA"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AddFiltr"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2008-01-31 13:15]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2006-04-14 12:07]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-02-28 12:05]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 06:19]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 12:04]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 03:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 04:28:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-07 20:51:55 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - ian.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 17:37:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
.
**************************************************************************
.
Completion time: 2008-02-29 17:39:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-29 22:39:28
.
2008-02-18 19:03:07 --- E O F ---

Edited by skillet2k, 04 March 2008 - 08:16 AM.

  • 0

Advertisements

#2
skillet2k
Posted 29 February 2008 - 05:13 PM

skillet2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
quiet as kept, I think the issue is resolved. I used to get alerts OFTEN via my Norton...but I haven't in a while.
  • 0

#3
skillet2k
Posted 04 March 2008 - 08:17 AM

skillet2k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
:)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP