Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojandownloader.xs +more [CLOSED]


  • This topic is locked This topic is locked

#1
abbonner

abbonner

    New Member

  • Member
  • Pip
  • 1 posts
Hello

Here is my Combofix Log. I have run numerous Anti-spyware on this desktop. AVG, Spybot, Symantec, Kasp, Ad-Aware.This machine is running Windows 2000 fully updated. I have 3 pop ups still. I even ran them in safe mode. Any help would be thankful.

ComboFix 08-03-25.1 - LFD 2008-03-25 3:17:12.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.179 [GMT -5:00]
Running from: C:\Documents and Settings\LFD\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\LFD\Desktop\cfscript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

2008-03-25 14:01 . 08-03-25 03:07 <DIR> d-------- C:\Program Files\XoftSpySE
2008-03-25 13:45 . 08-03-25 13:45 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4d0.dat
2008-03-25 13:28 . 07-03-21 20:39 1,060,864 --a------ C:\WINNT\system32\MFC71.DL1
2008-03-25 13:28 . 07-03-21 20:33 503,808 --a------ C:\WINNT\system32\MSVCP71.DL1
2008-03-25 13:28 . 07-03-21 20:33 348,160 --a------ C:\WINNT\system32\MSVCR71.DL1
2008-03-25 08:55 . 08-03-25 09:33 377,820 ---h----- C:\WINNT\ShellIconCache
2008-03-25 08:55 . 08-02-22 02:33 69,632 --a------ C:\WINNT\system32\javacpl.cpl
2008-03-24 16:44 . 08-03-24 16:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-24 16:35 . 08-03-24 16:35 <DIR> d-------- C:\Documents and Settings\LFD\Application Data\Grisoft
2008-03-24 16:34 . 08-03-24 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-24 16:34 . 07-05-30 07:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2008-03-24 16:08 . 08-03-24 16:08 <DIR> d-------- C:\WINNT\Sun
2008-03-24 16:08 . 08-03-24 16:08 <DIR> d-------- C:\Documents and Settings\LFD\.housecall6.6
2008-03-24 16:06 . 08-03-25 08:55 <DIR> d-------- C:\Program Files\Java
2008-03-24 16:05 . 08-03-24 16:05 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-24 16:01 . 08-03-24 16:01 94,208 --a------ C:\WINNT\system32\zfllokpz.exe
2008-03-24 15:56 . 08-03-24 15:56 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-24 15:56 . 08-03-24 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 15:56 . 05-08-25 18:18 118,784 --a------ C:\WINNT\system32\MSSTDFMT.DLL
2008-03-24 15:56 . 05-08-25 18:19 115,920 --a------ C:\WINNT\system32\MSINET.OCX
2008-03-24 15:21 . 08-03-24 15:21 <DIR> d-------- C:\WINNT\system32\ActiveScan
2008-03-24 15:21 . 08-03-24 15:26 30,590 --a------ C:\WINNT\system32\pavas.ico
2008-03-24 13:06 . 08-03-24 13:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-24 13:06 . 08-03-24 13:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-24 13:06 . 08-03-24 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-24 12:14 . 08-03-24 12:14 114,688 --a------ C:\WINNT\system32\uacbbaay.exe
2008-03-24 12:07 . 08-03-24 12:07 1,248 --a------ C:\WINNT\system32\tmp.reg
2008-03-24 12:03 . 08-03-24 12:03 83 --a------ C:\WINNT\wininit.ini
2008-03-24 09:14 . 08-03-24 09:14 0 --a------ C:\WINNT\vpc32.INI
2008-03-24 09:04 . 08-03-25 09:39 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-03-24 09:04 . 06-09-18 17:55 109,744 --a------ C:\WINNT\system32\drivers\SYMEVENT.SYS
2008-03-24 09:04 . 06-09-18 17:55 48,816 --a------ C:\WINNT\system32\S32EVNT1.DLL
2008-03-24 08:20 . 08-03-24 08:20 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$
2008-03-24 08:15 . 07-06-07 01:50 1,119,232 --a------ C:\WINNT\system32\msxml3.dll
2008-03-24 08:05 . 08-03-24 08:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-24 08:05 . 08-03-24 08:13 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 09:44 . 08-03-20 05:07 212,992 --a------ C:\WINNT\drnpfdxlgp.dll
2008-03-20 09:44 . 08-03-20 09:44 98,304 --a------ C:\WINNT\system32\jivirfvu.exe
2008-03-20 09:44 . 08-03-20 09:44 38,912 --a------ C:\WINNT\vgfadsfg.exe
2008-03-17 11:04 . 07-12-03 13:15 311 --------- C:\WINNT\win.nea
2008-03-17 11:04 . 07-11-12 09:08 231 --------- C:\WINNT\system.nea
2008-03-17 11:04 . 07-11-12 14:23 0 --------- C:\config.nea
2008-03-17 11:04 . 07-11-12 14:23 0 --------- C:\autoexec.nea

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 14:05 --------- d-----w C:\Program Files\Symantec
2008-03-24 14:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-24 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-17 16:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 15:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-12 19:22 271 ---h--w C:\Program Files\desktop.ini
2007-11-12 19:22 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2F63DD45-30A0-422E-AF1E-01DD88BA9A5C}"= "C:\DOCUME~1\LFD\LOCALS~1\Temp\ac8zt2\etlrlws.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{2f63dd45-30a0-422e-af1e-01dd88ba9a5c}]
[HKEY_CLASSES_ROOT\etlrlws.1]
[HKEY_CLASSES_ROOT\TypeLib\{40455917-0E1A-4B66-B62E-AD42FD2A2D84}]
[HKEY_CLASSES_ROOT\etlrlws]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 C:\WINNT\system32\mobsync.exe]
"PROMon.exe"="PROMon.exe" [02-10-30 17:09 73728 C:\WINNT\system32\PROMon.exe]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [03-05-05 08:57 143360]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [03-05-08 11:34 69632]
"ESInetConnect"="C:\Program Files\EagleSoft\Shared Files\esinetconnect.exe" [07-04-04 15:04 204800]
"jivirfvu"="C:\WINNT\system32\jivirfvu.exe" [08-03-20 09:44 98304]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06-09-27 20:33 125168]
"uacbbaay"="C:\WINNT\system32\uacbbaay.exe" [08-03-24 12:14 114688]
"zfllokpz"="C:\WINNT\system32\zfllokpz.exe" [08-03-24 16:01 94208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [08-02-22 04:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 04:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
NEAReminder.lnk - C:\Neaprovider\neareminder.exe [2008-03-17 11:03:52 24576]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 21:41:42 972064]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"gNcXCycQUG"= C:\WINNT\vgfadsfg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {8d91a580-1bad-4c5f-8af2-5573f7c000d2} - C:\WINNT\Installer\{8d91a580-1bad-4c5f-8af2-5573f7c000d2}\zip.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 NMSSvc;Intel® NMS;C:\WINNT\System32\NMSSvc.exe [02-05-03 12:36 ]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINNT\system32\drivers\NMSCFG.SYS [02-05-03 12:36 ]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 14:46:29 C:\WINNT\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 03:21:57
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-25 3:23:23
ComboFix-quarantined-files.txt 2008-03-25 08:23:04
ComboFix2.txt 2008-03-25 18:51:56

Edited by abbonner, 25 March 2008 - 02:00 PM.

  • 0

Advertisements


#2
Lusitano

Lusitano

    Trusted Helper

  • Retired Staff
  • 508 posts
Hello and welcome to GeeksToGo.

Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic.

Before posting the log, please make sure you follow all the steps found in this topic:
You Must Read This Before Posting A Hijackthis Log,

When posting your log, please make sure you post the HijackThis log as a reply and not as an attachment. If we do not hear back from you within a couple of days we will need to close your topic.

Thanks,
  • 0

#3
Lusitano

Lusitano

    Trusted Helper

  • Retired Staff
  • 508 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP