Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HAD VIRUES

Started by Torri , Jun 29 2008 09:29 AM

  • Please log in to reply

#1
Torri
Posted 29 June 2008 - 09:29 AM

Torri

    New Member

  • Member
  • Pip
  • 3 posts
USED COMBOFIX AND IT APPEARS TO HAVE WORKED.THANK YOU


ComboFix 08-06-20.4 - Victoria Gibbs 2008-06-29 10:44:07.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.337 [GMT -7:00]
Running from: C:\Documents and Settings\Victoria Gibbs\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\How to register.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Uninstall.lnk
C:\Documents and Settings\Victoria Gibbs\Application Data\AXPDefender
C:\Documents and Settings\Victoria Gibbs\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Documents and Settings\Victoria Gibbs\Application Data\SpyGuarder
C:\Documents and Settings\Victoria Gibbs\Application Data\SpyGuarder\base.dat
C:\Documents and Settings\Victoria Gibbs\Application Data\SpyGuarder\base2.dat
C:\Documents and Settings\Victoria Gibbs\Application Data\SpyGuarder\Desc.dat
C:\Documents and Settings\Victoria Gibbs\Application Data\SpyGuarder\spline.dat
C:\Documents and Settings\Victoria Gibbs\Application Data\SpyGuarder\SpyGuarder.ini
C:\Documents and Settings\Victoria Gibbs\Start Menu\Programs\Antivirus 2008 PRO
C:\Documents and Settings\Victoria Gibbs\Start Menu\Programs\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Program Files\AXPDefender
C:\Program Files\AXPDefender\AXPDefender.exe.local
C:\Program Files\AXPDefender\AXPDefenderSkin.dll
C:\Program Files\AXPDefender\database.dat
C:\Program Files\AXPDefender\license.txt
C:\Program Files\AXPDefender\MFC71.dll
C:\Program Files\AXPDefender\MFC71ENU.DLL
C:\Program Files\AXPDefender\msvcp71.dll
C:\Program Files\AXPDefender\msvcr71.dll
C:\Program Files\AXPDefender\Uninstall.exe
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\SystemDefender
C:\Program Files\SystemDefender\SystemDefender.pkg
C:\WINDOWS\eslm.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 00:53 . 2008-06-29 00:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-29 00:49 . 2008-06-29 00:49 <DIR> d-------- C:\Deckard
2008-06-27 17:50 . 2008-06-27 17:50 <DIR> d-------- C:\Program Files\Lexmark 1200 Series
2008-06-27 17:50 . 2006-01-12 12:32 983,107 --a------ C:\WINDOWS\system32\LXCZGF.DLL
2008-06-27 17:50 . 2006-07-13 13:22 458,752 --a------ C:\WINDOWS\system32\LXCZJSWR.DLL
2008-06-27 17:50 . 2006-07-13 13:17 356,352 --a------ C:\WINDOWS\system32\LXCZUTIL.DLL
2008-06-27 17:50 . 2006-07-13 13:45 57,344 --a------ C:\WINDOWS\system32\lxczcinf.dll
2008-06-27 17:50 . 2006-07-13 13:45 49,152 --a------ C:\WINDOWS\system32\lxczcoin.dll
2008-06-27 17:50 . 2006-01-30 20:42 270 --a------ C:\WINDOWS\system32\lxczcoin.ini
2008-06-25 00:45 . 2008-06-25 00:45 <DIR> d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\ErrorRepairTool
2008-06-20 21:29 . 2008-06-20 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-19 22:05 . 2008-06-19 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-06-17 02:14 . 2008-06-17 02:14 <DIR> d-------- C:\Program Files\Sun
2008-06-16 16:40 . 2008-06-16 16:40 <DIR> d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\Bin
2008-06-15 14:35 . 2008-06-15 14:39 165 --a------ C:\WINDOWS\ConnMgr.ini
2008-06-14 02:26 . 2008-06-14 02:27 <DIR> d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\RegSweep
2008-06-13 22:59 . 2008-02-11 14:56 19,512 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-06-13 21:13 . 2008-06-13 21:13 <DIR> d-------- C:\VIRUSfighter
2008-06-08 15:54 . 2008-06-08 15:54 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-06-08 11:55 . 2008-06-08 11:55 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-06-08 11:10 . 2008-06-08 11:10 <DIR> d--hs---- C:\FOUND.002
2008-06-08 10:46 . 2008-06-08 10:46 73 --a------ C:\WINDOWS\st_affiliate.ini
2008-06-08 00:10 . 2008-06-08 00:10 <DIR> d--hs---- C:\FOUND.001
2008-06-07 12:35 . 2008-06-07 12:35 <DIR> d-------- C:\WINDOWS\AntiSpy
2008-06-07 12:35 . 2008-06-07 12:35 <DIR> d-------- C:\Program Files\DefenderPro
2008-06-07 12:35 . 2008-06-07 13:07 137 --a------ C:\WINDOWS\tsiwinfile.dat
2008-06-07 11:50 . 2008-06-07 11:50 3,120 --a------ C:\WINDOWS\system32\DRWSJLAD.ocx
2008-06-07 11:50 . 2008-06-07 11:50 3,120 --a------ C:\WINDOWS\LJRGKDD9.ocx
2008-06-07 11:48 . 2008-06-07 11:48 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-07 11:48 . 2008-06-07 11:48 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-07 11:47 . 2008-06-07 11:47 <DIR> d-------- C:\Program Files\Defender Pro
2008-06-07 11:47 . 2008-06-07 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Defender Pro
2008-06-07 11:47 . 2008-06-29 10:49 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-07 11:47 . 2008-06-29 10:49 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-07 11:47 . 2008-06-29 10:49 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-07 11:47 . 2008-06-29 10:49 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-07 10:49 . 2008-06-07 10:49 <DIR> d--hs---- C:\FOUND.000
2008-06-07 06:02 . 2008-06-07 06:02 1,671,680 --a------ C:\Documents and Settings\Victoria Gibbs\Application Data\sg.dll
2008-06-07 05:20 . 2008-06-07 05:28 1,671,680 --a------ C:\Documents and Settings\Victoria Gibbs\Application Data\spyguarder.exe
2008-06-07 03:46 . 2008-06-07 03:46 <DIR> d-------- C:\Program Files\LabelCommand
2008-06-03 03:02 . 2008-06-03 03:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-02 04:30 . 2008-06-02 04:30 <DIR> d-------- C:\Documents and Settings\Victoria Gibbs\Application Data\MozillaControl
2008-06-02 04:29 . 2008-06-02 04:29 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-02 04:29 . 2008-06-02 04:30 <DIR> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-06-02 04:29 . 2008-06-02 04:29 <DIR> d-------- C:\Program Files\Graboid
2008-06-01 17:29 . 2008-06-01 17:30 <DIR> d-------- C:\Program Files\AOL 9.0
2008-06-01 17:13 . 2008-06-01 17:13 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-05-29 02:45 . 2008-05-29 02:45 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-05-29 00:33 . 1995-04-03 00:00 151,056 -ra------ C:\WINDOWS\system\IR32.DLL
2008-05-29 00:33 . 1995-04-03 00:00 77,664 -ra------ C:\WINDOWS\system\IR21.DLL
2008-05-29 00:33 . 1995-04-03 00:00 50,016 -ra------ C:\WINDOWS\system\IYVU9.DLL
2008-05-29 00:33 . 1995-04-03 00:00 43,520 -ra------ C:\WINDOWS\system\MSVIDC.DRV
2008-05-29 00:33 . 1995-04-03 00:00 11,776 -ra------ C:\WINDOWS\system\MSRLE.DRV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-18 07:24 --------- d-----w C:\Program Files\Common Files\Mediafour
2008-05-18 07:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Mediafour
2008-05-18 07:23 --------- d-----w C:\Program Files\Mediafour
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-21 06:57 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 06:57 666,624 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-17 10:47 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-04-12 21:49 325,346 ----a-w C:\WINDOWS\Mario_Forever_Toolbar_Uninstaller_5203.exe
2006-12-04 11:13 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
2008-06-08 01:15 3794248 --a------ C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll" [2008-06-08 01:15 3794248]

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= C:\Documents and Settings\Victoria Gibbs\Local Settings\Application Data\CyberDefender\cdmyidd.dll [2008-06-08 01:15 3794248]

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" [2006-12-20 12:38 557056]
"AOL Fast Start"="C:\Program Files\AOL 9.0\AOL.EXE" [2007-04-17 23:48 50736]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-15 20:34 766041]
"SkyTel"="SkyTel.EXE" [2006-08-16 11:21 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 16248320 C:\WINDOWS\RTHDCPL.exe]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-07 19:52 479232]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 09:57 442368]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 11:20 53248]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 10:40 208896]
"HostManager"="C:\Program Files\Common Files\AOL\1212366618\ee\AOLSoftware.exe" [2007-04-12 14:23 42032]
"Norman ZANDA"="C:\VIRUSfighter\Npm\bin\ZLH.EXE" [2007-08-09 14:40 183352]
"LaunchAntiSpy"="C:\Program Files\DefenderPro\TSAntiSpy.exe" [2007-09-05 04:06 1630208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Forget Me Not.lnk - C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe [2007-04-01 16:09:33 323584]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-08-03 15:34:04 45056]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\DEFEND~1\DEFEND~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL\\RC\\regclient.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\System32\\mmc.exe"=
"C:\\Program Files\\Common Files\\AOL\\1212366618\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Defender Pro\\Defender Pro Internet Security 6.0\\avp.exe"=

R2 Ndiskio;Ndiskio;C:\VIRUSfighter\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]
R3 nvcoas;Norman Virus Control on-access component;C:\VIRUSfighter\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 05:30:02 C:\WINDOWS\Tasks\AntiSpy.job"
- C:\Program Files\DefenderPro\TSAntiSpy.exe
"2008-06-27 10:30:02 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
- C:\Program Files\RegSweep
"2008-06-27 10:30:02 C:\WINDOWS\Tasks\ErrorRepairTool Scheduled Scan.job"
- C:\Program Files\ErrorRepairTool\ErrorRepairTool.ex
- C:\Program Files\ErrorRepairTool
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 10:51:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\VIRUSfighter\Npm\bin\ELOGSVC.EXE
C:\VIRUSfighter\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\VIRUSfighter\Npm\bin\NJEEVES.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\VICTOR~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\AOL 9.0\shellmon.exe
.
**************************************************************************
.
Completion time: 2008-06-29 10:59:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 17:58:38

Pre-Run: 27,963,850,752 bytes free
Post-Run: 27,883,765,760 bytes free

247 --- E O F --- 2008-06-29 09:53:55
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP