Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

combofix.txt logfile included

Started by sss99 , Jul 28 2008 04:09 PM

  • Please log in to reply

#1
sss99
Posted 28 July 2008 - 04:09 PM

sss99

    Member

  • Member
  • PipPip
  • 13 posts
I opened a new topic per your instruction. I had it as a reply. Attached is the combofix.txt logfile. I am having intermittent problems like sudden shutdown of computer and have other viruses. See details in my other topic.
I would appreciate your help as soon as possible as combofix asked not to run any programs until resolved and do not want my computer and personal information being breached.


===
ComboFix 08-07-28.1 - SHAHSH 2008-07-28 17:43:40.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.357 [GMT -4:00]
Running from: C:\Documents and Settings\SHAHSH\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\SHAHSH\Favorites\ImageMapper.exe
C:\Documents and Settings\SHAHSH\g2mdlhlpx.exe
C:\Documents and Settings\varsha\Application Data\macromedia\Flash Player\#SharedObjects\JJ9CQS24\interclick.com
C:\Documents and Settings\varsha\Application Data\macromedia\Flash Player\#SharedObjects\JJ9CQS24\interclick.com\ud.sol
C:\Documents and Settings\varsha\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\varsha\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\system32\69384.exe
.
---- Previous Run -------
.
C:\WINDOWS\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))
.

2008-07-28 10:59 . 2008-07-28 10:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\HPAppData
2008-07-28 03:25 . 2008-07-28 03:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-28 02:55 . 2008-07-28 02:55 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 02:55 . 2008-07-28 02:55 <DIR> d-------- C:\Documents and Settings\SHAHSH\Application Data\Malwarebytes
2008-07-28 02:55 . 2008-07-28 02:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 02:55 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-28 02:55 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-28 02:54 . 2008-07-28 02:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 00:59 . 2008-07-27 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-27 00:58 . 2008-07-27 00:58 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-27 00:58 . 2008-07-27 00:58 <DIR> d-------- C:\Documents and Settings\SHAHSH\Application Data\SUPERAntiSpyware.com
2008-07-26 22:07 . 2008-07-26 22:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-26 22:07 . 2008-07-26 22:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-16 18:19 . 2008-07-16 18:19 <DIR> d-------- C:\Documents and Settings\varsha\Application Data\DellFaxCtr
2008-07-14 10:50 . 2008-07-14 11:45 <DIR> d-------- C:\Linux
2008-07-12 23:52 . 2008-07-12 23:56 108,138 --a------ C:\WINDOWS\hpqins01.dat
2008-07-12 23:51 . 2008-07-11 17:40 147,671 --------- C:\WINDOWS\hpoins21.dat.temp
2008-07-12 23:51 . 2007-09-05 14:26 8,138 --------- C:\WINDOWS\hpomdl21.dat.temp
2008-07-12 17:01 . 2008-07-12 17:03 <DIR> d-------- C:\Documents and Settings\SHAHSH\Application Data\DellFaxCtr
2008-07-12 17:00 . 2008-07-12 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DellFaxCtr
2008-07-12 17:00 . 2006-04-24 14:58 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-07-12 17:00 . 2006-04-24 14:58 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-07-12 17:00 . 2006-04-24 14:58 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-07-12 17:00 . 2006-04-24 14:58 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-07-12 17:00 . 2006-04-24 14:58 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-07-12 17:00 . 2006-10-06 07:06 45,056 --a------ C:\WINDOWS\system32\DLPRMON.DLL
2008-07-12 17:00 . 2006-10-06 07:05 32,768 --a------ C:\WINDOWS\system32\DLPMONUI.DLL
2008-07-12 17:00 . 2008-07-12 17:01 10,209 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-07-12 16:59 . 2008-07-24 15:16 <DIR> d-------- C:\Program Files\Dell PC Fax
2008-07-11 17:56 . 2008-07-11 17:56 0 --a------ C:\WINDOWS\hpqEmlSz.INI
2008-07-11 17:44 . 2008-07-11 17:56 <DIR> d-------- C:\Documents and Settings\SHAHSH\Application Data\HP
2008-07-11 17:40 . 2008-07-11 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-07-11 17:36 . 2008-07-13 11:27 <DIR> d-------- C:\Documents and Settings\SHAHSH\Application Data\HPAppData
2008-07-11 17:36 . 2008-07-11 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-07-11 17:33 . 2008-07-11 17:33 <DIR> d-------- C:\Program Files\Common Files\HP
2008-07-11 17:33 . 2008-07-11 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-07-11 17:33 . 2008-07-11 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-07-11 17:32 . 2008-07-11 17:32 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-11 17:28 . 2007-05-02 04:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-07-11 17:28 . 2007-05-02 05:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-07-11 17:28 . 2007-03-08 00:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-07-11 17:28 . 2007-03-08 00:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-07-11 17:28 . 2007-05-02 05:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-07-11 17:28 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-07-11 17:28 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-07-11 17:25 . 2008-07-11 17:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-11 17:25 . 2008-07-11 17:36 <DIR> d-------- C:\Program Files\HP
2008-07-11 17:21 . 2008-07-12 23:53 146,989 --a------ C:\WINDOWS\hpoins21.dat
2008-07-11 17:21 . 2007-09-05 14:26 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-07-11 13:08 . 2008-07-11 13:09 <DIR> d-------- C:\Documents and Settings\SHAHSH\Application Data\webex
2008-06-30 12:42 . 2008-06-30 12:42 1,071 --a------ C:\WINDOWS\AWMODEM.INF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 20:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 19:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-28 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-28 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 04:01 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-17 00:05 --------- d-----w C:\Program Files\1 Click PC Fix
2008-07-12 21:09 --------- d-----w C:\Program Files\dl_Cats
2008-07-11 21:36 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-11 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-06-30 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 00:38 --------- d-----w C:\Documents and Settings\SHAHSH\Application Data\Download Manager
2008-06-17 23:20 --------- d-----w C:\Documents and Settings\SHAHSH\Application Data\GARMIN
2008-06-17 23:19 --------- d-----w C:\Program Files\Garmin GPS Plugin
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 04:11 --------- d-----w C:\Documents and Settings\SHAHSH\Application Data\U3
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-30 16:28 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-10 21:38 95 ----a-w C:\Documents and Settings\SHAHSH\mmgo.bat
2007-07-03 02:45 108 ----a-w C:\Documents and Settings\SHAHSH\go.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [2004-01-14 22:54 2344160]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-07 15:22 4730880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 16:43 662016]
"DLCXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 01:31 106496]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2008-04-17 14:51 1870592]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-24 21:42 98304]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 17:09 312200]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwe30.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC-Checkup]
--a------ 2007-08-01 20:08 3965440 C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUpEX]
--a------ 2007-08-25 05:05 2124800 C:\Program Files\Speeditup Free\SpeedItUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Neoteris\\Secure Application Manager\\dsSamProxy.exe"=
"C:\\Documents and Settings\\SHAHSH\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port

S0 Winwe30;Winwe30;C:\WINDOWS\system32\Drivers\Winwe30.sys []
S1 NEOFLTR_530_11159;Juniper Networks TDI Filter Driver (NEOFLTR_530_11159);C:\WINDOWS\system32\Drivers\NEOFLTR_530_11159.SYS [2006-09-15 01:10]
S2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe [2006-11-03 17:07]
S3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys []
S3 ncvcp;Network Connect Virtual Com Port;C:\WINDOWS\system32\DRIVERS\nsvcp.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09d5eb55-4a3b-11dc-8ff7-00904b61f3da}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SMrhc37jj0e5c7 - C:\Program Files\rhc37jj0e5c7\rhc37jj0e5c7.exe
HKLM-Run-lphc77jj0e5c7 - C:\WINDOWS\system32\lphc77jj0e5c7.exe
ShellExecuteHooks-{0cab0400-7395-11d0-a5e5-0020afe2fdd9} - qvphook.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 -: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 17:46:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-28 17:47:41
ComboFix-quarantined-files.txt 2008-07-28 21:47:30

Pre-Run: 16,371,027,968 bytes free
Post-Run: 16,366,301,184 bytes free

215 --- E O F --- 2008-07-09 14:00:08

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP