Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can someone please check this winxp08 virus removal log

Started by jkach , Aug 14 2008 02:10 PM

  • Please log in to reply

#1
jkach
Posted 14 August 2008 - 02:10 PM

jkach

    New Member

  • Member
  • Pip
  • 1 posts
Could someone please check this and let me know if anything additional needs to be done?

Also could someone point me in direction of topic about 'computer running slow'

ComboFix 08-08-13.05 - JAY 2008-08-14 20:31:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.175 [GMT 1:00]
Running from: C:\Documents and Settings\JAY\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JAY\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\JAY\Application Data\macromedia\Flash Player\#SharedObjects\HQHBKH62\interclick.com
C:\Documents and Settings\JAY\Application Data\macromedia\Flash Player\#SharedObjects\HQHBKH62\interclick.com\ud.sol
C:\Documents and Settings\JAY\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\JAY\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\JAY\Application Data\rhct9wj0e137
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][1].txt
C:\Documents and Settings\JAY\Cookies.\jay@advertising[2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][1].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][1].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\jay@fastclick[2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][2].txt
C:\Documents and Settings\JAY\Cookies.\jay@revsci[1].txt
C:\Documents and Settings\JAY\Cookies.\jay@serving-sys[2].txt
C:\Documents and Settings\JAY\Cookies.\jay@specificclick[1].txt
C:\Documents and Settings\JAY\Cookies.\[email protected][1].txt
C:\Documents and Settings\JAY\Favorites\Online Security Test.url
C:\Program Files\rhct9wj0e137
C:\Program Files\video activex object
C:\Program Files\video activex object\ot.ico
C:\Program Files\video activex object\ts.ico
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\blphcp9wj0e137.scr
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\kdioc.exe
C:\WINDOWS\system32\lphcp9wj0e137.exe
C:\WINDOWS\system32\phcp9wj0e137.bmp

.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.

2008-08-14 19:16 . 2008-08-14 19:16 0 --a------ C:\WINDOWS\system32\3D.tmp
2008-08-12 23:17 . 2008-08-14 20:46 <DIR> d-------- C:\Documents and Settings\JAY\Application Data\BitTorrent
2008-08-12 23:15 . 2008-08-12 23:15 <DIR> d-------- C:\Program Files\DNA
2008-08-12 23:15 . 2008-08-12 23:15 <DIR> d-------- C:\Program Files\BitTorrent
2008-08-12 23:15 . 2008-08-14 20:46 <DIR> d-------- C:\Documents and Settings\JAY\Application Data\DNA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 18:10 --------- d-----w C:\Program Files\McAfee
2008-08-12 20:55 --------- d-----w C:\Program Files\LimeWire
2008-08-12 20:46 --------- d-----w C:\Documents and Settings\JAY\Application Data\LimeWire
2008-08-12 13:01 --------- d-----w C:\Documents and Settings\JAY\Application Data\SiteAdvisor
2008-08-07 16:41 --------- d-----w C:\Program Files\SiteAdvisor
2008-08-07 16:39 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-08-02 20:40 --------- d-----w C:\Documents and Settings\JAY\Application Data\Image Zone Express
2008-07-17 19:07 --------- d-----w C:\Program Files\Nokia
2008-07-17 19:03 --------- d-----w C:\Program Files\Java
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2008-05-09 12:39 40960]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-08-12 23:15 341824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"LidPolicy"="c:\Program Files\Hewlett-Packard\LidSwitch Policy\pwrschem.exe" [2004-04-27 12:58 24576]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-03 11:01 169984]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-27 18:30 185896]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-02-09 05:37 36904]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 14:17 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 15:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"RemHelp"="remhelp.exe" [2002-12-12 17:21 24576 C:\WINDOWS\system32\remhelp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-06-02 17:48:22 565309]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-12-06 22:27:00 278528]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-01 03:57:40 176128]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\JAY\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\PeerCast\\PeerCast.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"36705:TCP"= 36705:TCP:ppLive
"40883:UDP"= 40883:UDP:ppLive

R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 16:30]
R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 16:30]
R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 16:30]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-07-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2008-07-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-C:\WINDOWS\system32\kdioc.exe - C:\WINDOWS\system32\kdioc.exe
HKLM-Run-AntiVerminser - C:\Program Files\AntiVerminser\AntiVerminser.exe
HKLM-Run-lphcp9wj0e137 - C:\WINDOWS\system32\lphcp9wj0e137.exe
HKLM-Run-SMrhct9wj0e137 - C:\Program Files\rhct9wj0e137\rhct9wj0e137.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\JAY\Application Data\Mozilla\Firefox\Profiles\jxnhnjat.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 20:49:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\kdioc.exe"="C:\\WINDOWS\\system32\\kdioc.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-14 21:03:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 20:02:10

Pre-Run: 3,236,270,080 bytes free
Post-Run: 3,140,599,808 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

213 --- E O F --- 2008-07-09 14:58:35
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP