Log.txt:
ComboFix 09-09-22.01 - db2admin 09/22/2009 23:35.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.190.26 [GMT 5.5:30]
Running from: c:\program files\Mozilla Firefox\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1229 [VPS 080923-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\db2admin\LOCALS~1\Temp\E_N4
c:\docume~1\db2admin\LOCALS~1\Temp\E_N4\dp1.fne
c:\docume~1\db2admin\LOCALS~1\Temp\E_N4\eAPI.fne
c:\docume~1\db2admin\LOCALS~1\Temp\E_N4\HtmlView.fne
c:\docume~1\db2admin\LOCALS~1\Temp\E_N4\krnln.fnr
c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
c:\documents and settings\Shalini\Desktop\Smart Virus Remover.exe.lnk
c:\program files\WinPCap
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
F:\WinRAR.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_AVPsys
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.
2009-09-17 06:20 . 2009-09-17 06:20 -------- d-----w- c:\documents and settings\db2admin\Application Data\vlc
2009-09-15 09:08 . 2009-09-15 09:26 -------- d-----w- c:\documents and settings\Shalini\Application Data\WinHKIAV
2009-09-11 12:17 . 2009-07-28 11:03 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-11 12:17 . 2009-03-30 05:03 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-11 12:17 . 2009-02-13 06:59 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-11 12:17 . 2009-02-13 06:47 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-11 12:17 . 2009-09-11 12:17 -------- d-----w- c:\program files\Avira
2009-09-09 13:39 . 2009-09-09 13:39 -------- d-----w- c:\program files\M Autorun Killer 1.5
2009-09-09 13:35 . 2009-09-15 08:56 -------- d-----w- c:\program files\Smart Virus Remover
2009-09-08 16:18 . 2009-09-11 04:20 -------- d-----w- c:\program files\Trend Micro
2009-09-07 08:19 . 2009-09-07 08:19 65816 ----a-w- c:\documents and settings\db2admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-06 05:16 . 2009-09-06 05:18 -------- d-----w- c:\documents and settings\db2admin\Local Settings\Application Data\Adobe
2009-09-05 14:57 . 2009-09-05 14:57 -------- d-----w- c:\documents and settings\db2admin\Local Settings\Application Data\AVG Security Toolbar
2009-09-05 14:55 . 2009-09-05 14:55 -------- d-----w- c:\documents and settings\db2admin\Local Settings\Application Data\Mozilla
2009-09-05 14:54 . 2009-09-05 14:54 -------- d-----w- c:\documents and settings\db2admin\Application Data\Yahoo!
2009-09-05 14:54 . 2009-09-05 14:54 -------- d-----w- c:\documents and settings\db2admin\Local Settings\Application Data\Conduit
2009-09-05 14:54 . 2009-09-05 14:55 -------- d-----w- c:\documents and settings\db2admin\Local Settings\Application Data\ToggleEN
2009-09-01 12:22 . 2009-09-05 14:22 -------- d-----w- c:\windows\K.Backup
2009-09-01 12:20 . 2009-09-03 05:19 -------- d--h--w- c:\windows\system32\D6B6B3
2009-09-01 12:20 . 2009-09-01 13:36 -------- d--h--w- c:\windows\system32\F69FCF
2009-09-01 12:20 . 2009-09-11 14:38 -------- d--h--w- c:\windows\system32\BEC71F
2009-09-01 12:20 . 2009-09-03 15:34 -------- d--h--w- c:\windows\system32\DD3BC6
2009-08-30 08:16 . 2009-08-30 08:49 -------- d-----w- c:\program files\Lame for Audacity
2009-08-30 08:11 . 2009-08-30 08:11 -------- d-----w- c:\program files\Audacity
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 12:17 . 2003-12-31 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-09 14:10 . 2009-08-11 06:27 -------- d-----w- c:\program files\AutorunRemover
2009-09-08 14:20 . 2009-08-11 04:05 -------- d-----w- c:\documents and settings\Shalini\Application Data\IDM
2009-09-08 14:20 . 2009-08-11 04:04 -------- d-----w- c:\program files\Internet Download Manager
2009-09-08 13:24 . 2009-08-11 04:05 -------- d-----w- c:\documents and settings\Shalini\Application Data\DMCache
2009-08-22 15:40 . 2009-08-11 04:49 -------- d-----w- c:\program files\Smallvideosoft
2009-08-21 12:12 . 2009-08-21 12:12 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-08-21 12:12 . 2009-08-21 12:12 -------- d-----w- c:\program files\DVDVideoSoft
2009-08-21 12:05 . 2009-08-21 12:05 -------- d-----w- c:\program files\Cucusoft
2009-08-14 11:09 . 2009-08-10 12:39 -------- d-----w- c:\documents and settings\Shalini\Application Data\GetRightToGo
2009-08-14 09:55 . 2009-08-14 09:55 -------- d-----w- c:\documents and settings\Shalini\Application Data\Xilisoft Corporation
2009-08-11 05:10 . 2009-08-11 05:10 -------- d-----w- c:\documents and settings\db2admin\Application Data\Datalayer
2009-08-11 05:05 . 2009-08-11 05:05 -------- d-----w- c:\documents and settings\db2admin\Application Data\PC Suite
2009-08-10 13:38 . 2009-07-03 08:29 -------- d-----w- c:\documents and settings\Shalini\Application Data\uTorrent
2009-07-26 12:31 . 2009-07-26 12:31 -------- d-----w- c:\documents and settings\Shalini\Application Data\MSNInstaller
2009-07-26 12:30 . 2009-07-25 11:53 -------- d-----w- c:\program files\Mp3DoctorPRO
2006-07-10 18:41 . 2006-07-10 18:41 317 ----a-w- c:\program files\db2cli.ini
2008-02-02 10:07 . 2009-03-06 13:12 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-02-02 10:07 . 2009-03-06 13:12 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-02 10:07 . 2009-03-06 13:12 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-02-02 10:07 . 2009-03-06 13:12 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-02-02 10:07 . 2009-03-06 13:12 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2009-07-22 15:28 2215960 ----a-w- c:\program files\ToggleEN\tbTog1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-07-22 2215960]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-07-22 2215960]
[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-06 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2004-03-03 19968]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9263:TCP"= 9263:TCP:ctucu
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/1/2009 3:35 PM 78416]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/11/2009 5:47 PM 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/1/2009 3:35 PM 20560]
S2 eahhd;Support Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ihcqfxd;Boot Time;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 JavaWebServer;JavaWebServer;c:\javawebserver2.0\bin\jservsvc.exe --> c:\javawebserver2.0\bin\jservsvc.exe [?]
S2 obzdzp;Universal Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 SnortSvc;Snort;c:\snort\bin\snort /SERVICE --> c:\snort\bin\snort [?]
S3 uti4mty3;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\uti4mty3.sys --> c:\windows\system32\Drivers\uti4mty3.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ihcqfxd
obzdzp
eahhd
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\db2admin\Application Data\Mozilla\Firefox\Profiles\wu750agw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2004933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Peer2Peer-EN Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2004933&SearchSource=2&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-InCD - c:\windows\Xplorer.exe
HKLM-Run-Xplorer - c:\windows\Xplorer.exe
HKLM-Run-7292A4 - c:\windows\system32\DD3BC6\7292A4.EXE
HKLM-Run-AutorunRemover.exe - c:\program files\AutorunRemover\AutorunRemover.exe
HKLM-Explorer_Run-G_Host - c:\windows\System\gHost.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-22 23:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SnortSvc]
"ImagePath"="c:\snort\bin\snort /SERVICE"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eahhd]
"ServiceDll"="c:\windows\system32\cqctk.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ihcqfxd]
"ServiceDll"="c:\windows\system32\cqctk.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\obzdzp]
"ServiceDll"="c:\windows\system32\cqctk.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ce,b7,47,bf,69,00,83,fe,4f,bb,0a,b8,55,74,cf,8f,62,b4,db,25,33,
53,81,5d,b7,7b,ff,0e,a4,38,8e,28,b6,ee,c7,cc,b3,9a,dd,9d,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f3417cf0-4a76-49ce-94c0-084ab3269c86}]
@Denied: (Full) (Everyone)
"Model"=dword:000000fa
"Therad"=dword:0000001d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4044)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\sessmgr.exe
c:\windows\system32\tlntsvr.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-09-22 23:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-22 18:17
Pre-Run: 6,790,139,904 bytes free
Post-Run: 8,237,707,264 bytes free
224
My problem is almost solved
Thank you very much .............
shal
Edited by shal, 22 September 2009 - 12:39 PM.