Thread: TratBHO, CTX, Trojan-gen, Agent-HIV, help please.
View Single Post
Old 02-07-2008, 09:11 PM   #23 (permalink)
Ielgnim
Registered User
 
Ielgnim's Avatar
 
Join Date: Jan 2008
Posts: 21
OS: XP Home SP2


Re: TratBHO, CTX, Trojan-gen, Agent-HIV, help please.
ComboFix 08-02.05.3 - Ming 2008-02-07 19:59:10.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.101 [GMT -8:00]
Running from: C:\Documents and Settings\Ming\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ming\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\updater\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-07 19:45 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-02-02 19:16 . 2008-02-05 23:06 <DIR> d-------- C:\Program Files\SoftPerfect Bandwidth Manager
2008-02-02 18:15 . 2008-02-02 18:15 <DIR> d-------- C:\Documents and Settings\Ming\Application Data\Locktime
2008-02-02 18:14 . 2008-02-02 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-01-30 18:44 . 2008-01-30 18:44 <DIR> d-------- C:\Program Files\Logitech
2008-01-30 18:44 . 2008-01-30 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-30 18:44 . 2008-01-30 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-30 18:42 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-30 18:42 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-30 18:40 . 2008-01-30 18:45 <DIR> d-------- C:\Program Files\Common Files\logishrd
2008-01-30 18:40 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-01-30 18:40 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-01-30 18:40 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-01-30 18:40 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-01-30 18:40 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-30 18:40 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-01-30 18:40 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-01-30 18:40 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-01-29 22:34 . 2008-01-29 22:34 <DIR> d-------- C:\Documents and Settings\Ming\Application Data\Move Networks
2008-01-28 22:32 . 2008-01-28 22:32 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-28 22:11 . 2008-01-28 22:42 <DIR> d-------- C:\SDFix
2008-01-28 22:06 . 2008-01-28 22:09 <DIR> d-------- C:\fixwareout
2008-01-28 22:01 . 2008-01-28 22:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 18:23 . 2008-01-23 18:23 <DIR> d-------- C:\VundoFix Backups
2008-01-22 16:33 . 2008-01-22 16:33 <DIR> d-------- C:\Documents and Settings\Ming\Application Data\vlc
2008-01-22 16:28 . 2008-01-22 16:28 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-21 14:44 . 2008-01-21 14:44 <DIR> d-------- C:\Program Files\Common Files\NSV
2008-01-21 03:06 . 2008-01-21 03:06 <DIR> d-------- C:\Deckard
2008-01-21 01:39 . 2008-01-28 07:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 01:39 . 2008-01-21 01:41 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-21 01:39 . 2008-01-21 01:41 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-21 01:39 . 2008-01-21 01:41 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-21 01:12 . 2008-01-21 01:12 <DIR> d-------- C:\Documents and Settings\Ming\Application Data\True Sword
2008-01-18 18:54 . 2008-01-18 19:06 <DIR> d-------- C:\Music
2008-01-18 18:54 . 2008-01-18 18:54 6 -rahs---- C:\WINDOWS\iPod2PC3.obl
2008-01-18 18:53 . 2008-01-18 18:53 <DIR> d-------- C:\Documents and Settings\Ming\Application Data\iPod2PC3
2008-01-17 22:06 . 2008-01-17 22:06 <DIR> d-------- C:\Documents and Settings\Ming\Application Data\CopyTrans
2008-01-17 22:05 . 2008-01-18 18:49 <DIR> d-------- C:\Program Files\WindSolutions
2008-01-08 22:20 . 2008-01-10 19:17 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 07:11 --------- d-----w C:\Documents and Settings\Ming\Application Data\Azureus
2008-01-28 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-25 02:12 --------- d-----w C:\Program Files\Java
2008-01-21 11:05 --------- d-----w C:\Program Files\Yahoo!
2008-01-21 10:14 --------- d-----w C:\Program Files\Windows Defender
2008-01-21 10:11 --------- d-----w C:\Program Files\Common Files\ReGet Shared
2008-01-21 09:34 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-15 05:12 --------- d-----w C:\Documents and Settings\Ming\Application Data\LimeWire
2008-01-10 03:51 --------- d-----w C:\Program Files\ReGetDx
2007-12-29 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-27 20:29 --------- d-----w C:\Documents and Settings\Ming\Application Data\skypePM
2007-12-27 02:42 --------- d-----w C:\Documents and Settings\Ming\Application Data\Media Player Classic
2007-12-26 01:23 --------- d-----w C:\Program Files\QuickTime
2007-12-26 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-26 01:19 --------- d-----w C:\Program Files\Apple Software Update
2007-12-26 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-25 00:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-24 06:43 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Talkback
2007-12-23 23:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 23:27 --------- d-----w C:\Program Files\Alwil Software
2007-12-21 07:43 --------- d-----w C:\Program Files\CCleaner
2007-12-16 02:38 --------- d-----w C:\Program Files\DivX
2007-12-14 04:51 --------- d-----w C:\Program Files\InstallShield Installation Information
2007-12-14 02:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-09 08:43 --------- d-----w C:\Program Files\Lavasoft
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\updater ----

2007-11-24 14:08 1478612 --a------ C:\WINDOWS\system32\updater\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]


.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 17:27:37 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-08 0446 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-08 04:03:47 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 20:03:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-02-07 20:08:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 04:08:12
ComboFix2.txt 2008-01-25 02:04:41
ComboFix3.txt 2008-01-21 11:59:15
.
2008-02-07 23:10:06 --- E O F ---
Ielgnim is offline