Tech Support Forum - View Single Post

Beatrix101 · 05-01-2007, 10:39 AM

Hiya,

Thanks for helping me out :) I did as you said and the ComboFix log is as follows:

"Kevin Youens" - 07-05-01 17:20:19 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Kevin Youens\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\svycftuj.dll
C:\WINDOWS\system32\qommmmk.dll
C:\WINDOWS\system32\jmnnn.tmp
C:\WINDOWS\system32\jmnnn.ini
C:\WINDOWS\system32\jmnnn.ini2
C:\WINDOWS\system32\jmnnn.bak1
C:\WINDOWS\system32\jmnnn.bak2
C:\WINDOWS\system32\nnnmj.dll
C:\WINDOWS\system32\ljjgghi.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\{26291~1
C:\Program Files\Common Files\{36291~1

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\Client IP-IPX
-------\LEGACY_CLIENT_IP-IPX

((((((((((((((((((((((((((((((( Files Created from 2007-04-01 to 2007-05-01 ))))))))))))))))))))))))))))))))))

2007-04-25 21:43 132,660 --a------ C:\WINDOWS\system32\ileifsnh.dll
2007-04-25 11:24 123,972 --a------ C:\WINDOWS\system32\adfjiunj.dll
2007-04-24 21:07 123,972 --a------ C:\WINDOWS\system32\ifristkq.dll
2007-04-24 02:14 123,972 --a------ C:\WINDOWS\system32\exsodrwm.dll
2007-04-23 21:12 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-04-22 21:19 <DIR> d-------- C:\DOCUME~1\KEVINY~1\APPLIC~1\Lavasoft
2007-04-22 21:02 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-22 20:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 12:41 <DIR> d--hs---- C:\FOUND.001
2007-04-21 20:47 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-20 13:05 <DIR> d--hs---- C:\FOUND.000
2007-04-18 19:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-17 21:50 <DIR> d-------- C:\DOCUME~1\KEVINY~1\APPLIC~1\STOIK
2007-04-17 21:49 <DIR> d-------- C:\Program Files\STOIK Imaging
2007-04-08 00:55 <DIR> d-------- C:\Program Files\Kontiki
2007-04-08 00:55 <DIR> d-------- C:\Program Files\Channel4
2007-04-08 00:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-04-03 17:28 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-04-03 17:28 <DIR> d-------- C:\Program Files\KH2FM+ Clock

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-27 01:00 -------- d-------- C:\Program Files\windows media connect 2
2007-03-26 19:13 -------- d-------- C:\Program Files\mp3 player utilities
2007-03-20 18:57 159743 --a------ C:\WINDOWS\google pack screensaver uninstaller.exe
2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-14 19:25 -------- d-------- C:\Program Files\messenger plus! live
2007-03-11 13:25 -------- d-------- C:\Program Files\digitope setup
2007-03-10 20:15 -------- d-------- C:\Program Files\video access activex object
2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 19:46 -------- d-------- C:\Program Files\audacity
2007-03-04 17:21 -------- d-------- C:\Program Files\focus mp3 recorder pro
2007-02-05 21:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\svycftuj.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"4oD"="\"C:\\Program Files\\Kontiki\\KHost.exe\" -all"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"kdx"="C:\\Program Files\\Kontiki\\KHost.exe -all"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Kevin Youens.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-01 17:27:48
Windows 5.1.2600 Service Pack 2 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-05-01 17:33:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-01 17:33

05-01-2007, 10:39 AM	#3 (permalink)
Beatrix101 Registered User Join Date: Apr 2007 Posts: 12 OS: WinXP	Re: Laptop riddled with malware Hiya, Thanks for helping me out :) I did as you said and the ComboFix log is as follows: "Kevin Youens" - 07-05-01 17:20:19 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Kevin Youens\Desktop\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\svycftuj.dll C:\WINDOWS\system32\qommmmk.dll C:\WINDOWS\system32\jmnnn.tmp C:\WINDOWS\system32\jmnnn.ini C:\WINDOWS\system32\jmnnn.ini2 C:\WINDOWS\system32\jmnnn.bak1 C:\WINDOWS\system32\jmnnn.bak2 C:\WINDOWS\system32\nnnmj.dll C:\WINDOWS\system32\ljjgghi.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\{26291~1 C:\Program Files\Common Files\{36291~1 ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\Client IP-IPX -------\LEGACY_CLIENT_IP-IPX ((((((((((((((((((((((((((((((( Files Created from 2007-04-01 to 2007-05-01 )))))))))))))))))))))))))))))))))) 2007-04-25 21:43 132,660 --a------ C:\WINDOWS\system32\ileifsnh.dll 2007-04-25 11:24 123,972 --a------ C:\WINDOWS\system32\adfjiunj.dll 2007-04-24 21:07 123,972 --a------ C:\WINDOWS\system32\ifristkq.dll 2007-04-24 02:14 123,972 --a------ C:\WINDOWS\system32\exsodrwm.dll 2007-04-23 21:12 <DIR> d-------- C:\WINDOWS\network diagnostic 2007-04-22 21:19 <DIR> d-------- C:\DOCUME~1\KEVINY~1\APPLIC~1\Lavasoft 2007-04-22 21:02 <DIR> d-------- C:\Program Files\Lavasoft 2007-04-22 20:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-22 12:41 <DIR> d--hs---- C:\FOUND.001 2007-04-21 20:47 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-04-20 13:05 <DIR> d--hs---- C:\FOUND.000 2007-04-18 19:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-04-17 21:50 <DIR> d-------- C:\DOCUME~1\KEVINY~1\APPLIC~1\STOIK 2007-04-17 21:49 <DIR> d-------- C:\Program Files\STOIK Imaging 2007-04-08 00:55 <DIR> d-------- C:\Program Files\Kontiki 2007-04-08 00:55 <DIR> d-------- C:\Program Files\Channel4 2007-04-08 00:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki 2007-04-03 17:28 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-04-03 17:28 <DIR> d-------- C:\Program Files\KH2FM+ Clock (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-27 01:00 -------- d-------- C:\Program Files\windows media connect 2 2007-03-26 19:13 -------- d-------- C:\Program Files\mp3 player utilities 2007-03-20 18:57 159743 --a------ C:\WINDOWS\google pack screensaver uninstaller.exe 2007-03-17 14:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-14 19:25 -------- d-------- C:\Program Files\messenger plus! live 2007-03-11 13:25 -------- d-------- C:\Program Files\digitope setup 2007-03-10 20:15 -------- d-------- C:\Program Files\video access activex object 2007-03-08 16:36 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 16:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 16:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 14:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-05 19:46 -------- d-------- C:\Program Files\audacity 2007-03-04 17:21 -------- d-------- C:\Program Files\focus mp3 recorder pro 2007-02-05 21:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll {9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll {BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll {D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\svycftuj.dll [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "LaunchApp"="Alaunch" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "DSLSTATEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon" "DSLAGENTEXE"="C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\"" "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "4oD"="\"C:\\Program Files\\Kontiki\\KHost.exe\" -all" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background" "kdx"="C:\\Program Files\\Kontiki\\KHost.exe -all" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Kevin Youens.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-01 17:27:48 Windows 5.1.2600 Service Pack 2 FAT scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 07-05-01 17:33:46 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-05-01 17:33