Tech Support Forum - View Single Post

willbrew · 06-26-2007, 09:13 AM

combofix log, thank you so much for your help

"Rob" - 2007-06-26 11:00:57 - ComboFix 07-06-26.4 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Rob\Desktop\ComboFix-Do.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Windows Media Player\rtele.html
C:\WINDOWS\hembviq.exe
C:\WINDOWS\hembviqA.exe
C:\WINDOWS\system32\A1
C:\WINDOWS\system32\A2
C:\WINDOWS\system32\A2\wen2.exe
C:\WINDOWS\system32\A3
C:\WINDOWS\system32\A3\wr620.exe
C:\WINDOWS\system32\A5
C:\WINDOWS\system32\A5\bk53.exe
C:\WINDOWS\system32\bknpsyci.exe
C:\WINDOWS\system32\ctoxfqtw.exe
C:\WINDOWS\system32\drivers\FOPN.sys
C:\WINDOWS\system32\nrtapfnl.exe
C:\WINDOWS\system32\qwinkndt.exe

((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))

2007-06-25 17:17 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-25 14:33 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-25 14:33 <DIR> d-------- C:\Program Files\Trend Micro
2007-06-25 10:08 <DIR> d-------- C:\Temp
2007-06-25 10:07 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-25 15:57:34 -------- d-----w C:\DOCUME~1\Rob\APPLIC~1\AdobeUM
2007-04-05 22:04:44 82,944 ----a-w C:\WINDOWS\system32\ws2_32.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 09:53 C:\WINDOWS\AGRSMMSG.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec7068b0-78bc-11da-9164-c51da37d5ccb}]
AutoRun\command- E:\LaunchU3.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4b218e3e-bc98-4770-93d3-2731b9329278}
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
%SystemRoot%\system32\ie4uinit.exe

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 11:02:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-26 11:02:27
C:\ComboFix-quarantined-files.txt ... 2007-06-26 11:02
C:\ComboFix2.txt ... 2007-06-25 18:08
C:\ComboFix3.txt ... 2007-04-12 22:37

--- E O F ---

06-26-2007, 09:13 AM	#7 (permalink)
willbrew Registered User Join Date: Jan 2005 Posts: 47 OS: XP	Re: very aggressive virus combofix log, thank you so much for your help "Rob" - 2007-06-26 11:00:57 - ComboFix 07-06-26.4 - Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\Rob\Desktop\ComboFix-Do.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Windows Media Player\rtele.html C:\WINDOWS\hembviq.exe C:\WINDOWS\hembviqA.exe C:\WINDOWS\system32\A1 C:\WINDOWS\system32\A2 C:\WINDOWS\system32\A2\wen2.exe C:\WINDOWS\system32\A3 C:\WINDOWS\system32\A3\wr620.exe C:\WINDOWS\system32\A5 C:\WINDOWS\system32\A5\bk53.exe C:\WINDOWS\system32\bknpsyci.exe C:\WINDOWS\system32\ctoxfqtw.exe C:\WINDOWS\system32\drivers\FOPN.sys C:\WINDOWS\system32\nrtapfnl.exe C:\WINDOWS\system32\qwinkndt.exe ((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 ))))))))))))))))))))))))))))))) 2007-06-25 17:17 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-25 14:33 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-06-25 14:33 <DIR> d-------- C:\Program Files\Trend Micro 2007-06-25 10:08 <DIR> d-------- C:\Temp 2007-06-25 10:07 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-25 15:57:34 -------- d-----w C:\DOCUME~1\Rob\APPLIC~1\AdobeUM 2007-04-05 22:04:44 82,944 ----a-w C:\WINDOWS\system32\ws2_32.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 09:53 C:\WINDOWS\AGRSMMSG.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoColorChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispCPL"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoDispSettingsPage"=0 (0x0) "NoDispAppearancePage"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSaveSettings"=0 (0x0) "NoThemesTab"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec7068b0-78bc-11da-9164-c51da37d5ccb}] AutoRun\command- E:\LaunchU3.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4b218e3e-bc98-4770-93d3-2731b9329278} %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383} %SystemRoot%\system32\ie4uinit.exe ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-26 11:02:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-06-26 11:02:27 C:\ComboFix-quarantined-files.txt ... 2007-06-26 11:02 C:\ComboFix2.txt ... 2007-06-25 18:08 C:\ComboFix3.txt ... 2007-04-12 22:37 --- E O F ---