Thread: func.exe virus problem
View Single Post
Old 06-27-2007, 03:44 PM   #8 (permalink)
averycove
Registered User
 
Join Date: Jun 2007
Posts: 5
OS: XP


Re: func.exe virus problem
sUBS,

I installed JRE newer version. I ran the ComboFix again as you directed.

Here is the log file.

"Manju" - 2007-06-27 14:25:06 - ComboFix 07-06-27 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Manju\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Deckard
C:\Documents and Settings\B Venkat\Desktop\HiJackThis_v2\backups
C:\Documents and Settings\B Venkat\Desktop\HiJackThis_v2\backups\backup-20070625-115907-560
C:\Documents and Settings\B Venkat\Desktop\HiJackThis_v2\backups\backup-20070625-115907-970
C:\Documents and Settings\B Venkat\Desktop\HiJackThis_v2\backups\backup-20070625-115907-970.dll
C:\Documents and Settings\B Venkat\Local Settings\Temp
C:\Documents and Settings\B Venkat\Local Settings\Temp\~DF42A6.tmp
C:\Documents and Settings\B Venkat\Local Settings\Temp\~DF42AF.tmp
C:\Documents and Settings\B Venkat\Local Settings\Temp\~DF6F68.tmp
C:\Documents and Settings\B Venkat\Local Settings\Temp\~DF6FC4.tmp
C:\Documents and Settings\B Venkat\Local Settings\Temp\7651_appcompat.txt
C:\Documents and Settings\B Venkat\Local Settings\Temp\DFC5A2B2.TMP
C:\Documents and Settings\B Venkat\Local Settings\Temp\fla171.tmp
C:\Documents and Settings\B Venkat\Local Settings\Temp\is-2R2LQ.tmp\SecurityUtil.dll
C:\Documents and Settings\B Venkat\Local Settings\Temp\itgejwcs.exe
C:\Documents and Settings\B Venkat\Local Settings\Temp\jusched.log
C:\Documents and Settings\B Venkat\Local Settings\Temp\LVCOMSX.LOG
C:\Documents and Settings\B Venkat\Local Settings\Temp\UnInstall.exe
C:\Documents and Settings\Manju\Application Data\Mozilla\Firefox\Profiles\gicxo55g.default\Cache\92941175d01
C:\Program Files\HijackThis\backups
C:\Program Files\HijackThis\backups\backup-20070626-170444-133
C:\Program Files\HijackThis\backups\backup-20070626-170444-133.dll
C:\Program Files\HijackThis\backups\backup-20070626-170444-269
C:\Program Files\HijackThis\backups\backup-20070626-170444-364
C:\Program Files\HijackThis\backups\backup-20070626-170444-427
C:\Program Files\HijackThis\backups\backup-20070626-170444-541
C:\Program Files\HijackThis\backups\backup-20070626-170444-665
C:\Program Files\HijackThis\backups\backup-20070626-170444-693
C:\WINDOWS\cpbrkpie.ocx


((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))


2007-06-26 17:50 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-26 17:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-26 13:24 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-25 18:25 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-25 18:25 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-25 18:25 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-25 18:25 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-25 18:25 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-25 18:25 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-06-25 18:25 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-06-25 18:25 <DIR> d-------- C:\DOCUME~1\BVENKA~1\APPLIC~1\PC Tools
2007-06-24 22:00 <DIR> d--h----- C:\DOCUME~1\Manju\APPLIC~1\GTek
2007-06-21 20:52 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-21 20:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-06-21 20:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jasc Software Inc
2007-06-21 20:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
2007-06-21 14:13 <DIR> d-------- C:\DOCUME~1\Manju\APPLIC~1\Help
2007-06-20 19:21 <DIR> d-------- C:\DOCUME~1\Manju\APPLIC~1\Juniper Networks
2007-06-19 22:39 <DIR> d-------- C:\Temp
2007-06-06 21:16 51,200 --a------ C:\DOCUME~1\BVENKA~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-06 20:59 <DIR> d-------- C:\Kids


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 01:22:51 -------- d-----w C:\Program Files\Online Services
2007-06-21 00:22:54 -------- d-----w C:\DOCUME~1\Manju\APPLIC~1\Netscape
2007-06-21 00:19:14 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-21 00:19:14 -------- d-----w C:\Program Files\uCertify
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 01:20:35 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2005-11-04 19:29]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 21:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2005-05-26 11:38]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 01:05]
{65D886A2-7CA7-479B-BB95-14D1EFB7946A}=C:\Program Files\Yahoo!\Common\YIeTagBm.dll [2005-01-24 09:55]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar4.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-03 21:00]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 20:15]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 08:50]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 08:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 07:59]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-15 16:02]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-07 18:42]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]


Contents of the 'Scheduled Tasks' folder
2007-06-27 02:03:58 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 14:29:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NkPtpEnumP2]
"ImagePath"="\"C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe\" -a -d=\"C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll\""

Completion time: 2007-06-27 14:30:23
C:\ComboFix-quarantined-files.txt ... 2007-06-27 14:30
C:\ComboFix2.txt ... 2007-06-26 17:16
C:\ComboFix3.txt ... 2007-06-26 13:48

--- E O F ---

One more thing.. The popups have stopped from morning and also the func.exe virus notification is not showing up... Please let me know if there is any other virus or my next steps..

Thanks.

Averycove.
averycove is offline