Thread: Good Samritan needs Help
View Single Post
Old 07-03-2007, 07:34 PM   #7 (permalink)
Tralfaz
Registered User
 
Join Date: Jul 2007
Posts: 7
OS: XP


Re: Good Samritan needs Help
Thanks Again...

I am working my way thru all the instructions. Due to the restarts required I am going to post a partial response now, and another when finished.


>Submitted file as requested to Bleeping Computer.



>AskTBar,SpyHunter were removed with Add/Remove yesterday,or the day before (Before my request on this site).

>I 'Fixed' as many of the Hijack this entries you listed that were still there, a couple were not there...


>ComboFix Log:

"Arts 'n Motion" - 2007-07-03 21:16:20 - ComboFix 07-07-04.1 - Service Pack 2
Command switches used :: C:\Documents and Settings\Arts 'n Motion\My Documents\viral\combofix-do.txt


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\napdwfkp.dll
C:\WINDOWS\SYSTEM32\oqstv.bak1
C:\WINDOWS\SYSTEM32\oqstv.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ARTS'N~1\MYDOCU~1.\stem~1
C:\Documents and Settings\ARTS'N~1.\err.log
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\PopSwatr\History\allowed
C:\Program Files\AskTBar\PopSwatr\History\notallow
C:\Program Files\Enigma Software Group
C:\WINDOWS\Registration\ntp2.ini
C:\WINDOWS\system32\yvajhqgq.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))


2007-07-03 20:36 <DIR> d-------- C:\SiteAdvisor
2007-07-03 20:36 <DIR> d-------- C:\McAfee
2007-07-03 18:54 486 --a------ C:\DOCUME~1\ARTS'N~1\submit.bat
2007-07-03 16:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-03 14:01 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-03 07:33 95,872 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
2007-07-03 07:33 94,552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2007-07-03 07:33 85,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2007-07-03 07:33 745,600 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-07-03 07:33 43,176 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2007-07-03 07:33 26,888 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2007-07-03 07:33 23,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2007-07-03 07:33 <DIR> d-------- C:\Program Files\Alwil Software
2007-07-02 11:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-07-02 09:58 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-07-02 08:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSNInstaller
2007-07-02 08:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
2007-07-02 08:00 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-07-02 07:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-07-01 23:00 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2007-07-01 23:00 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2007-07-01 22:38 <DIR> d-------- C:\WINDOWS\setup.pss
2007-07-01 18:49 <DIR> d-------- C:\WINDOWS\dell


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 12:11:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-02 12:11:12 -------- d-----w C:\Program Files\eMusic Download Manager
2007-07-02 11:58:30 -------- d-----w C:\Program Files\Yahoo!
2007-07-02 03:07:36 23,444 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-07-02 00:47:32 -------- d-----w C:\Program Files\McAfee
2007-06-29 15:51:31 -------- d-----w C:\Program Files\QuickBooks Pro
2007-06-27 13:51:25 -------- d-----w C:\DOCUME~1\ARTS'N~1\APPLIC~1\AdobeUM
2007-06-21 16:23:08 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-02 20:03:46 5,410 ----a-w C:\WINDOWS\system32\tmp.reg
2007-06-02 19:17:45 -------- d-----w C:\DOCUME~1\ARTS'N~1\APPLIC~1\SiteAdvisor
2007-06-02 19:01:52 -------- d-----w C:\DOCUME~1\ARTS'N~1\APPLIC~1\GetRightToGo
2007-06-01 16:44:19 -------- d-----w C:\Program Files\McAfee.com
2007-06-01 16:42:54 -------- d-----w C:\Program Files\SiteAdvisor
2007-06-01 16:42:02 -------- d-----w C:\Program Files\Common Files\McAfee
2007-05-30 20:59:36 135,432 ----a-w C:\DOCUME~1\ARTS'N~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-26 21:30:46 -------- d-----w C:\Program Files\Messenger
2007-05-26 20:19:10 -------- d-----w C:\Program Files\iTunes
2007-05-26 20:18:57 -------- d-----w C:\Program Files\iPod
2007-05-26 20:13:27 -------- d-----w C:\Program Files\QuickTime
2007-05-26 19:43:36 -------- d-----w C:\DOCUME~1\ARTS'N~1\APPLIC~1\Lavasoft
2007-05-26 19:42:38 -------- d-----w C:\Program Files\Lavasoft
2007-05-26 17:31:50 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-25 15:53:25 -------- d-----w C:\DOCUME~1\ARTS'N~1\APPLIC~1\Help
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 16:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
2007-03-30 11:41 1099304 --a------ C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19C8E43B-07B3-49CB-BFFC-6777B593E6F8}]
2006-08-17 06:28 520704 --a------ C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 03:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
2006-12-22 16:02 67136 --a------ c:\program files\mcafee\virusscan\scriptcl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 03:01]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 11:42]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 10:16]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-17 15:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 15:46]
"P17Helper"="P17.dll" [2004-06-10 13:51 C:\WINDOWS\SYSTEM32\P17.dll]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 16:04]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 14:16]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38]
"DXDllRegExe"="dxdllreg.exe" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 18:54]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 03:01]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 12:43]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 10:34]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 14:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-06-23 19:59:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-15 06:20:08 C:\WINDOWS\tasks\McDefragTask.job
2007-06-01 16:41:49 C:\WINDOWS\tasks\McQcTask.job

**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 21:20:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-03 21:23:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-03 21:23
C:\ComboFix2.txt ... 2007-07-03 16:10

--- E O F ---
Tralfaz is offline