Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

continuation of infected computer

Started by clay sellers , Dec 01 2007 04:06 PM

  • This topic is locked This topic is locked
No replies to this topic

#1 clay sellers

clay sellers

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 01 December 2007 - 04:06 PM

ComboFix 07-12-02.3 - Claves Sellers 2007-12-02 16:58:00.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.619 [GMT -5:00]
Running from: C:\Documents and Settings\Claves Sellers\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Claves Sellers\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\DOCUME~1\ALLUSE~1\APPLIC~1\wvetepgv.dll
C:\WINDOWS\system32\drvfak.dll
C:\WINDOWS\system32\drvfakr.dll
C:\WINDOWS\system32\gebcy
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Qoobox
C:\Qoobox\BackEnv\appdata.folder.dat
C:\Qoobox\BackEnv\cache.folder.dat
C:\Qoobox\BackEnv\desktop.folder.dat
C:\Qoobox\BackEnv\favorites.folder.dat
C:\Qoobox\BackEnv\local appdata.folder.dat
C:\Qoobox\BackEnv\local settings.folder.dat
C:\Qoobox\BackEnv\my pictures.folder.dat
C:\Qoobox\BackEnv\personal.folder.dat
C:\Qoobox\BackEnv\profiles.folder.dat
C:\Qoobox\BackEnv\programs.folder.dat
C:\Qoobox\BackEnv\setpath.bat
C:\Qoobox\BackEnv\setpath.dat
C:\Qoobox\BackEnv\start menu.folder.dat
C:\Qoobox\BackEnv\startup.folder.dat
C:\Qoobox\BackEnv\templates.folder.dat
C:\Qoobox\CFScript_used_2007-12-02@16.57.txt
C:\Qoobox\Hiv-backup\default
C:\Qoobox\Hiv-backup\ERDNT.CON
C:\Qoobox\Hiv-backup\ERDNT.EXE
C:\Qoobox\Hiv-backup\ERDNT.INF
C:\Qoobox\Hiv-backup\ERDNTDOS.LOC
C:\Qoobox\Hiv-backup\ERDNTWIN.LOC
C:\Qoobox\Hiv-backup\SAM
C:\Qoobox\Hiv-backup\SECURITY
C:\Qoobox\Hiv-backup\software
C:\Qoobox\Hiv-backup\system
C:\Qoobox\Hiv-backup\Users\00000001\NTUSER.DAT
C:\Qoobox\Hiv-backup\Users\00000002\UsrClass.dat
C:\Qoobox\Hiv-backup\Users\00000003\NTUSER.DAT
C:\Qoobox\Hiv-backup\Users\00000004\UsrClass.dat
C:\Qoobox\Hiv-backup\Users\00000005\NTUSER.DAT
C:\Qoobox\Hiv-backup\Users\00000006\UsrClass.dat
C:\Qoobox\snapshot@2007-12-02_16.41.34.50.dat
C:\Qoobox\snapshot@2007-12-02_16.41.34.50_B.dat

.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-02 16:22 . 2007-12-02 16:53 1,410 --a------ C:\WINDOWS\system32\tmp.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 21:45 --------- d-----w C:\Program Files\RegCure
2007-12-02 21:41 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-11-14 20:22 --------- d-----w C:\Program Files\World of Warcraft
2007-10-28 17:16 96,832 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-09-06 04:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2006-12-17 02:53 81,920 ----a-w C:\Documents and Settings\Claves Sellers\Application Data\ezpinst.exe
2006-12-17 02:53 47,360 ----a-w C:\Documents and Settings\Claves Sellers\Application Data\pcouffin.sys
2006-12-08 23:49 7,706,216 ----a-w C:\Documents and Settings\Claves Sellers\winzip110.exe
2006-11-26 16:27 917,504 ----a-w C:\Documents and Settings\Claves Sellers\di624_revC_firmware_276.bin
2006-11-26 16:27 917,504 ----a-w C:\Documents and Settings\Claves Sellers\di624_revC_firmware_275.bin
2006-11-24 02:38 207,529,840 ----a-w C:\Documents and Settings\Claves Sellers\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe
2006-11-01 05:18 10,829,831 ----a-w C:\Documents and Settings\Claves Sellers\cisagetdinstall.exe
2006-11-01 05:18 10,136,798 ----a-w C:\Documents and Settings\Claves Sellers\cisagetinstall.exe
2006-10-29 01:26 42,343,200 ----a-w C:\Documents and Settings\Claves Sellers\91.47_forceware_winxp2k_english_whql.exe
2006-10-22 21:59 5,570,551 ----a-w C:\Documents and Settings\Claves Sellers\DVDFabPlatinumNonCSS3020.exe
2006-10-21 12:26 15,520,048 ----a-w C:\Documents and Settings\Claves Sellers\IE7-WindowsXP-x86-enu.exe
2006-10-16 03:49 7,482,578 ----a-w C:\Documents and Settings\Claves Sellers\IntelActiveMonitor.exe
2006-10-16 03:47 1,282,759 ----a-w C:\Documents and Settings\Claves Sellers\mbm5370.exe
2006-10-15 17:49 1,502,943 ----a-w C:\Documents and Settings\Claves Sellers\installspeedfan431.exe
2006-10-15 14:19 767,067 ----a-w C:\Documents and Settings\Claves Sellers\hmonitor.zip
2006-12-11 13:42 88 --sh--r C:\WINDOWS\system32\A8817676C0.sys
2006-12-11 13:42 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-10-28 12:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 07:00 C:\WINDOWS\system32\rundll32.exe]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-10-01 08:53]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCSService]
2003-08-21 16:12 32768 --a------ C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-10-28 12:51 1600448 --a------ C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvfak.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 00:00 45056 --------- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus Xtreme G]
2003-11-04 17:00 2502656 --a------ C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-06 14:07 188416 --a------ C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
2006-01-06 14:07 348160 --a------ C:\WINDOWS\system32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
2007-10-01 08:53 66600 --a------ C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayhouseDisneyDownloadManager]
2007-01-30 10:01 284272 --a------ C:\Program Files\DIGStream\PlayhouseDisneyDownloadManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
rundll32.exe ptipbmf.dll,SetWriteCacheMode

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00 132496 --a------ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wise-FTP Scheduler]
2004-05-12 10:47 542720 --a------ C:\Program Files\AceBIT\WISE-FTP\WF_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 21:05 204288 --------- C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2004-03-18 09:33 892928 --a------ C:\Program Files\Logitech\iTouch\iTouch.exe

R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
S3 Alpham;Ideazon ZBoard Composite Keyboard Driver;C:\WINDOWS\system32\DRIVERS\Alpham.sys
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys
S3 PciCon;PciCon;\??\D:\PciCon.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 16:58:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 16:59:23
C:\ComboFix-quarantined-files.txt ... 2007-09-10 16:41
C:\ComboFix2.txt ... 2007-12-02 16:55
C:\ComboFix3.txt ... 2007-12-02 16:50
.
--- E O F ---

    Advertisements

Register to Remove

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·