help needed - log included REPOST

**jholland1964** · 01-15-2008, 12:22 AM

Sorry this took me so long to get back to you.
You still need to do several things.
First you need to remove that Killbox
Do this by Remove the files in the !killbox folder, by deleting the folder
C:\!killbox

Next I would like you to run ComboFix again. Remember close all windows, shut down antivirus and firewall as these could interfere with the cleaning process of the program. Don't touch the mouse while the program is running.
Once it is complete and produces the log then post back here with the log.

**Paradis158** · 01-15-2008, 07:49 PM

Here is the updated combofix log:

ComboFix 08-01-09.2 - Administrator 2008-01-15 19:44:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.176 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2008-01-08 20:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 18:40 . 2008-01-08 19:17 <DIR> d-------- C:\VundoFix Backups
2008-01-08 15:45 . 2008-01-08 15:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-08 15:45 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-08 13:26 . 2008-01-08 13:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-06 11:46 . 2008-01-06 11:46 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-06 11:46 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-03 16:10 . 2008-01-06 12:30 766 --a------ C:\WINDOWS\wininit.ini
2008-01-02 19:46 . 2007-04-19 10:54 289 --a------ C:\boot.ini.backup
2008-01-02 13:19 . 2008-01-02 13:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-02 12:46 . 2008-01-08 16:53 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-02 12:39 . 2008-01-02 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-31 00:05 . 2007-12-31 00:06 <DIR> d-------- C:\Program Files\Google
2007-12-31 00:05 . 2008-01-10 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-27 23:27 . 2008-01-10 14:55 <DIR> d-------- C:\WINDOWS\system32\ardCo01
2007-12-27 16:58 . 2008-01-02 13:02 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-27 16:58 . 2008-01-02 13:02 81,920 --a------ C:\WINDOWS\system32\ps2 .exe
2007-12-27 16:58 . 2008-01-02 11:51 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-27 15:54 . 2007-12-27 16:57 <DIR> d-------- C:\WINDOWS\system32\to9
2007-12-27 15:54 . 2007-12-27 16:57 <DIR> d-------- C:\WINDOWS\system32\dj2
2007-12-27 15:53 . 2007-12-27 15:54 <DIR> d-------- C:\WINDOWS\system32\cpd1
2007-12-27 15:53 . 2007-12-27 15:58 <DIR> d-------- C:\WINDOWS\system32\bbc9
2007-12-27 15:53 . 2008-01-08 16:52 <DIR> d-------- C:\WINDOWS\system32\ardCo02
2007-12-27 15:53 . 2007-12-27 15:53 <DIR> d-------- C:\Temp\cEeer12
2007-12-27 15:53 . 2008-01-08 21:01 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-02 21:48 --------- d-----w C:\Program Files\Multimedia Card Reader
2007-12-10 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

Code:

<pre>
----a-w            61,440 2008-01-02 18:02:37  C:\hp\KBD\KBD .EXE
----a-w            79,224 2008-01-02 18:02:43  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w           335,872 2008-01-02 18:02:40  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           139,264 2008-01-02 18:02:41  C:\Program Files\Multimedia Card Reader\shwicon2k .exe
----a-w           866,584 2008-01-02 18:02:53  C:\Program Files\Windows Defender\MSASCui .exe
----a-w            50,176 2008-01-02 16:50:50  C:\WINDOWS\eHome\ehtray .exe
----a-w            15,360 2008-01-02 16:51:03  C:\WINDOWS\system32\ctfmon .exe
----a-w           118,784 2008-01-02 18:02:37  C:\WINDOWS\system32\hkcmd .exe
----a-w            81,920 2008-01-02 18:02:39  C:\WINDOWS\system32\ps2 .exe
</pre>

((((((((((((((((((((((((((((( snapshot@2008-01-08_21.05.09.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-08-17 12:28:27 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-10 20:03:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4265D4E4-9C36-4554-9EEB-AA1F7A2CCACE}]
C:\WINDOWS\system32\ddcyw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{901B67E2-1DEE-4D95-B51E-CEBA847C9BA5}]
C:\Program Files\WindowsUpdate\hokepC:\WINDOWS\system32\to9\p arreo83122.exe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LTMSG"="LTMSG.exe" [2003-07-14 20:52 40960 C:\WINDOWS\ltmsg.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-31 00:05:24]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 07:49:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoolj]
ssqoolj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]
--a------ 2003-06-18 22:19 53248 C:\hp\bin\AUTOTKIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a------ 2002-10-07 10:23 90112 c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2003-05-23 05:55 483328 C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 19:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 00:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2003-12-17 03:10 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 11:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

R2 CX23880;Conexant 23880 Video Capture;C:\WINDOWS\system32\drivers\cx88vid.sys [2003-12-10 20:40]
R2 CX88ENC;Conexant 2388x MPEG Encoder;C:\WINDOWS\system32\drivers\cx88enc.sys [2003-12-10 20:40]
R2 CX88XBAR;Conexant 2388x Crossbar Dual Input;C:\WINDOWS\system32\drivers\CX88XBARDUAL.sys [2003-12-10 20:40]
R2 CXTUNE;Conexant 2388x Tuner;C:\WINDOWS\system32\drivers\CX88TUNE.sys [2003-12-10 20:40]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 00:43:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 19:45:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-15 19:46:27
ComboFix-quarantined-files.txt 2008-01-16 00:46:24
ComboFix2.txt 2008-01-09 02:05:28
.
2008-01-16 00:42:37 --- E O F ---

Thread: help needed - log included REPOST

Thread Tools

Display

Hybrid View

combofix log

Thread Information

Users Browsing this Thread

Posting Permissions