"trojan horse"

koolkid12349

New Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:25 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/remote
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6538 bytes
 

koolkid12349

New Member
yea so anyway same crap, computers infected blah blah blah >.> "trojan horse" this time so says norton, im going to run combo fix in a second
 

koolkid12349

New Member
hopefully it isn't to bad, i still haven't restarted my computer, and the trojan was in a download file, i never installed the program that the trojan came with, so does that nesicarily mean im safe?

ComboFix 08-01-23.1B - Owner 2008-02-01 19:19:41.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.667 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-01 17:33 . 2008-02-01 17:33 1,585,350 --a------ C:\picture197.bmp
2008-02-01 17:33 . 2008-02-01 17:33 1,585,350 --a------ C:\picture196.bmp
2008-02-01 17:33 . 2008-02-01 17:33 1,585,350 --a------ C:\picture195.bmp
2008-02-01 17:32 . 2008-02-01 17:32 1,585,350 --a------ C:\picture194.bmp
2008-02-01 17:32 . 2008-02-01 17:32 1,585,350 --a------ C:\picture193.bmp
2008-02-01 17:32 . 2008-02-01 17:32 1,585,350 --a------ C:\picture192.bmp
2008-02-01 17:32 . 2008-02-01 17:32 1,585,350 --a------ C:\picture191.bmp
2008-01-31 21:46 . 2008-01-31 21:46 2,279,478 --a------ C:\picture190.bmp
2008-01-31 19:52 . 2008-01-31 19:52 1,585,350 --a------ C:\picture189.bmp
2008-01-31 19:52 . 2008-01-31 19:52 1,585,350 --a------ C:\picture188.bmp
2008-01-31 19:51 . 2008-01-31 19:51 1,585,350 --a------ C:\picture187.bmp
2008-01-29 21:52 . 2008-01-29 21:52 2,279,478 --a------ C:\picture186.bmp
2008-01-29 21:50 . 2008-01-29 21:50 2,279,478 --a------ C:\picture185.bmp
2008-01-29 18:25 . 2008-01-29 18:25 2,279,478 --a------ C:\picture184.bmp
2008-01-29 18:22 . 2008-01-29 18:22 2,279,478 --a------ C:\picture183.bmp
2008-01-28 22:24 . 2008-01-28 22:24 2,279,478 --a------ C:\picture182.bmp
2008-01-26 21:36 . 2008-01-26 21:36 2,279,478 --a------ C:\picture181.bmp
2008-01-26 20:59 . 2008-01-26 20:59 2,279,478 --a------ C:\picture180.bmp
2008-01-26 19:56 . 2008-01-26 19:56 2,279,478 --a------ C:\picture179.bmp
2008-01-26 19:54 . 2008-01-26 19:54 2,279,478 --a------ C:\picture178.bmp
2008-01-26 19:51 . 2008-01-26 19:51 2,279,478 --a------ C:\picture177.bmp
2008-01-26 16:39 . 2008-01-26 16:39 1,585,350 --a------ C:\picture176.bmp
2008-01-26 11:41 . 2008-01-26 11:41 2,279,478 --a------ C:\picture175.bmp
2008-01-25 21:10 . 2008-01-25 21:10 1,585,350 --a------ C:\picture174.bmp
2008-01-25 21:10 . 2008-01-25 21:10 1,585,350 --a------ C:\picture173.bmp
2008-01-25 21:10 . 2008-01-25 21:10 1,585,350 --a------ C:\picture172.bmp
2008-01-25 21:10 . 2008-01-25 21:10 1,585,350 --a------ C:\picture171.bmp
2008-01-25 20:47 . 2008-01-25 20:47 1,585,350 --a------ C:\picture170.bmp
2008-01-25 19:58 . 2008-01-25 19:58 <DIR> d-------- C:\Deckard
2008-01-24 17:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 18:36 . 2008-01-23 18:36 1,585,350 --a------ C:\picture169.bmp
2008-01-23 18:36 . 2008-01-23 18:36 1,585,350 --a------ C:\picture168.bmp
2008-01-23 17:24 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-23 17:23 . 2008-01-23 17:24 <DIR> d-------- C:\Program Files\Java
2008-01-23 17:23 . 2008-01-23 17:23 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-21 19:53 . 2008-01-21 19:53 2,279,478 --a------ C:\picture167.bmp
2008-01-21 17:18 . 2008-01-21 17:18 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-01-21 17:18 . 2007-12-17 03:34 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-01-21 17:04 . 2008-01-21 17:04 <DIR> d-------- C:\Program Files\uTorrent
2008-01-20 18:38 . 2008-01-20 18:38 2,328,630 --a------ C:\picture166.bmp
2008-01-20 13:03 . 2008-01-20 13:03 1,585,350 --a------ C:\picture165.bmp
2008-01-19 21:47 . 2008-01-19 21:47 2,279,478 --a------ C:\picture164.bmp
2008-01-16 19:37 . 2008-01-16 19:37 2,279,478 --a------ C:\picture163.bmp
2008-01-16 09:05 . 2008-01-16 09:05 0 --a------ C:\LOG43.tmp
2008-01-15 20:48 . 2008-01-15 20:48 2,264,238 --a------ C:\picture162.bmp
2008-01-12 01:23 . 2008-01-12 01:23 2,279,478 --a------ C:\picture161.bmp
2008-01-12 00:57 . 2008-01-12 00:57 2,279,478 --a------ C:\picture160.bmp
2008-01-12 00:57 . 2008-01-12 00:57 2,279,478 --a------ C:\picture159.bmp
2008-01-12 00:55 . 2008-01-12 00:55 2,279,478 --a------ C:\picture158.bmp
2008-01-12 00:55 . 2008-01-12 00:55 2,279,478 --a------ C:\picture157.bmp
2008-01-12 00:55 . 2008-01-12 00:55 2,279,478 --a------ C:\picture156.bmp
2008-01-08 22:48 . 2008-01-08 22:48 2,279,478 --a------ C:\picture155.bmp
2008-01-08 22:34 . 2008-01-08 22:34 1,585,350 --a------ C:\picture154.bmp
2008-01-07 18:52 . 2008-01-07 18:52 2,279,478 --a------ C:\picture153.bmp
2008-01-07 17:52 . 2008-01-07 17:52 2,279,478 --a------ C:\picture152.bmp
2008-01-07 17:52 . 2008-01-07 17:52 2,279,478 --a------ C:\picture151.bmp
2008-01-06 23:15 . 2008-01-06 23:15 1,585,350 --a------ C:\picture150.bmp
2008-01-06 23:14 . 2008-01-06 23:14 1,585,350 --a------ C:\picture149.bmp
2008-01-06 23:14 . 2008-01-06 23:14 1,585,350 --a------ C:\picture148.bmp
2008-01-06 23:14 . 2008-01-06 23:14 1,585,350 --a------ C:\picture147.bmp
2008-01-06 23:12 . 2008-01-06 23:12 1,585,350 --a------ C:\picture146.bmp
2008-01-06 23:11 . 2008-01-06 23:11 1,585,350 --a------ C:\picture145.bmp
2008-01-06 23:08 . 2008-01-06 23:08 1,585,350 --a------ C:\picture144.bmp
2008-01-06 23:08 . 2008-01-06 23:08 1,585,350 --a------ C:\picture143.bmp
2008-01-06 23:08 . 2008-01-06 23:08 1,585,350 --a------ C:\picture142.bmp
2008-01-06 23:07 . 2008-01-06 23:07 1,585,350 --a------ C:\picture141.bmp
2008-01-06 23:07 . 2008-01-06 23:07 1,585,350 --a------ C:\picture140.bmp
2008-01-06 22:25 . 2008-01-06 22:25 1,585,350 --a------ C:\picture139.bmp
2008-01-06 22:22 . 2008-01-06 22:22 1,585,350 --a------ C:\picture138.bmp
2008-01-06 22:21 . 2008-01-06 22:21 1,585,350 --a------ C:\picture137.bmp
2008-01-06 22:21 . 2008-01-06 22:21 47,926 --a------ C:\picture136.bmp
2008-01-06 17:41 . 2008-01-06 17:41 1,585,350 --a------ C:\picture135.bmp
2008-01-04 23:56 . 2008-01-04 23:58 <DIR> d-------- C:\WINDOWS\.file_store_32
2008-01-04 19:57 . 2008-01-04 20:01 2,279,478 --a------ C:\picture134.bmp
2008-01-04 02:04 . 2008-01-04 02:04 2,359,350 --a------ C:\picture133.bmp
2008-01-04 01:56 . 2008-01-04 01:56 2,359,350 --a------ C:\picture132.bmp
2008-01-04 01:54 . 2008-01-04 01:54 2,359,350 --a------ C:\picture131.bmp
2008-01-04 01:54 . 2008-01-04 01:54 2,359,350 --a------ C:\picture130.bmp
2008-01-04 01:54 . 2008-01-04 01:54 2,359,350 --a------ C:\picture129.bmp
2008-01-04 01:54 . 2008-01-04 01:54 2,359,350 --a------ C:\picture128.bmp
2008-01-04 00:32 . 2008-01-04 00:32 2,359,350 --a------ C:\picture127.bmp
2008-01-04 00:03 . 2008-01-04 00:03 2,359,350 --a------ C:\picture126.bmp
2008-01-03 01:41 . 2008-01-03 01:41 2,359,350 --a------ C:\picture125.bmp
2008-01-03 01:41 . 2008-01-03 01:41 2,359,350 --a------ C:\picture124.bmp
2008-01-02 01:49 . 2008-01-02 01:49 2,279,478 --a------ C:\picture123.bmp
2008-01-02 01:10 . 2008-01-02 01:10 2,279,478 --a------ C:\picture122.bmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 03:40 --------- d-----w C:\Program Files\SwiftSwitch
2008-01-31 22:30 --------- d-----w C:\Program Files\mIRC
2008-01-24 22:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-17 14:00 --------- d-----w C:\Program Files\Google
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-05 15:11 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 15:11 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 15:11 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 15:11 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 15:11 --------- d-----w C:\Program Files\Symantec
2007-12-04 19:01 --------- d-----w C:\Program Files\PartyGaming
2007-12-03 23:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 23:53 --------- d-----w C:\Program Files\Kerio
2007-11-22 02:37 3,120 ----a-w C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-09-20 18:11 14,614,325 ----a-w C:\Program Files\high_and_mighty_color_ichirin_no_hana_less_vocal_ver.zip
2007-09-20 18:09 9,323,681 ----a-w C:\Program Files\01_d_tecnoLife.zip
2007-09-03 23:03 1,217,264 ----a-w C:\Program Files\Win32OpenSSL_Light-0_9_8e.exe
2007-08-13 23:16 1,008,360 ----a-w C:\Program Files\MzBot no patcher.rar
2007-08-11 03:21 27,728 ----a-w C:\Program Files\file1.jpg
2007-08-09 15:26 664,572,433 ----a-w C:\Program Files\MSSetup.exe
2007-08-01 21:22 5,914,648 ----a-w C:\Program Files\SUPERAntiSpyware.exe
2007-08-01 20:28 212,849 ----a-w C:\Program Files\hijackthis.zip
2007-08-01 07:45 921,654 ----a-w C:\Program Files\file.BMP
2007-08-01 07:44 28,272 ----a-w C:\Program Files\file.bin
2007-07-31 19:56 50,375 ----a-w C:\Program Files\SAtrainerFinalv3.zip
2007-08-01 20:31 1,730,597 --sh--w C:\WINDOWS\system32\qttss.bak1
2007-08-01 20:42 1,730,036 --sh--w C:\WINDOWS\system32\qttss.bak2
2007-08-01 22:14 1,738,768 --sh--w C:\WINDOWS\system32\qttss.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-01-13 12:53 114688]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 02:11 771704]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18 270648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 12:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-01-05 14:23:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-29 01:00:18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 19:21:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-01 19:22:08
ComboFix-quarantined-files.txt 2008-02-02 00:21:58
ComboFix2.txt 2008-01-25 18:48:18
ComboFix3.txt 2008-01-24 22:38:20
.
2008-01-10 19:43:27 --- E O F ---
 

koolkid12349

New Member
oops, all a misunderstanding

sorry

and now it appears i am wrong, anyway ceewi buzz or anyone, in my combofix log in the find 3m, what are these, because i have heard they are associated with vundo infections

2007-08-01 20:31 1,730,597 --sh--w C:\WINDOWS\system32\qttss.bak1
2007-08-01 20:42 1,730,036 --sh--w C:\WINDOWS\system32\qttss.bak2
2007-08-01 22:14 1,738,768 --sh--w C:\WINDOWS\system32\qttss.ini2
 

ceewi1

VIP Member
They're Vundo remnants, but not active.

Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\qttss.bak1
    C:\WINDOWS\system32\qttss.bak2
    C:\WINDOWS\system32\qttss.ini2


  • Return to OTMoveIt, right click on the Paste List of Files/Folders to be moved window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

That aside, your logfile appears to be clean.
 

koolkid12349

New Member
yea i don't like things on my computer that aren't mine =p, that link dosent seem to work

[Custom Input]
< C:\WINDOWS\system32\qttss.bak1 >
C:\WINDOWS\system32\qttss.bak1 moved successfully.
< C:\WINDOWS\system32\qttss.bak2 >
C:\WINDOWS\system32\qttss.bak2 moved successfully.
< C:\WINDOWS\system32\qttss.ini2 >
C:\WINDOWS\system32\qttss.ini2 moved successfully.

OTMoveIt2 v1.0.17 log created on 02062008_173642

nevermind found OTMoveit2 in another post
 
Last edited:

ceewi1

VIP Member
Sorry about that, my fault, but that's successfully removed the remnants, there's nothing malicious left.
 

koolkid12349

New Member
ceewi, i wanted to ask, what does the core.cache.dsk infection do

my friend has an infection includeing that that combo fix cant delete, and due to sex1 ~ sex5 being on the deletions list i also believe that he had zlob.pornadvirtiser.ba , anyway, i installed and ran combo fix on his comp and cleaned it a bit, but core.cache.dsk wouldnt delete, any suggestions, i know one way to do it is with avenger
 

ceewi1

VIP Member
The most common symptom is unwanted popups.

Don't try using The Avenger on it - it's a very powerful and dangerous program and unless you know precisely what to remove it will likely be ineffective anyway, and risks damaging the PC.

Post the ComboFix log here, there's nothing I can suggest without it.
 
Top