Tech Support Forum - View Single Post

silverado1981 · 08-12-2007, 09:04 AM

Thank you so much you're awesome

ComboFix 07-08-12.5 - "Doug Barnes" 2007-08-12 9:55:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.239 [GMT -5:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\DOUGBA~1\Desktop\internet.lnk
C:\Program Files\Common Files\sstem3~1
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\mantec~1
C:\WINDOWS\mantec~1\??mantec\
C:\WINDOWS\mantec~1\msiexec.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\configs\w9b.exe
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
C:\WINDOWS\system32\V1
C:\WINDOWS\system32\win
C:\WINDOWS\system32\win\w7q.exe
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wnsapiisv32.exe
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\Z1\vt22011.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\wr.txt

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\ApiMon

((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))

2007-08-12 09:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 16:37 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-08-11 16:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-11 11:50 786,432 --ah----- C:\DOCUME~1\Home\NTUSER.DAT
2007-08-11 11:03 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-08-11 11:03 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-08-11 11:03 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-08-11 11:03 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-08-11 11:03 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-08-11 11:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-08-11 11:03 <DIR> d-------- C:\DOCUME~1\DOUGBA~1\APPLIC~1\PC Tools
2007-08-11 11:02 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-11 11:02 27,383,448 --a------ C:\Program Files\spyware remover.exe
2007-08-11 09:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-08-11 09:58 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-11 09:58 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-08-11 09:58 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-08-11 09:57 765,736 --a------ C:\Temp\bass.exe
2007-08-11 09:05 <DIR> d-------- C:\WINDOWS\system32\tempchk
2007-08-11 09:04 192,585 --a------ C:\WINDOWS\system32\lwinqmdt.exe
2007-08-11 09:04 <DIR> d-------- C:\Temp
2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\hosy22011.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-11 21:39 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-08-11 11:25 --------- d-------- C:\DOCUME~1\DOUGBA~1\APPLIC~1\GRLevel3
2007-07-09 18:44 2370 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-07-08 17:30 --------- d-------- C:\Program Files\GRLevelX
2007-07-08 17:04 --------- d-------- C:\Program Files\InstallShield Installation Information
2007-07-08 17:04 --------- d-------- C:\Program Files\Canon
2007-07-08 17:01 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-08 16:55 --------- d-------- C:\Program Files\KODAK
2007-07-08 16:54 --------- d-------- C:\Program Files\CASIO
2007-07-08 16:38 315624 --a------ C:\dxwebsetup.exe
2007-07-08 16:29 6320173 --a------ C:\grlevel3_setup.exe
2007-07-08 15:54 0 -rahs---- C:\MSDOS.SYS
2007-07-08 15:54 0 -rahs---- C:\IO.SYS
2007-07-08 15:54 0 --a------ C:\CONFIG.SYS
2007-07-08 15:54 0 --a------ C:\AUTOEXEC.BAT
2007-07-08 15:54 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-08 15:53 8738 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-07-08 15:52 --------- d-------- C:\Program Files\Online Services
2007-07-08 15:51 --------- d-------- C:\Program Files\Movie Maker
2007-07-08 15:50 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-07-08 15:48 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-08 15:48 --------- d-------- C:\Program Files\Windows NT
2007-07-08 15:48 --------- d-------- C:\Program Files\Messenger
2007-07-08 10:40 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-08 10:40 --------- d-------- C:\Program Files\Common Files\ODBC

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 16:16]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-27 13:54]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

S3 QV2KUX;Casio Digital Camera;C:\WINDOWS\System32\DRIVERS\qv2kux.sys

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 09:58:11
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 10:00:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 10:00

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:19 AM, on 8/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.srh.noaa.gov/forecast/Map...te=TX&site=LUB
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 2314 bytes

08-12-2007, 09:04 AM	#3 (permalink)
silverado1981 Registered User Join Date: Aug 2007 Posts: 5 OS: xp	Re: please help with my log file Thank you so much you're awesome ComboFix 07-08-12.5 - "Doug Barnes" 2007-08-12 9:55:17.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.239 [GMT -5:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007 C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode C:\DOCUME~1\DOUGBA~1\Desktop\internet.lnk C:\Program Files\Common Files\sstem3~1 C:\Program Files\svhost C:\Program Files\svhost\wr-1-0000077.exe C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\fse C:\Temp\fse\tmpZTF.log C:\WINDOWS\mantec~1 C:\WINDOWS\mantec~1\??mantec\ C:\WINDOWS\mantec~1\msiexec.exe C:\WINDOWS\svhost.exe C:\WINDOWS\system32\configs C:\WINDOWS\system32\configs\w9b.exe C:\WINDOWS\system32\dwdsrngt.exe C:\WINDOWS\system32\f02WtR C:\WINDOWS\system32\f02WtR\f02WtR1065.exe C:\WINDOWS\system32\f10WtR C:\WINDOWS\system32\f10WtR\f10WtR1099.exe C:\WINDOWS\system32\V1 C:\WINDOWS\system32\win C:\WINDOWS\system32\win\w7q.exe C:\WINDOWS\system32\winpfz32.sys C:\WINDOWS\system32\wnsapiisv32.exe C:\WINDOWS\system32\Z1 C:\WINDOWS\system32\Z1\vt22011.exe C:\WINDOWS\tk58.exe C:\WINDOWS\wr.txt ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\ApiMon ((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 ))))))))))))))))))))))))))))))) 2007-08-12 09:54 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-11 16:37 812,344 --a------ C:\Program Files\HJTInstall.exe 2007-08-11 16:37 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-11 11:50 786,432 --ah----- C:\DOCUME~1\Home\NTUSER.DAT 2007-08-11 11:03 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-11 11:03 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-11 11:03 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-11 11:03 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-08-11 11:03 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-11 11:03 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-08-11 11:03 <DIR> d-------- C:\DOCUME~1\DOUGBA~1\APPLIC~1\PC Tools 2007-08-11 11:02 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-11 11:02 27,383,448 --a------ C:\Program Files\spyware remover.exe 2007-08-11 09:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-08-11 09:58 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-08-11 09:58 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-08-11 09:58 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-08-11 09:57 765,736 --a------ C:\Temp\bass.exe 2007-08-11 09:05 <DIR> d-------- C:\WINDOWS\system32\tempchk 2007-08-11 09:04 192,585 --a------ C:\WINDOWS\system32\lwinqmdt.exe 2007-08-11 09:04 <DIR> d-------- C:\Temp 2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\hosy22011.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-11 21:39 --------- d-------- C:\Program Files\MSN Gaming Zone 2007-08-11 11:25 --------- d-------- C:\DOCUME~1\DOUGBA~1\APPLIC~1\GRLevel3 2007-07-09 18:44 2370 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin 2007-07-08 17:30 --------- d-------- C:\Program Files\GRLevelX 2007-07-08 17:04 --------- d-------- C:\Program Files\InstallShield Installation Information 2007-07-08 17:04 --------- d-------- C:\Program Files\Canon 2007-07-08 17:01 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-08 16:55 --------- d-------- C:\Program Files\KODAK 2007-07-08 16:54 --------- d-------- C:\Program Files\CASIO 2007-07-08 16:38 315624 --a------ C:\dxwebsetup.exe 2007-07-08 16:29 6320173 --a------ C:\grlevel3_setup.exe 2007-07-08 15:54 0 -rahs---- C:\MSDOS.SYS 2007-07-08 15:54 0 -rahs---- C:\IO.SYS 2007-07-08 15:54 0 --a------ C:\CONFIG.SYS 2007-07-08 15:54 0 --a------ C:\AUTOEXEC.BAT 2007-07-08 15:54 --------- d-------- C:\Program Files\microsoft frontpage 2007-07-08 15:53 8738 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin 2007-07-08 15:52 --------- d-------- C:\Program Files\Online Services 2007-07-08 15:51 --------- d-------- C:\Program Files\Movie Maker 2007-07-08 15:50 --------- d-------- C:\Program Files\Common Files\MSSoap 2007-07-08 15:48 --------- d--h----- C:\Program Files\WindowsUpdate 2007-07-08 15:48 --------- d-------- C:\Program Files\Windows NT 2007-07-08 15:48 --------- d-------- C:\Program Files\Messenger 2007-07-08 10:40 --------- d-------- C:\Program Files\Common Files\SpeechEngines 2007-07-08 10:40 --------- d-------- C:\Program Files\Common Files\ODBC ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 16:16] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-27 13:54] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" S3 QV2KUX;Casio Digital Camera;C:\WINDOWS\System32\DRIVERS\qv2kux.sys ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-12 09:58:11 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-12 10:00:06 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-12 10:00 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:04:19 AM, on 8/12/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.srh.noaa.gov/forecast/Map...te=TX&site=LUB O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 2314 bytes