Tech Support Forum - View Single Post

silverado1981 · 08-12-2007, 12:22 PM

ComboFix 07-08-12.5 - "Doug Barnes" 2007-08-12 12:35:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.291 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Doug Barnes\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\lwinqmdt.exe

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\hosy22011.exe
C:\Temp\bass.exe
C:\WINDOWS\system32\lwinqmdt.exe

((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))

2007-08-12 09:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 16:37 812,344 --a------ C:\Program Files\HJTInstall.exe
2007-08-11 16:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-11 11:50 786,432 --ah----- C:\DOCUME~1\Home\NTUSER.DAT
2007-08-11 11:03 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-08-11 11:03 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-08-11 11:03 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-08-11 11:03 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-08-11 11:03 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-08-11 11:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-08-11 11:03 <DIR> d-------- C:\DOCUME~1\DOUGBA~1\APPLIC~1\PC Tools
2007-08-11 11:02 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-08-11 11:02 27,383,448 --a------ C:\Program Files\spyware remover.exe
2007-08-11 09:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-08-11 09:58 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-11 09:58 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-08-11 09:58 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-08-11 09:05 <DIR> d-------- C:\WINDOWS\system32\tempchk
2007-08-11 09:04 <DIR> d-------- C:\Temp

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-11 21:39 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-08-11 11:25 --------- d-------- C:\DOCUME~1\DOUGBA~1\APPLIC~1\GRLevel3
2007-07-09 18:44 2370 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-07-08 17:30 --------- d-------- C:\Program Files\GRLevelX
2007-07-08 17:04 --------- d-------- C:\Program Files\InstallShield Installation Information
2007-07-08 17:04 --------- d-------- C:\Program Files\Canon
2007-07-08 17:01 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-08 16:55 --------- d-------- C:\Program Files\KODAK
2007-07-08 16:54 --------- d-------- C:\Program Files\CASIO
2007-07-08 16:38 315624 --a------ C:\dxwebsetup.exe
2007-07-08 16:29 6320173 --a------ C:\grlevel3_setup.exe
2007-07-08 15:54 0 -rahs---- C:\MSDOS.SYS
2007-07-08 15:54 0 -rahs---- C:\IO.SYS
2007-07-08 15:54 0 --a------ C:\CONFIG.SYS
2007-07-08 15:54 0 --a------ C:\AUTOEXEC.BAT
2007-07-08 15:54 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-08 15:53 8738 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-07-08 15:52 --------- d-------- C:\Program Files\Online Services
2007-07-08 15:51 --------- d-------- C:\Program Files\Movie Maker
2007-07-08 15:50 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-07-08 15:48 --------- d--h----- C:\Program Files\WindowsUpdate
2007-07-08 15:48 --------- d-------- C:\Program Files\Windows NT
2007-07-08 15:48 --------- d-------- C:\Program Files\Messenger
2007-07-08 10:40 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-08 10:40 --------- d-------- C:\Program Files\Common Files\ODBC

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

---- Directory of C:\WINDOWS\system32\tempchk ----

2007-07-18 08:50 398136 --a------ C:\WINDOWS\system32\tempchk\w86.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 16:16]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-27 13:54]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

S3 QV2KUX;Casio Digital Camera;C:\WINDOWS\System32\DRIVERS\qv2kux.sys

*Newly Created Service* - CATCHME

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 12:36:22
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 12:37:14
C:\ComboFix-quarantined-files.txt ... 2007-08-12 12:37
C:\ComboFix2.txt ... 2007-08-12 10:00

--- E O F ---

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, August 12, 2007 1:20:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 12/08/2007
Kaspersky Anti-Virus database records: 379021
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 17190
Number of viruses found: 10
Number of infected objects: 37
Number of suspicious objects: 0
Duration of the scan process: 00:23:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Doug Barnes\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe/data0006 Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe/data0007 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe/data0008 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe/data0009/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe/data0009/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe/data0009 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip ZIP: infected - 7 skipped
C:\Documents and Settings\Doug Barnes\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Doug Barnes\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Doug Barnes\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Doug Barnes\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Doug Barnes\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Doug Barnes\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\4L0JU9SZ\83122[1].exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\4L0JU9SZ\83122[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ODQ5G3EF\tk58[1].exe Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\svhost\wr-1-0000077.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\QooBox\Quarantine\C\WINDOWS\svhost.exe.vir Infected: Trojan-Proxy.Win32.VB.x skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\configs\w9b.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dwdsrngt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\f10WtR\f10WtR1099.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lwinqmdt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\win\w7q.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP36\A0001981.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP36\A0001995.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP36\A0002003.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP37\A0002054.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP37\A0002061.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002100.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002101.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002102.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002105.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002106.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002108.exe Infected: Trojan-Proxy.Win32.VB.x skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002110.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002111.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP39\A0002213.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP39\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\tempchk\w86.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\WINDOWS\system32\tempchk\w86.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\WINDOWS\system32\tempchk\w86.exe RarSFX: infected - 2 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

Scan process completed.

08-12-2007, 12:22 PM	#5 (permalink)
silverado1981 Registered User Join Date: Aug 2007 Posts: 5 OS: xp	Re: please help with my log file ComboFix 07-08-12.5 - "Doug Barnes" 2007-08-12 12:35:04.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.291 [GMT -5:00] Command switches used :: C:\Documents and Settings\Doug Barnes\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\lwinqmdt.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\hosy22011.exe C:\Temp\bass.exe C:\WINDOWS\system32\lwinqmdt.exe ((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 ))))))))))))))))))))))))))))))) 2007-08-12 09:54 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-11 16:37 812,344 --a------ C:\Program Files\HJTInstall.exe 2007-08-11 16:37 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-11 11:50 786,432 --ah----- C:\DOCUME~1\Home\NTUSER.DAT 2007-08-11 11:03 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-11 11:03 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-11 11:03 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-11 11:03 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-08-11 11:03 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-11 11:03 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-08-11 11:03 <DIR> d-------- C:\DOCUME~1\DOUGBA~1\APPLIC~1\PC Tools 2007-08-11 11:02 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-11 11:02 27,383,448 --a------ C:\Program Files\spyware remover.exe 2007-08-11 09:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-08-11 09:58 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-08-11 09:58 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-08-11 09:58 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-08-11 09:05 <DIR> d-------- C:\WINDOWS\system32\tempchk 2007-08-11 09:04 <DIR> d-------- C:\Temp (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-11 21:39 --------- d-------- C:\Program Files\MSN Gaming Zone 2007-08-11 11:25 --------- d-------- C:\DOCUME~1\DOUGBA~1\APPLIC~1\GRLevel3 2007-07-09 18:44 2370 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin 2007-07-08 17:30 --------- d-------- C:\Program Files\GRLevelX 2007-07-08 17:04 --------- d-------- C:\Program Files\InstallShield Installation Information 2007-07-08 17:04 --------- d-------- C:\Program Files\Canon 2007-07-08 17:01 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-08 16:55 --------- d-------- C:\Program Files\KODAK 2007-07-08 16:54 --------- d-------- C:\Program Files\CASIO 2007-07-08 16:38 315624 --a------ C:\dxwebsetup.exe 2007-07-08 16:29 6320173 --a------ C:\grlevel3_setup.exe 2007-07-08 15:54 0 -rahs---- C:\MSDOS.SYS 2007-07-08 15:54 0 -rahs---- C:\IO.SYS 2007-07-08 15:54 0 --a------ C:\CONFIG.SYS 2007-07-08 15:54 0 --a------ C:\AUTOEXEC.BAT 2007-07-08 15:54 --------- d-------- C:\Program Files\microsoft frontpage 2007-07-08 15:53 8738 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin 2007-07-08 15:52 --------- d-------- C:\Program Files\Online Services 2007-07-08 15:51 --------- d-------- C:\Program Files\Movie Maker 2007-07-08 15:50 --------- d-------- C:\Program Files\Common Files\MSSoap 2007-07-08 15:48 --------- d--h----- C:\Program Files\WindowsUpdate 2007-07-08 15:48 --------- d-------- C:\Program Files\Windows NT 2007-07-08 15:48 --------- d-------- C:\Program Files\Messenger 2007-07-08 10:40 --------- d-------- C:\Program Files\Common Files\SpeechEngines 2007-07-08 10:40 --------- d-------- C:\Program Files\Common Files\ODBC (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ---- Directory of C:\WINDOWS\system32\tempchk ---- 2007-07-18 08:50 398136 --a------ C:\WINDOWS\system32\tempchk\w86.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 16:16] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-27 13:54] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" S3 QV2KUX;Casio Digital Camera;C:\WINDOWS\System32\DRIVERS\qv2kux.sys Newly Created Service - CATCHME ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-12 12:36:22 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-12 12:37:14 C:\ComboFix-quarantined-files.txt ... 2007-08-12 12:37 C:\ComboFix2.txt ... 2007-08-12 10:00 --- E O F --- ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, August 12, 2007 1:20:07 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 12/08/2007 Kaspersky Anti-Virus database records: 379021 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ Scan Statistics: Total number of scanned objects: 17190 Number of viruses found: 10 Number of infected objects: 37 Number of suspicious objects: 0 Duration of the scan process: 00:23:47 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Doug Barnes\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe/data0006 Infected: Trojan-Downloader.Win32.Small.eqn skipped C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe/data0007 Infected: not-a-virus:AdWare.Win32.Agent.co skipped C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe/data0008 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe/data0009/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe/data0009/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe/data0009 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip/bass.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\Documents and Settings\Doug Barnes\Desktop\[4]-Submit_2007-08-12_123500.54.zip ZIP: infected - 7 skipped C:\Documents and Settings\Doug Barnes\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Doug Barnes\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Doug Barnes\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Doug Barnes\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Doug Barnes\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Doug Barnes\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\4L0JU9SZ\83122[1].exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\4L0JU9SZ\83122[1].exe NSIS: infected - 1 skipped C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\ODQ5G3EF\tk58[1].exe Infected: Trojan.Win32.BHO.ab skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\QooBox\Quarantine\C\Program Files\svhost\wr-1-0000077.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped C:\QooBox\Quarantine\C\WINDOWS\svhost.exe.vir Infected: Trojan-Proxy.Win32.VB.x skipped C:\QooBox\Quarantine\C\WINDOWS\system32\configs\w9b.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.co skipped C:\QooBox\Quarantine\C\WINDOWS\system32\dwdsrngt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped C:\QooBox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\f10WtR\f10WtR1099.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\lwinqmdt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped C:\QooBox\Quarantine\C\WINDOWS\system32\win\w7q.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP36\A0001981.exe Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP36\A0001995.exe Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP36\A0002003.exe Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP37\A0002054.exe Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP37\A0002061.exe Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002100.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002101.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002102.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002105.exe Infected: Trojan-Downloader.Win32.VB.awj skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002106.exe Infected: Trojan-Downloader.Win32.VB.awj skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002108.exe Infected: Trojan-Proxy.Win32.VB.x skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002110.exe Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP38\A0002111.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP39\A0002213.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped C:\System Volume Information\_restore{B39A3E4B-DCE8-4F05-84C7-9570855A05A6}\RP39\change.log Object is locked skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\WINDOWS\system32\tempchk\w86.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\WINDOWS\system32\tempchk\w86.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped C:\WINDOWS\system32\tempchk\w86.exe RarSFX: infected - 2 skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped Scan process completed.