Tech Support Forum - View Single Post

ghsu · 07-04-2007, 12:51 PM

ComboFix Log:

"Owner" - 2007-07-04 11:11:33 - ComboFix 07-07-04.4 - Service Pack 2
Command switches used :: C:\Documents and Settings\Owner\Desktop\misc\ComboFix-Do.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\Owner\APPLIC~1.\addon.dat
C:\Program Files\Windows NT\hoqexigiq83122.dll
C:\temp\iee
C:\temp\iee\tmpZTF.log

((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))

2007-07-03 19:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-03 19:38 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-03 19:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-02 21:09 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-02 19:32 <DIR> d-------- C:\VundoFix Backups
2007-07-01 23:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-01 22:40 786,432 --ah----- C:\DOCUME~1\ADMINI~1.GEO\NTUSER.DAT
2007-07-01 22:40 <DIR> d---s---- C:\DOCUME~1\ADMINI~1.GEO\UserData
2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\WINDOWS
2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\VERITAS
2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\Symantec
2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\SampleView
2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\Real
2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\Leadertech
2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\InterTrust
2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\GlobalSCAPE
2007-07-01 22:05 234,718 --a------ C:\Temp\aZ001.exe
2007-07-01 13:40 <DIR> d-------- C:\WINDOWS\system32\CO
2007-07-01 13:40 <DIR> d-------- C:\WINDOWS\system32\CG
2007-07-01 13:10 <DIR> d-------- C:\WINDOWS\LG_Inno
2007-06-30 09:44 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-06-30 09:38 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-30 09:37 <DIR> d-------- C:\Program Files\MSBuild
2007-06-30 09:09 <DIR> dr-h----- C:\MSOCache
2007-06-27 16:23 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-06-27 16:23 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 18:43:49 -------- d-----w C:\Program Files\Windows NT
2007-07-04 02:28:25 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-04 02:08:16 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-07-01 23:57:38 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-01 01:56:51 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-30 16:05:44 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-06-30 04:01:17 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\dvdcss
2007-06-28 07:00:13 -------- d-----w C:\Program Files\NetAnts
2007-06-06 21:04:09 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-10 19:37:22 55,344 -c--a-w C:\DOCUME~1\Owner\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-07 14:40:13 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\FALCOM
2007-05-06 16:39:46 -------- d-----w C:\Program Files\DAEMON Tools
2007-05-06 16:34:57 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-05 17:50:06 -------- d-----w C:\Program Files\BFG
2007-05-02 01:00:02 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-07 06:22:49 65,536 ----a-w C:\WINDOWS\IFinst27.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2002-11-15 08:09 112248 --a------ c:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 08:01]
"nwiz"="nwiz.exe" [2002-12-12 03:00 C:\WINDOWS\system32\nwiz.exe]
"NAV CfgWiz"="c:\PROGRA~1\NORTON~1\Cfgwiz.exe" [2002-11-15 08:08]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-11-15 03:29]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-15 03:29]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:40]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:40]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:40]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 15:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480

Contents of the 'Scheduled Tasks' folder
2007-07-04 07:27:03 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-04 11:45:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-04 11:47:05
C:\ComboFix-quarantined-files.txt ... 2007-07-04 11:46
C:\ComboFix2.txt ... 2007-07-03 19:32
C:\ComboFix3.txt ... 2007-07-02 19:17

--- E O F ---

07-04-2007, 12:51 PM	#7 (permalink)
ghsu Registered User Join Date: Jul 2007 Posts: 6 OS: XP SP2	Re: Please help me... Comp infected ComboFix Log: "Owner" - 2007-07-04 11:11:33 - ComboFix 07-07-04.4 - Service Pack 2 Command switches used :: C:\Documents and Settings\Owner\Desktop\misc\ComboFix-Do.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor C:\DOCUME~1\Owner\APPLIC~1.\addon.dat C:\Program Files\Windows NT\hoqexigiq83122.dll C:\temp\iee C:\temp\iee\tmpZTF.log ((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 ))))))))))))))))))))))))))))))) 2007-07-03 19:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-07-03 19:38 <DIR> d-------- C:\WINDOWS\LastGood 2007-07-03 19:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-07-02 21:09 <DIR> d-------- C:\WINDOWS\Prefetch 2007-07-02 19:32 <DIR> d-------- C:\VundoFix Backups 2007-07-01 23:29 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-01 22:40 786,432 --ah----- C:\DOCUME~1\ADMINI~1.GEO\NTUSER.DAT 2007-07-01 22:40 <DIR> d---s---- C:\DOCUME~1\ADMINI~1.GEO\UserData 2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\WINDOWS 2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\VERITAS 2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\Symantec 2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\SampleView 2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\Real 2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\Leadertech 2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\InterTrust 2007-07-01 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1.GEO\APPLIC~1\GlobalSCAPE 2007-07-01 22:05 234,718 --a------ C:\Temp\aZ001.exe 2007-07-01 13:40 <DIR> d-------- C:\WINDOWS\system32\CO 2007-07-01 13:40 <DIR> d-------- C:\WINDOWS\system32\CG 2007-07-01 13:10 <DIR> d-------- C:\WINDOWS\LG_Inno 2007-06-30 09:44 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-06-30 09:38 <DIR> d-------- C:\Program Files\Microsoft Works 2007-06-30 09:37 <DIR> d-------- C:\Program Files\MSBuild 2007-06-30 09:09 <DIR> dr-h----- C:\MSOCache 2007-06-27 16:23 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-06-27 16:23 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-04 18:43:49 -------- d-----w C:\Program Files\Windows NT 2007-07-04 02:28:25 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-07-04 02:08:16 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\uTorrent 2007-07-01 23:57:38 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-01 01:56:51 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-06-30 16:05:44 -------- d-----w C:\Program Files\Microsoft ActiveSync 2007-06-30 04:01:17 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\dvdcss 2007-06-28 07:00:13 -------- d-----w C:\Program Files\NetAnts 2007-06-06 21:04:09 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-05-10 19:37:22 55,344 -c--a-w C:\DOCUME~1\Owner\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-05-07 14:40:13 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\FALCOM 2007-05-06 16:39:46 -------- d-----w C:\Program Files\DAEMON Tools 2007-05-06 16:34:57 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-05-05 17:50:06 -------- d-----w C:\Program Files\BFG 2007-05-02 01:00:02 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-04-07 06:22:49 65,536 ----a-w C:\WINDOWS\IFinst27.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] 2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}] 2002-11-15 08:09 112248 --a------ c:\Program Files\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56] "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 08:01] "nwiz"="nwiz.exe" [2002-12-12 03:00 C:\WINDOWS\system32\nwiz.exe] "NAV CfgWiz"="c:\PROGRA~1\NORTON~1\Cfgwiz.exe" [2002-11-15 08:08] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-11-15 03:29] "ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-15 03:29] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:40] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 17:40] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 17:40] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll,nViewLoadHook" [] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 15:29] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\Info.exe folder.htt 480 480 Contents of the 'Scheduled Tasks' folder 2007-07-04 07:27:03 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************ catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-04 11:45:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ Completion time: 2007-07-04 11:47:05 C:\ComboFix-quarantined-files.txt ... 2007-07-04 11:46 C:\ComboFix2.txt ... 2007-07-03 19:32 C:\ComboFix3.txt ... 2007-07-02 19:17 --- E O F ---