1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

can someone look at this combo fix log and help me please!

Discussion in 'Virus & Other Malware Removal' started by memphisdank, Sep 25, 2007.

Thread Status:
Not open for further replies.
  1. memphisdank

    memphisdank Thread Starter

    Joined:
    Sep 8, 2007
    Messages:
    4
    ComboFix 07-09-26 - JR 2007-09-25 18:31:25.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.229 [GMT -5:00]
    Running from: C:\Documents and Settings\JR\Local Settings\Temporary Internet Files\Content.IE5\5ZOE4KGO\ComboFix[1].exe
    * Created a new restore point
    .
    ADS - svchost.exe: deleted 68 bytes in 1 streams.

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\winupdate
    C:\WINDOWS\gimmygames91.dat
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\winsysupd91.dat

    .
    ((((((((((((((((((((((((( Files Created from 2007-08-25 to 2007-09-25 )))))))))))))))))))))))))))))))
    .

    2007-09-25 18:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-19 22:11 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
    2007-09-19 22:11 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
    2007-09-11 23:58 <DIR> d----c--- C:\spoolerlogs
    2007-09-08 19:22 <DIR> d-------- C:\Program Files\XoftSpySE
    2007-09-08 18:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-09-08 18:42 <DIR> d-------- C:\Documents and Settings\JR\Application Data\SUPERAntiSpyware.com
    2007-09-08 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-09-08 18:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-09-08 18:12 <DIR> d-------- C:\Program Files\Trend Micro
    2007-09-08 01:00 <DIR> d-------- C:\Documents and Settings\JR\Application Data\SiteAdvisor
    2007-09-01 23:56 <DIR> d-------- C:\Documents and Settings\JR\Application Data\McAfee
    2007-09-01 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-09-01 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-09-01 17:06 <DIR> d-------- C:\Program Files\support.com
    2007-09-01 17:06 <DIR> d-------- C:\Program Files\Common Files\SupportSoft

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-19 22:10 --------- d-------- C:\Program Files\Ahead
    2007-09-14 04:44 --------- d-------- C:\Program Files\LimeWire
    2007-09-02 02:25 --------- d-------- C:\Documents and Settings\JR\Application Data\film hole heck
    2007-09-02 01:35 --------- d-------- C:\Documents and Settings\All Users\Application Data\FragBlahVgaSupport
    2007-09-02 00:54 87608 --a--c--- C:\Documents and Settings\JR\Application Data\ezpinst.exe
    2007-09-02 00:54 47360 --a--c--- C:\Documents and Settings\JR\Application Data\pcouffin.sys
    2007-09-02 00:54 --------- d-------- C:\Documents and Settings\JR\Application Data\Vso
    2007-08-12 21:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-12 21:12 --------- d-------- C:\Program Files\EA GAMES
    2007-08-12 16:41 --------- d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-08-11 17:49 --------- d-------- C:\Program Files\VstPlugins
    2007-08-11 17:49 --------- d-------- C:\Program Files\Common Files\Ahead
    2007-08-09 20:18 --------- d-------- C:\Program Files\VR Sports
    2007-08-08 22:53 --------- d-------- C:\Program Files\main
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 04:00]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 15:22]
    "USRpdA"="C:\WINDOWS\SYSTEM32\USRmlnkA.exe" [2001-08-18 01:37]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
    "flag default"="C:\DOCUME~1\JR\APPLIC~1\FILMHO~1\Liesblue.exe" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\084c0f6g.dll]
    RUNDLL32.EXE 084c0f6g.dll,b 136095

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\103]
    "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo PopUpBlocker]
    C:\PROGRA~1\DEFEND~1\DEFEND~3\PopUpKiller.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU1]
    C:\Program Files\Common Files\VCClient\VCClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU2]
    C:\Program Files\Common Files\VCClient\VCMain.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DefenderProAutoRun]
    "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPASUpdate]
    "C:\Program Files\DefenderPro AntiSpy\DPASAutoUpdate.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gimmygames]
    C:\\gimmygames9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imtpazaA]
    C:\WINDOWS\imtpazaA.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]
    "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\MSMSGS.EXE" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\riiw]
    C:\PROGRA~1\COMMON~1\riiw\riiwm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\services32]
    C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
    C:\WINDOWS\SYSC00.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlog]
    winlog.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
    C:\WINDOWS\System32\kwaywi.exe reg_run

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsysban]
    C:\windows\winsysban9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsysupd]
    C:\windows\winsysupd9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
    C:\Program Files\winupdates\winupdates.exe /auto

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xload]
    "C:\WINDOWS\xload.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Windows Overlay Components"=2 (0x2)
    "NVSvc"=2 (0x2)
    "kavsvc"=2 (0x2)

    R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
    S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
    S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-25 23:00:00 C:\WINDOWS\Tasks\AAA9AB5199922705.job"
    - c:\docume~1\jr\applic~1\filmho~1\Thunkitchfirst.exe
    "2007-09-25 22:00:00 C:\WINDOWS\Tasks\XoftSpySE 2.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    "2007-09-25 19:02:24 C:\WINDOWS\Tasks\XoftSpySE.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-26 18:36:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-26 18:39:15 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-26 18:38
    .
    --- E O F ---
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - someone combo help
  1. Evenheizer
    Replies:
    0
    Views:
    355
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/629157

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice